a9ad141dbfd79c2411bd99d1da466c369ac09ed5c6f179c63b15132e837167e5

Analysis

max time kernel
1014s
max time network
1017s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
14-11-2024 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

astronomity - pass 1.rar
Size

20.2MB
MD5

44a5afb8c9a3434f5737993fa0feeebf
SHA1

021fa6d3aa155bd24445b303c8fd54dfa580e857
SHA256

a9ad141dbfd79c2411bd99d1da466c369ac09ed5c6f179c63b15132e837167e5
SHA512

ae2387956647a173ee2f07c3f95d6777a162cf3bf32c8e429464929248246bbe7392a77d02629850ccd6c735630eafc0d9dfdb409b3958e19c08a63d36e8cd69
SSDEEP

393216:/haU4FEKpD6bT2iRtf6RL2o8j0UPREjmdmqs53WTFQu44faLPQ2iivjTbwlpgpNW:/hAFEKWbT2iraMFREjR536QujCQ26gpw

Score

8^/10

microsoft steam defense_evasion discovery persistence phishing privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: sdfsdfsafkjykehyirhiehumnrfzwzesfzezeszjhefjhzefjuzesf@outlook.com
phishing
A potential corporate email address has been identified in the URL: usersOID00037fff8af871ee0000000000000000@84df9e7fe9f640afb435aaaaaaaaaaaa
phishing
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 5 IoCs

pid	Process
3900	injector.exe
5076	npp.8.7.1.Installer.x64.exe
5256	notepad++.exe
5876	gup.exe
1776	injector.exe

Loads dropped DLL 17 IoCs

pid	Process
5076	npp.8.7.1.Installer.x64.exe
5076	npp.8.7.1.Installer.x64.exe
5076	npp.8.7.1.Installer.x64.exe
5076	npp.8.7.1.Installer.x64.exe
5076	npp.8.7.1.Installer.x64.exe
5076	npp.8.7.1.Installer.x64.exe
488	regsvr32.exe
2296	regsvr32.exe
3348	Process not Found
5460	Process not Found
5876	gup.exe
5256	notepad++.exe
5256	notepad++.exe
5256	notepad++.exe
5256	notepad++.exe
5256	notepad++.exe
5256	notepad++.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Detected potential entity reuse from brand STEAM.
phishing steam

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Notepad++\functionList\typescript.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\themes\HotFudgeSundae.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\cs.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dll	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\batch.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\coffee.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\cobol.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\cpp.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\bash.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\updater\libcurl.dll	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\themes\DarkModeDefault.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\contextMenu\NppShell.msix	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\perl.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\cobol-free.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\autoit.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\hollywood.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\nppexec.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\updater\LICENSE	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\themes\Deep Black.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\lua.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\sinumerik.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\xml.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\langs.model.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\themes\Twilight.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\sql.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\toml.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\tex.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\localization\english.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\fortran.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\ada.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\updater\updater.ico	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\themes\Monokai.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\baanc.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\lisp.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\cobol.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\java.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\inno.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\fortran77.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\plugins\NppExport\NppExport.dll	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\updater\gup.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\html.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\themes\Hello Kitty.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\xml.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\autoit.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\javascript.js.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\themes\Vibrant Ink.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\actionscript.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\batch.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\raku.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\python.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\ini.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\themes\Bespin.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\vb.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\typescript.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\readme.txt	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\themes\Plastic Code Wrap.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\autoCompletion\javascript.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\themes\DansLeRuSH-Dark.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\universe_basic.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\nppLogNulContentCorruptionIssue.xml	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\LICENSE	npp.8.7.1.Installer.x64.exe
File created	C:\Program Files\Notepad++\functionList\php.xml	npp.8.7.1.Installer.x64.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	npp.8.7.1.Installer.x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 60 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ANotepad++64\ = "Notepad++ Context menu"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ANotepad++64\NeverDefault	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot = "2"	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2499603254-3415597248-1508446358-1000\{82F801B4-9CB7-4AC4-B5F2-D71B95BB4FEB}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ANotepad++64\ExplorerCommandHandler = "{B298D29A-A6ED-11DE-BA8C-A68E55D89593}"	regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InProcServer32\ = "C:\\Program Files\\Notepad++\\contextMenu\\NppShell.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 8c0031000000000047595065110050524f4752417e310000740009000400efbec55259616e591ca82e0000003f0000000000010000000000000000004a0000000000bbbcd900500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 19002f433a5c000000000000000000000000000000000000000000	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\*\shell\ANotepad++64	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\ = "notepad++"	regsvr32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 276272.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3452	Winword.exe
3452	Winword.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

pid	Process
3900	injector.exe
3900	injector.exe
3900	injector.exe
3900	injector.exe
2916	msedge.exe
2916	msedge.exe
2540	msedge.exe
2540	msedge.exe
3392	msedge.exe
3392	msedge.exe
2760	identity_helper.exe
2760	identity_helper.exe
2180	msedge.exe
124	msedge.exe
124	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
1460	msedge.exe
4592	msedge.exe
4592	msedge.exe
1832	msedge.exe
1832	msedge.exe
1900	msedge.exe
1900	msedge.exe
1780	identity_helper.exe
1780	identity_helper.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
1112	msedge.exe
1112	msedge.exe
1776	injector.exe
1776	injector.exe
1776	injector.exe
1776	injector.exe
4076	msedge.exe
4076	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
2472	7zFM.exe
996	OpenWith.exe
224	OpenWith.exe
1216	OpenWith.exe
5256	notepad++.exe
4892	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2472	7zFM.exe
Token: 35	2472	7zFM.exe
Token: SeSecurityPrivilege	2472	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2472	7zFM.exe
2472	7zFM.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe

Suspicious use of SendNotifyMessage 38 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4592	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
996	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
224	OpenWith.exe
3452	Winword.exe
3452	Winword.exe
3452	Winword.exe
3452	Winword.exe
3452	Winword.exe
3452	Winword.exe
3452	Winword.exe
3452	Winword.exe
3452	Winword.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
3568	MiniSearchHost.exe
5076	npp.8.7.1.Installer.x64.exe
1216	OpenWith.exe
1216	OpenWith.exe
5876	gup.exe
5256	notepad++.exe
5256	notepad++.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 4748	3900	injector.exe	85
PID 3900 wrote to memory of 4748	3900	injector.exe	85
PID 2540 wrote to memory of 4656	2540	msedge.exe	88
PID 2540 wrote to memory of 4656	2540	msedge.exe	88
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 5068	2540	msedge.exe	89
PID 2540 wrote to memory of 2916	2540	msedge.exe	90
PID 2540 wrote to memory of 2916	2540	msedge.exe	90
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91
PID 2540 wrote to memory of 3444	2540	msedge.exe	91

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\astronomity - pass 1.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2472

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3460

C:\Users\Admin\Desktop\virus\injector.exe
"C:\Users\Admin\Desktop\virus\injector.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start steam://rungameid/2524890
  2⤵
  - Modifies registry class
  PID:4748

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8536d3cb8,0x7ff8536d3cc8,0x7ff8536d3cd8
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7032 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7280 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7524 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1240 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
  2⤵
  PID:1196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:72

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:224
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Desktop\virus\astronomity.dll"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:3452

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4900

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:704

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8536d3cb8,0x7ff8536d3cc8,0x7ff8536d3cd8
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4944 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7256 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7048 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1112
- C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe
  "C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5076
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:488
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
      4⤵
      Loads dropped DLL
      Modifies registry class
      PID:2296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4524

C:\Program Files\Notepad++\notepad++.exe
"C:\Program Files\Notepad++\notepad++.exe" "C:\Users\Admin\Desktop\virus\astronomity.dll"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5256
- C:\Program Files\Notepad++\updater\gup.exe
  "C:\Program Files\Notepad++\updater\gup.exe" -v8.71 -px64
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:5876

C:\Users\Admin\Desktop\virus\injector.exe
"C:\Users\Admin\Desktop\virus\injector.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start steam://rungameid/2524890
  2⤵
  - Modifies registry class
  PID:3812

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0xdc,0x7ff8536d3cb8,0x7ff8536d3cc8,0x7ff8536d3cd8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:3804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
95aaba557b2990dd9d7ef3898d58c341

SHA1
7e08d817aa2ca9ba2d7d0d8c7b1b7b755e4adf9f

SHA256
87c53752f944f0112fc1004cf64fdee58895d77e748dbb8b1c0483ad0dda6256

SHA512
019d29fa079240c2923c52d967c289e3c56d4a735a5685de96af0936315c1b89b866b942c7cdaa2f803ba830a6eac63895339b73bb30fc0a28facf9d706507cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e99a20207c0ccc5d376e86917e1cb0c8

SHA1
115dbb4164ba311da156afe9039f152ac2408a84

SHA256
b6a20daa6e149a965f34ba7a339cb3fca95ba0c1cc51903efd9b2697d75782db

SHA512
4f0817f7e16edc01b4a41c5dca6ddc0827c781bebf5e47c2d40aebe3659f59c81bebfda5fe002e63e02dd233d6877440fbf202e00f56cd493eeafa605581724d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e345ab72210d1d9e0f10226a8834d8c9

SHA1
2643fe83f1d901689adf56e530c2ebdf35add7d0

SHA256
b64a2658c66bcd0f82904213a629c65643b573ba82ef1bee74c5e88139943d72

SHA512
acabb6f82058a268dc038ea121b955c38070ea0723e10a42586464ae5dc61602f7a7c74041dcc06e6efa2314fef0b1e15b428792fcc6875212f7b4443e777f83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3611f025-21f0-4bbd-b1cf-18882216e7e3.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
99KB

MD5
1d95e2bf44ebb318972a0be7f62c2e4f

SHA1
0a2adf6949449c7e5a35b8618365db84fb822f49

SHA256
d67b3a4ee9bef0835d20d36f3b16e0a332200b8fa88646db78cf8290ccbf24e6

SHA512
00c42870eba476ebbf28ff8978c1db3e957759599fac1a681784736d848bd98cf1d7b7910ce2f1d43b4dcb94504255963ebb762a43790edad19fbb48269fe313

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
301KB

MD5
1a522bfc60754c8486931680d71d4fcf

SHA1
fa4876d919c3bb329b1aea942ed1bb0a6b28c23d

SHA256
354c6c445fcf51eaf0711b2b75da027164476590e4c66807711b2e3094183345

SHA512
b9acdf419f22f6a899ffc7d8da3b89eb62e1a1c87e033248e916874130bc71ba964a46d2f22894421ddcad4fb355d34dcee54dfdd6f35529a4caf06a7e91ddad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096

Filesize
63KB

MD5
12b32a7e703b676450b881aeca27c6a0

SHA1
2a9f6483f3a755ece27b43ca4de251f3fb273493

SHA256
e1a3966188de01b65a3f7ae4edcc4f14d6d4852fdf35250ec4982f3eda135b6e

SHA512
069323fa959490d6e385053a003af4ab07536cb2894e1d86f2ea3c5729893a125a98157b6ddc69f8ac72ffcfbb278f7b8626bf55fe0f1dc0b644ec68584d3a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba

Filesize
55KB

MD5
cf87ff89a0ed4bd02ee718d7b741b0a3

SHA1
661da62c1f32cdff6656c6e281396897b6c19989

SHA256
8c4d6ff07c896d74eb4e04275ea9a0b1a9ecb5d556a75b4b067456b69239add6

SHA512
764fb8a955682ccc4f93892fb185a1bd3098178c348ebe819c6b9372e6ae5ba6819cc4cea1190c3f4949c95ccf3da73ac50d33b61f1d84767878dfadf2ad3802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010c

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000128

Filesize
20KB

MD5
0d7efacbf81f99f9b3b82ac627cc34cc

SHA1
54ba921739b19ff14708d61bf424e4713a51cce8

SHA256
ee19dc2db1f7d41b35f1a8bd976f452d5fd58012d0eff83c53fb835a4ffd8764

SHA512
cf8b4b0f8f586c1ac11d220b4033f91a3a98f167110bae904947407a8b4896afe18bef08871d09f6a2634d58a7118345e90a358b386d889f83abb246d8b6e44a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
12KB

MD5
1124dbc89269ecf12ef7cda1eb53e12c

SHA1
f83e974cb6fe8ad3cf7844ec12b54e14a5f71867

SHA256
8bd2dfdb8bf2dc00c54dbe60e8851782b55eaedc3457645d083779548317aa07

SHA512
b8a2304f1402575b7f5de5d803126d871b6dc79129ae98b93b58959e296c8de8fb5b7cc0f183c8bcccc5dfd8b8d687ddafd242082192e9606628364b14fc04fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
13KB

MD5
a21149fe04e28a10f8fee338c95c999e

SHA1
7c1366cfe277d481623507874476f05572ddc12e

SHA256
7ca4676333587daacfbb5ec1559fc3c53083ee770cf908d5aa618886900e977c

SHA512
85caad7eab3350f11928c36fb25ad9301c2a6ac4e6e3f81ed8707340815efa24f0af3ae15131cbb852dc3e0fb090af38c0da7f371a1782a6e289af943d064a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
9904fbdf599f8b5a9291c7253967ccea

SHA1
18e320909eebba1920f1462e991e482db64f6684

SHA256
b7f2dad8c28dab964e3155e2ec5f59911c4afb447a5910fda438ebd4a72be68e

SHA512
d308a340f2b8e9b6e2ef8585625b378cdb9ba7ee03163572922f6db078d1210280c376749ceb215629b7798074f56bc1b4b1ae3fd6020b5674489d34a5ac50c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
a0c2e798af38a07e0158beb3d18ae1a6

SHA1
8570eb51fe574bca339051793a9a74f1a0542fbb

SHA256
5375dfc7cf2076c8e5e6a52ffdc77c8121bc26b09cbf8b3e784935cf3837ee20

SHA512
51bfc403f4750d1647b8e9cdb2c10d91746c929f8e79ed4d76416f8f0c59073170d95f73015cf938832131a3fcb8ae9f4b0607921c15d81b6da450288fc8a4ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
738ab4769a4fec01669ec020b98639fc

SHA1
7081cf91aedf7eded6a21b620a145567cec3e529

SHA256
7090e4a527ecfdcfd5641a9bf34e2996636fcfae8c48ae90d782835ea13400f5

SHA512
3d611f46941bc2b1773c791dd968d6e788ce733fec52d389c27d15af069fc8d20f2ea4cf83fd0107681c5ec43c1ad92bfebb83e3e8fa85d405f2190485983ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
5a3f5e994bbaac1ab2823e7e12b41262

SHA1
b6cb5d56cadbf3f46f1293e53fb0ebf3b09652f0

SHA256
9afa52978c429af8482a86d1740f03fe2bd1ed85bdad85888e5a4c23a33265b1

SHA512
a5185dc00a0ed5c52e43ce4dc1e69881a576d9110fd0d422edd4b999859adf826ac562baa465b03ea5780f5820ca849194b3b756da72559e0b0fcb4c08428488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ddf4fcc591f220abf8d95eb3b2e0de8b

SHA1
48a218cdf45ea12593ae2721f8f41eadc5d51ad7

SHA256
9285bb83e7641b5a4c6e9fe572231618bbf06aabc5cb7e49956d5871fd54f3a7

SHA512
83ddf7b606d40244c1d0021861b2fcaa1c600260f9238f8d01b10f143a435b2bcc8ec4041541d3d6e80b2f7eafabd067ae980c9ffbca24458bc5442f5bbd24a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
df395dd2c907dd1696139072d6da372a

SHA1
0b8785e5766acb8d7f97ee5425086687b54c803e

SHA256
aae2b4e7b66f813d3b27ac562d249816fcc7511ad6843010f5978193928402c8

SHA512
b3b42a57870c88e586525550b2a1b40925029edc928e753da97a8a8c6d8c1d7f7f707521a89d6c8f725dfe5999f742b92fab3144dfc4af094ad8003715fb4084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
12KB

MD5
46f193cdaf89b9cb5e991a4a2e271575

SHA1
4d254436b51e4ea28b3727538c019785e8505e95

SHA256
9849240c50f511a28e9580be8e86f5b70b4897f93ea387c285aa524474d87abe

SHA512
e47af456946a34c0cf356ea02f8b4ad9af3cffa0bd54a21636f0b2ed1e1a9a29ad046f2cb5145c3cac21ef8484264887eed27478ddf06a99e91ebac2ee6ef88f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
60KB

MD5
c9564f4bb140b80a24cff33be5ff7a9c

SHA1
d8a33b4c456fbb27747c968c6aa5af8da7f824a7

SHA256
5042eb3591a1a2c4e0330259e08fb3434faffe69ad7cbf4b704ab71f92da0c3c

SHA512
8b2662fe5ce03a56fbdf9871f5e93faa07750b929c4786cc38f4436d861c7b3fdf05d202532b104d451ce7848dc530b34296917d38f12478ccca0636d9c1ffab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
148KB

MD5
043c32c36d6f1b763591f4bb5a1bca47

SHA1
5e33f4b3fa2c9d09aad4874b7aea0ebad185c95c

SHA256
5a349c6e2840e53c1fcf94e5fbb1eca3d427b59f4b1e2f694085f722071664b9

SHA512
c736bd0024e87f3832ebcfb648a5a6147b12247326296c96144f08aefbef3ca92e9edb088b8328f65853708adaeb63129e645ab2ba16c30b2dfd3a9f0dfad290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG

Filesize
1KB

MD5
a25ddfa21f7143fa72f57fd53ec85b64

SHA1
c301dda020163eef4733f91c29a0bb651c009c0a

SHA256
1034f0426fa0e7d5019232b003279dc140c2c5dfaf0abdfcbe008e979f90f554

SHA512
c098d083df2811bf6834d68668dc35494cb242ac43bf7bee43ed1ee11a8099618a97dc81760558b1399da6660fd76f628d33a9472fd99957b432966a36f499a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG.old

Filesize
1KB

MD5
f05661e84c345df413294b6d675b5340

SHA1
41393b1f881ecc39a8cf6f79ee75b7287345482f

SHA256
74b3d7f65b8fcf5d07b3c456c87fad21e5fbb52ef9102fa098137183e0841729

SHA512
da5e7dfda1b59d181b8872c6b246c79357631b3387e9e5363da7c3547fb19529c0429177cb418daa59acdcd4a767825c54acab73087a352363c357090fcb331a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Filesize
46KB

MD5
5a4482d990bc1ef2b352d0356e4a82c7

SHA1
61b6925753df399afdf7c99db981cfdd964a217c

SHA256
9d1677b02d76d6abe49048ef876da080ed22c198e63f813b36f3734ae0c1e7eb

SHA512
ce25c7d7228dd8b936aba2d6174e0aee526c9ec6a8f7b541b0ce9dcb09ee2dfa4a1b8d98e42cf00e77243161d9875cc35d137cfaa01ff775778a55168fc012f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c0442c24ee8cc5f28cf7198bb13fc69e

SHA1
345ff06c025bbeb4d613e03dd4241fc931d44ebe

SHA256
61455ec3370174cf9b498cea3a1bc0fe322af22fcc166c3888d096f7f6a54deb

SHA512
0f83a6fcf6ce0e6e9ccdd250e2132907626f015313024d996834a364d6e21a0af65ea0ca3aa27ffd02f7417565b9e1187cb2f1f6ec6da325dff92b78f73ac8e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
55e1d8ad7c03380630f70a876b315578

SHA1
2846c037272af8da108c3abd35e8fab8ba08a318

SHA256
5a986f39d2c39679d1ba0cb0a1163ae4f70333d433c37be98754750c23ddd1d8

SHA512
3dbed11216fbf9c609bc4a13a9d54c8e05f44c4a52aa67429a28b1d9f5ff969edb83801d4fd1de277831a1597557968faa9620c3c155d2c9dd091840fb9073c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
a0ab63cfe40b353cdc845674f7a58b8f

SHA1
3a68a7613c6adba40390790aa684e2d90cbcbaa7

SHA256
c73fff33d7bd59328b3bf0259b6fd7cc4f1ffa93d5412493d4d0019c1201b595

SHA512
4e75df9de217386ffe9c0bb8c18afae170fb236436bacdd9892bd3bf53b7a3ec0859fd4578844ca257b7bbcfc3bd6c652962fa8b732890d09bd40a2be470351d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
3d5e816eac9fcd746eb6cebc352c0c66

SHA1
3fd984d25e93d0c551728c6ce8bca5bf9e167053

SHA256
e97b8d7b5a4a929c82fa78e3f7393fc63cc8ee2fd08d43640ba39792cafd9d08

SHA512
56f46e168d7f41aed5ebae227d9f659e0a333e7b518382bb535c66eea3554f0c7f306561d8e45791d227bec794182fa18b335149d1b8a0d2abe79bc182b6dffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
1343c2a7e1e4df4f3fb7a1e259fcfd21

SHA1
8a02880d70bdc449eac5d839bb7628c84872aa6b

SHA256
edfcc168f10c7f0d545e62a213d9d32123d16605c2dd5fc6a9eae3008e3e787e

SHA512
03b701f3126ce938f7f89e7bd6a6887df837a0653337d7b9076c7ccb809c44abed4d53bba92a6289f15420e2836ba922ea683ea9100a5622182823b942fd8e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
181293f164861a4f4a8f98f862ec1a97

SHA1
938bdd9c4e0ba282f4b1c80d6320497cf965724a

SHA256
8842464fa63e66daa07b0bba042548cd5797cca9389c553f30cf1a247cbc5c4f

SHA512
0acc73e87fecb17c6b80b1ad506b6343cedddc14ce22651dc38d4f03addbbcff1e4d9a49f307087c9a730f84e2b0a895f9bd6d281bd0ca8cd77fd0f0cd914d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
2a57e825dadec9a9a0fe4a783aeca3bd

SHA1
5fff2321a8d5672d9f7e3a82887c4a746b7f7b7a

SHA256
68b48499a6f79e7a226cc563096528763084c81be60eff036579370bc18b4912

SHA512
7f316b6da7c78f84302025ea61df99167b230ad3c950013dfa4eeb6d1aaca0d108dfa1aa00fa4b0cb7b34f07e059fc6fae4e882302777e36f5f4a9e8dee2e808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
ab1f829df5c166aa7eea69fb751459fb

SHA1
90e773e8f12bfa3af8e3dce0d230b4f13b5fe62a

SHA256
25d5127fce162cf0bc3d4528f523cbb16fea293c28e66b9a4563cdd7af3a669c

SHA512
38bbb89ee4ae344012d6e018cd1a8e2a7e165343e32e881dd02678d20aee4980f1c8ea0da5fd2390574dcbbf66a268aa3df7be7034abd4c61cc481ef9718f3cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f9da14714cebb15bf70354d50bd2c24d

SHA1
50d18210b7534644ca4f5072707bbf79d92db4be

SHA256
32c1da16372cbe207fff4f6bb9c13c7352eaed9f699f0a763957c857ef5bec20

SHA512
cc6960c671550111c395b6ac6b9cca5e1a5b53012addb585eefda46e498c801d728d06c0d39efe33897eb23fb72d76d09ec5c16d223b6f5a8fed497a39558e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
def72da2a71a153dacbfd0aafe6f01b8

SHA1
01085cc53493860c9aa06628487d56c685aa29b0

SHA256
9ce96b895c8fd2899a9802ae539a8dd321f04c3b87ce8efebd1a3e068ef9d0e6

SHA512
475ac7f9d54aa6ade94c8cd635f84cb91959a0b3aa333f923cbae2bf330e860ce3caff85b4859f905022ff5afc9052cbc169586b69045250f76ac01d5f82e58f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
30eddb78781ed54a33186c7fc2b3762d

SHA1
5d3cf16931e5f50680bc9c124e5460138c9f0abe

SHA256
4678cb7f482b2571c2b590a8111085de04f320ec3827e4f293999b33ad31b59d

SHA512
22afa18f5933ec3116d8f6a164d15239e70cc11accc74e7f274a48397b67395d13c0441cf188170569aee27bcd4b00e5533b79f851247d203e3b3144e224c96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b70fc90e15d15b4ec6e4855ef6037c64

SHA1
ee8074043ff3891b65b2a4eab5c22d31141158fd

SHA256
f0744d3736b99ae355894b4271fd190873433efafb9f3549107d3598f519b80e

SHA512
cd6a3fef9d7cb3fae8704a72517c6d898b4164e3cb2c22e3e9cbfc414585a7f61ccac16518931e6f955e1d5efd9a6661ecdf3b1e59534e04fca51ffadcea8f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
d0a64f7de44778fe5ae429ab1cf6f977

SHA1
218406a1872865cfc8f9dcc0de8841ad0aac2b12

SHA256
8ef4fd42349478ef74de8d7be0fadc1e862919ee4c327ce94fb98bb46956acda

SHA512
40605902955a6f881780fc372fb596337646083e01c8c92799a565a42995de909d74412e4494f23832b3e7c4aa69e4fb5d763aac593a0fa883d6aaf09af2bb83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
fd9d01f357185b1ffa30d8540db2ed0a

SHA1
98cb7088446f240b5bb3801085c3601cc3292abb

SHA256
89ca8e6f51b4b92be2afb64d0d3e7e301f994305201ec6fa7559b4ad115de8cd

SHA512
f52a161859142df19c9d7e6215c04a6f8bf4929315ef88cc8f38f304f328ed02e2a6d49b00772acb0ca342e3ca5a9aea34af8818fc6b4c21ae14eb56e450e1b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ef42880b0c0f99c22a5fa0ef1997c252

SHA1
f3c9215c4cb4f6c892bdd302c169851449b9d444

SHA256
d52201ea167b84150728d4d8034eb47f72eb21d97c078783de30290409d27eec

SHA512
11182fec0059ecaf37d34a15008c4dff6a330a2591f297a334fa69de17d4b76d5b811f54763c9b604c54cb6de5b8eab185ca21881f1c0324d3038ce07729f146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4520afc7704fb37bcda5ac1e18ffbff2

SHA1
0ae4524c72090f85cbf52ec0903684dd20517264

SHA256
9573aa9fd4d546b1a13e1bc7876602d95be1576636f557611a95c313895b0c6a

SHA512
705718af7a6178d997b0267e79879d1d30e64677881869f113ed95dc2a40d025f5dc9cfac51b7fdd15a299dd9106ceb51c2bf8c497f93fa80925ea90183970f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
2221cc59c3e6ceb773cc31a7e175316b

SHA1
7123c551f0412b72bffc2010ea3876d12a7ef636

SHA256
9d6067190c619351eff766a7ec8b23c50d79936968a0b2651471272ddb4dd3a7

SHA512
da6aa5d65848ce35d65f8aed142b376df7eef43076e614ab6f45ae960484cbfc85a7683b73b4d169d3578983dff15d5a737bb609df5f8236b243027c3713ddbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
48cb606894d9b620ca6c87434c37cdec

SHA1
5c7fb7a0cb926107ca02d142d1682a574d7e7457

SHA256
746fd2108db5866abf453372a0ef7507d795e92312ab9b11d316fa1e8bae174d

SHA512
999679e9ef12cf21cd34cb06520d83db8923265925690b8e6291cbc2eb9d9ef6fbf7a04971d4619798bcd6c1268242dfc8bcff2149bb10f042c091a16d78b4ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3e011641e43390a39e65510b1056321f

SHA1
450398b0fb3b667038237357f3b08775a74cf17e

SHA256
29edd8a30c334c17b0c635404ae2df493367b021aadb35b6d9c38e57519b28df

SHA512
f93c6c3efa13d3d0511af41b3d1d5a73ca34bf86d22306f67c28295d11a4faad34803424241a4a83c7e7ad4c930b4c69ea221b74ac740140ace9b26269a360a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f663a9be597a61d403a33ac83bb0b7cb

SHA1
27b63e025bbb7d581842b633a0d86b8f8d015c70

SHA256
1eaa8e986b3274794affa16b10f28688a8ce72cb11171a0c52778a3ca95aed46

SHA512
c1cb85e53652f5224061b5d588c69cb21ed5ebc6982caca6b6929180b7418d9999f5e625360efa37f1ce009d3fdd1aa9a3f13417598a83215aba3b01d0d4926a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad7ac90373db329a376703940c43d281

SHA1
d4552b76dcb7894ace7724e942b6c8a67aa215ea

SHA256
f6c0ae6d063a995da519357083fda9d9f69451318544457699b5f52f5dcef81a

SHA512
d17ec301cdab4cbe88676c45a0069cb3d58b192253b351e4d69019afa8951b425e898de6503a94188069aeefde752c141650ef13b5d6ad8efdbe827f8865fce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8ca3460611334c392037c6917bf9f81

SHA1
eb440012c06b56b651644292beed787dece814fc

SHA256
cac3da90326fe8058bd600b6d5667c67a5308f12f00c8e462c555ddfa0088b9e

SHA512
97352bca1cd88fb62f07f4808ab84a03865c72bf01486803443e36fc986e86cd1bf10d9692bcd4e98d9384eb11325ceb915fb01fc4049c6960f45469612f8c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
b79a15b4cad86b0dc61fb9b3eaaf48e0

SHA1
fab32a3336c5e6b85d7cad0e8d1586d8e4774ef8

SHA256
937fd5684619f62688045e3fc4bed7548ded7e62437175fc93837832599de268

SHA512
d6db2c1f783d49e9bdec2261f1d82151756ebac5ded50b971bc8b15e42ab5d1bc735cae5d02ccb17ba8042798b2a274d6a30495f188f4b2b5bd91e63b8373ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
4e66febe6588fce816e8d347442aa68e

SHA1
dc6a1a522b4d1b28dde575d4f3391305f8b53950

SHA256
79ef66b1c6dc6fe3d8737b38520aad5d94a15c5197454c2821d5538d67718e46

SHA512
88c8ac3fe3fcd08569f5d25bf7408f5fd8f349d01c372f444562f66ec922adcf6d9f1b41c107e7ae1a2134532024a883c73af63482ad0ff4094cd14e55f4a601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
93b0a0924d00160fbb34680eae18061d

SHA1
056f4533f816bf2ddb8faffea39fb33feddcceec

SHA256
bbeb8794f6b9832dd9c9033519a32f14441b3305c7e21eec302aec620b78cda3

SHA512
fac05254fcec5c086bb6e84a9e93f62e6fc4f5574b4fab4590232fab711273876e8be88e6b95053e19b324d7a935d0465200be699a64db92b75a2f5ce237bb31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
9abd4ffa0dddabcd992c3be7d67b9d58

SHA1
565864bfe4bdbbca3a470930931168ccb548c68b

SHA256
4cc29f8c629321e8d5b2455ed41f52d2ecf39eeb5be9b81c27c0c9d13e125751

SHA512
78049329406b9e290f2bbf75d60494c4b01111e09234d5748c35ad803079052bd159a6b6afa6cfb468682895bc9bdc77cc90e7d5b961cbc9bb6676f2d0db9a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
69ee4a5b515037d693dc4962846a2afa

SHA1
658158811f3812815d5e449d9cde30cb5464ef22

SHA256
0640d6e200e95a7b352cc0b1da748b502a05a28d3f6fc0e2516e57fa83410126

SHA512
02f2a2ee53cc5b016db2a0f04fbb6d7a8b1111c02115b0e9a69a0419e4fcd0cfd424ae14f74ebdb5c4358056f965239eaefb96f69aa34ab872e4d346d82fe701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\23506dad-2cb2-4f09-b1e3-63683554a40e\index-dir\the-real-index

Filesize
72B

MD5
29ab290c088cdec5aa1deb06f655b3b4

SHA1
f9b09bc552064b7a92c0c825b696c38c4d4948f7

SHA256
fa359d812c93c70f94a0fc3081d4b9e303ec2e6a83ce4b8b3d5dfb63e26f1e4b

SHA512
b6679c2ccb1e1c4929cfc71314fcf040d94dce78cdddd12053c0b1ee8bc4f65d46f530b13e804bf97f7e3ad13e1df3cb8888f0b834f76a4a62a55f0bb7d7c2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\23506dad-2cb2-4f09-b1e3-63683554a40e\index-dir\the-real-index~RFe5eea10.TMP

Filesize
48B

MD5
2ef2a3865ead873725f7c5676246ac21

SHA1
8def59a53d6058e4e427cc40a7f887c4e35425a2

SHA256
d13195dbeea4eadcacd233b4901f4a25d7a86ca65784edd864a6064b923666be

SHA512
c3211c61f40454b327eeb35b5fb6b8b3c30f54bbe7005fa185c79b31f4fd1b64245b5744640cf1408dcf956f5ef76ba94e1f7a1b526a7bd81fcad26d2ef68715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\25d3992a-d3f5-4716-9ba2-0fc95df62694\index-dir\the-real-index

Filesize
14KB

MD5
8f1cd292aec0de3fd217889be5e8e79d

SHA1
d7d7d025b4cee6413da0e2513ba0db87eb5d476e

SHA256
49a0c32c46c0ca8abeaf4430ec25e5e8bd28017a1ce987ee2509304ed67ac2a3

SHA512
b53a67f177a5b4df830a1cd14530b8a42d5d754c089caaa8ddbc9990d7331bd305f2d56ee5e317a9e8b788f0a72485ac6a44615aac55da5a32d247c8b517d237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\25d3992a-d3f5-4716-9ba2-0fc95df62694\index-dir\the-real-index~RFe5f503c.TMP

Filesize
48B

MD5
d2c7a622d7cdfeb36df973c2da5b66d4

SHA1
b56a447ae4dc6233b2323bb0bb3f86affc85d7c8

SHA256
4482e5720aee95f3465e0525e0a2ab919427274615525a72c9f1617da5fb3557

SHA512
5a23ac8e6e4b42cbeb1147ec3659ea65dd44e96340b2f8af147f8c8a63078b27c924c3421c5c857e6e6d34232774a2036acd50404781540656276ed92862b462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\302a8a7b-2f9c-4eec-8630-abf91946341a\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\302a8a7b-2f9c-4eec-8630-abf91946341a\index-dir\the-real-index

Filesize
72B

MD5
6d694de8bbaa4cbc9f1c1860045fd0f8

SHA1
b46f9e093a6279b5072b4c9bdf50464063e2c5d5

SHA256
a511236abad3c106183163e568c33dc93d7629fa5f64e4f45eb8a49c77607088

SHA512
5322b227732cdecacf4592b8937c8e5507cf4aa8754fbf996dc7fef97b82928785c1e0882351139b2ce068eb187dc5e0cf18755eca0c4abd76258f8ba88d57ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\302a8a7b-2f9c-4eec-8630-abf91946341a\index-dir\the-real-index~RFe5ee2cc.TMP

Filesize
48B

MD5
36ebc30d60d96ef680e1725b865d3a3e

SHA1
889f91c6c69256dc3b18afd6e1dec92f75263011

SHA256
06313071a6c1e2194d3220b828ed45d9ac870fd7ada5538d8bdce6fe669a95dc

SHA512
5b1a118ad5145588698983d6fbad70e2f50fea690b8dc61c67bca388cf4b78f17d5fafbdc529bd8fef87eb67bd325126c5b2fce1b8d3273d07f1903174634af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a05e1e00-0112-4159-a88d-fdade876d475\index-dir\the-real-index

Filesize
96B

MD5
2b110731b9d81816c182f038eef62dc3

SHA1
dc76d28e8f0fc8579107a4d16b17499412a10482

SHA256
6a5cf91bf28cf0f5b3903ed9ee6c1db73f38bc5bceec6cd195a867bcde4dc746

SHA512
02ae792b55c06762fbdee85d5a9f03cc0691126fbb4dbd764b056dde22e29dca629d7a5fab2c7769f6560b826ec01833d8b46e22097a9c2d5e1028c0fb23eced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a05e1e00-0112-4159-a88d-fdade876d475\index-dir\the-real-index~RFe5ec2b2.TMP

Filesize
48B

MD5
a431d5b698e0054d7bcf14ab5910e5cf

SHA1
59d8fe5d072e3a902e3f73aa956801f9a21a923a

SHA256
0fe4ddd5e41e8c38d20824bb281a4b8b666c3fa87f8b13bdfebd0569829d3c7c

SHA512
cba61f3e5616585db9cbfd139bf1877338f70a0fa293a759732cf0b39718520fe8edfa55f7348aa33cae955e5b6dff681440c420398042a153e479b76ce8a437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\d60d4834-cc26-4ed9-9b6e-88e8952ad177\322ae1bdab361352_0

Filesize
11KB

MD5
71c5052ce1e9300d263ca38ca995d8df

SHA1
ea491057d672053f3414449c483ee71716a9fe0b

SHA256
7bf87c36e480c80b9583b9b5083995b2a2c257bce87595683a7675b7cce35b0a

SHA512
77d1e2fd6490653b1af011d578d4d3c2aad61f3fd150f4470382fa40b45c75e3b9f2997cafa0561686db1d7c6b71ea31ca57cc76a39a593beb6d52065b4fe323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\d60d4834-cc26-4ed9-9b6e-88e8952ad177\index-dir\the-real-index

Filesize
72B

MD5
c6c967a810bdf1703ec41d591e077371

SHA1
8e064df5bf8d9fdaef69c774bb842183aae08272

SHA256
33a137ddf9d16821815034c43581d26ae33042044754482345f6bbab1fe211b0

SHA512
c8d4d8661250893af5eaa61f37ae133d732c2e22f3a19183d3b374f65a6f3e5a3ba5641efbf4edbd1b1c4f0b00f90bf42268010c972f6842f37cee58a06b79f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\d60d4834-cc26-4ed9-9b6e-88e8952ad177\index-dir\the-real-index~RFe5eea00.TMP

Filesize
48B

MD5
4ec6a55ab8ccbf4d2bd476d7db15127b

SHA1
de98f0b47c1dfb43a781a307d27d2c7eb8715afc

SHA256
ff946311b6fa584fa84f3275c944e609d37befc1c1e38b5d2cbb6b70e4fb33f4

SHA512
3913ab69731694f2fe6ba9db19f878bedc3c637d74a27517200558c8200370fd4009394ffa5a7e6325fe22cd7237f057ff1a64d3261030334e857e736535c0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
367B

MD5
28e6d3fccc4efdca58928790eebb57dd

SHA1
b46171944006098a2c2510bf09bde18eed218632

SHA256
3ad73e022ea33cf8709856caad2dc996728f29c8ae164e5c0a890907cdcb64b2

SHA512
556bbb909216b895fcbf6cc04efb097a522165b75359d62dc6c803b30bdbab3d3b2b2b07fb3cf190c322f7356b3260ef25c877867e380beef47e3e7a7b22c355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
160B

MD5
a68455ccdeb6b43f47dbcbddf22cd027

SHA1
fec7f402f0856f48e31aab42ff24d8b13db9bac3

SHA256
35c03aa1837d14e658b87f6cfbe5bd36ac72a8cbf3240495706a2dd66c4a88de

SHA512
a9be1d0c1e74a37c1e332696327b16461790aace479d83d416b9989aa34e926d81fc89d9724aad2938b374acaa03d2ce0e9a1468af70404c8b69a37f32c3cafa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
101B

MD5
b173e672108ec1e4bbef975cd4f564ce

SHA1
f53b7c3a0ac8a518e3da1722ed031ced41b071f1

SHA256
e0b26c27b33a62b3c7778e64b5730fab129fb4c5f7006b67cebc85e9715c74fe

SHA512
47f8e5eab86e6c086c498027c6159f098c209579c811619f279dc9541e7cfa9528a901bd696fee25e515dc1c00062731cff5d0a26dce64fb56630c1b6528e3d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
242B

MD5
7399ab87d57d1c716ca6b4d2dec0cf3c

SHA1
2a7914b4c7709b491b144387cfdc3566068afb33

SHA256
3e54fc5a070ec5e5c0c4023ed920463382dee73cddd66b8f7bfb23423a4fa3f1

SHA512
f7736beae63e624e2d0cd13e45e169107dd83b86bfedf1f691fbe472f3b9b7e68e4b8d00fd8413d533f3757ac47189b24a7882d426cee30747dc95220a044bd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
301B

MD5
fc9d9169b3c75ac821732a72c42cb6fb

SHA1
a450a1c135c754840665fbd752d08e75736d727c

SHA256
49857e9d49825fe9f6a8bd14c2a1081d29d5e991822bc85100f2ff554f940ff1

SHA512
c80fc4092015b73fd84902a532abb8510bdaba5603d69dff10b8bcf3452c3df3050b9a5383bd0c04bd775affd028bac9d19cd7cedae44bbb4452b3cb77dde0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
94B

MD5
8ac8b7c0dd1d6d86adcd3c0786f64b45

SHA1
a1421b21ce4bb81feb134fe276e2edfbf985d396

SHA256
66007135fe1f8e481d6d846fa8757b2a96b94c2a18d06056ba030ce75c45773a

SHA512
4beefc587f51f03a45ed001890d14a49c3d608b2edddeb54441538dfcb661eea0765eabaf19a2ddadbd0960aca4fda16642ff11bf83b92ce7e65db7405233de2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
27B

MD5
97d5f65881dcf1370e0f450c74916071

SHA1
8356aa6595b01f1b3d60df82686d78c6b573c033

SHA256
3ac8ef666dc310ef3a2a6f90247aab7bcbdaf26b21147f7b06f1bd39bdf848cc

SHA512
7e5da137492e2d0f42cd6a7f1b36fdef012af3282eeaca25b3da50eeb5420b199fa65bcc6d3f67da371c31173a10ff06804a368872cbf4b63f9beb44a2d30f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
362B

MD5
e02a9b9bf281c557cc5dd70caf0d8364

SHA1
cd63b0c800b04442cc518a0d9df3d1206401a080

SHA256
dc4f5c2674bd0cc063fc6e740a56893bcdd1cd901b3805b30a5be0c30f109ee0

SHA512
80ff7989c393014b49ec924f098db291d146129f11b3ada3afb5e41c2c1b680049a4ba40dfbf58d2be3e28f2e7cfce418daa58872024c97daedcaea9002bfef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
161B

MD5
32144a0d6d0dbc106ce7bf7786b60561

SHA1
331e6f59a4559c4e3c973ad583626063d26c0ca0

SHA256
f45f002569d32e42f0c3291f902f3934af30f1d0b4e74983eb806375a59dcbc3

SHA512
292de6d956df41a5adfa2b4479c2116ad013ddf85a9bd43662e4c09552714f63a683b43fdf0c8466db1d819b785ff4ca97c2a8525831337410950d82b76eed85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt~RFe5e73c6.TMP

Filesize
93B

MD5
a6976a0c534fe3cd7e19e4c0ed996631

SHA1
5feaff563ecff3217512c034acbd238159436862

SHA256
f9e398b15045edd9326451899fed94bb6df99642dba66b32443d8c3a51cdfd3e

SHA512
d390b207a6e70e722df7b6b4769d6b5d656fb5a4f1bb7c86de015495f56172e5e020b024a692bfee8736f54fe51397dabebda57c93d6db5066396514398e9cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\20a2f91a-c240-4aec-bbe6-d5d850add34f\index-dir\the-real-index

Filesize
48B

MD5
5d1dad92cf96cf44120599e1372a784b

SHA1
8f4e591678a5137a1141aaf4c42d7a539baed3a9

SHA256
0d45d92760f8b94392a5bb12df0f203c80ada42ba5300359b18d25804e961d9d

SHA512
6bcae71e10ff861e9e168437b0264eccb6d7408d2a1f7c1d38bd281323e9b07c3a97eaba9866d9ac5a31069877b693df2714c7c499b8e03ff1ad72942cdeaf6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\20a2f91a-c240-4aec-bbe6-d5d850add34f\index-dir\the-real-index

Filesize
72B

MD5
6f51a3176e7a785b6de8abf28245d139

SHA1
83583a0f49a128ce05a2581996427b117baefbb4

SHA256
97201f186b99d4e5f02efde9737312031b9fd38f2ab568093d0d2a19e20fffdf

SHA512
83de2dd26b6799ffe9289d5669b5f3c4dce01f399a4dc1cad1ca17645d128222cfb4a4b12f5e4e90e42675232394f5129372f31b52ff05356673a311e4e87d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\20a2f91a-c240-4aec-bbe6-d5d850add34f\index-dir\the-real-index~RFe5ee463.TMP

Filesize
48B

MD5
f7f0a0ae3fed9bffd2a8027e050d7e7f

SHA1
0f9da6b2519dedc0fa8a7f31744f8444f9873654

SHA256
04428981170eee38a656c055783b9bb649186533b93f9b3e4fc8ab94219706a5

SHA512
6c7f884dab3e39d0a5e309d22d2d5dcd96190558ee5f305c54922e7f2b890adee86b24c85bade2cd9443ad4f5223bd82d198b5ee1ac1e5f66de52496d74da314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt

Filesize
97B

MD5
e86233f143051fd97753e5e00cdaf3b4

SHA1
96869cfb6bda0fe7eee0559dbd0f7a086deb01bf

SHA256
6e447ac587c8c06684175d061a7fb26202cf2bcf2910bd5244f516511217aeeb

SHA512
d60d8fae1c646dc5741c9a069a40667868cef65fc1b7d9628824ef75aa9f68be7ab47f6794296027f4f6b77ff2eb821cd43348803318284e832439f069a48077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt

Filesize
91B

MD5
de188ef11b4cd90e8dcbc75f2b2fbf2a

SHA1
dc7b78cf45a26cb618ae1f6259192d88554f3841

SHA256
6d2b336fec9180c5ff6303148c4536f14580ad02c8e90a6ad3d56412c159476f

SHA512
6590a8b5f5c429a68ab90b68b483e69c1cc3e00c157909788306503be9219848dea277f9012616b6724e06c22730f0cf756bf77f5e9634eb6a499f2be0e6d79b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt

Filesize
90B

MD5
5261788bc862a18db282115e1561114c

SHA1
f46183780ab408fe9a6416bfdfe2a31b55cd6e94

SHA256
bb5870fed52a5db65fbc90c26db5a95f7c3e8361112084375a36ab2452dfa283

SHA512
93e7d6c7a9c6885d568373ae7b57cd492bf0791835b115cda8c3e9ff5d99066acdc61d08417bf63570d65c0996ee08dc5733e8985e09ee32468e0a0954e0fd05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
5KB

MD5
c6a53258a7353efe25b5bbbb450fb713

SHA1
ccd980898b7cadf15c324af5e2cd78fcdbef04f2

SHA256
06695fe7943a32aef6049cbaf062efc15896c11f1fbec8aced4c0631c8717cdd

SHA512
b0156de0efa084a9dc2b6ddfcfb473159682817584c1b7a2f5412b621a29f8061db68cfaf46a73b98b656bc67cf9f98e78e771f69920c283c6303cb6b9913565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
199KB

MD5
95395068be2fbe50e611390f90b82350

SHA1
de570923d9728437f5781bdc2224f4de3cf01b97

SHA256
8db2bc6b7cc84ae0cded900a5ef3b72f1e66603d5aaf3cc73703a0d418297212

SHA512
9fd4f841b1e69d494598e7baa3c2018add4c0cf60726e509e1976278c318796826f1f97fa532273e6430ec6bd4b419f39d2c38592896a63e4a65fd73328e1745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
565KB

MD5
0d730712a0df535eb34c5bc331d7f35c

SHA1
36fa808825a8d36d3cad51cede0bb0dc58c09fa4

SHA256
9cdf43b14da10bba176ed096a7fcd20ac966c94731cd67f11660765d833a3af7

SHA512
3a587ec7ec479bad763e1be0cdf434d6e4a0ad3bf2495d49fd102610d8330dfa978ba3f01c66cc81ef39cd2113f12859e4e82e4f2631ac8642aa454ebeb62f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
09150ecf0ae1779471a41e1777cf3ae7

SHA1
163715ee9fa474c0033855b993f5c60e136db777

SHA256
85e76e4adf0e427d071d8287e38592b2dbd39eaab4dce106da3646c91745bc04

SHA512
069885c35a3fc0da3cc17b0b22b68c55c67b2e411d6531c839537f840a08f494614c8fb63daa10e7f4374a81dc1395bdd7da9ba9f0d79bb03c60eef89d6da978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
520B

MD5
60570ea4adc08bb0ca7582db87554970

SHA1
146e74aecf39baa5ab4cbf80815591a6d949818f

SHA256
eeb910926f0e1b2d31694c131f6909a800b5d003257b30eb624c3dfa161cbe30

SHA512
79093fdc399492fa498e0255b4208ba34c431c9fb5fe090a7f8e3244f30c3103cf165e41de8c23cbbbe77df32b395ab2a6eda7e3f0f0bb55796e80c290faccb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
b9d1568462964c5cc2b3008fcb830dc7

SHA1
35f3d96f95f2c0d084d2c3f74682660fd03412d7

SHA256
46948f251c4c16a776c08b85b42f11f7a740aa57c431be37fe1a39d936808bc9

SHA512
b2e0e1585d2ae53cb3584bfec38aa9140b2d15899ceabdaff371bbe9822ace42180f05e1a2cc71de886d6b266c91fedfd4548caacc3d92ab9b026953f10eb114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d5bc372bf50b08f138a689d4d0660adc

SHA1
c47efe36591606fc8b709fafca86c67739e133d2

SHA256
72ebd2fee8eccccd3fe2c56bfb7f34c57597c5dad12bfb66901d0f7f4f2cd65d

SHA512
ff6aa82bc24fa56835947b37c1bf3c59f85ce35dfdb4540c7aa53bb86aad7391f6704b01c2fb14ffe3b0a1f14a8be666a3ab07439943b816f919b98c691015c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f646eea485e56cfebc0a565f365099ce

SHA1
9e5233ee5b64a26bd5ca10b3a61e21047533f663

SHA256
cbf0305966a7d64a2a20f5725412e1c452199dd979261d0c2f2853271f0597ad

SHA512
a6a2a814f9def3242dfe63ef243d663ce6c01fbd3de984f8fbed2bee03ba8aaa2006b958addea6e4a4743b00dbc61efa0843e5917d42a168f595ef4be6eb2b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
72c4d28257313c4b442958613df3db7d

SHA1
61c388f44584deaee1a80a1a9b64070d2439f0de

SHA256
aeb644b4d800ceff79f07712216ba8562c2986329b0e753473e7ebbfc9390b0c

SHA512
26cc30242e3b04f6566296e1989bea073827540726255adec2c97d65265cc0c86dcc338be8821434258dc697545e1d1b52612a7da76a65eb4ff21592196d89c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a6356d44dcb0285b9b0abdcdecb7bcb0

SHA1
296c2002f061aa0189c6a49f36e8ee6b5e22afc2

SHA256
7c65e6b21c367f2d6e3ee3d656688a6e20c6a022daf116e94e6e215117b13622

SHA512
662b8bf51794b15125b325f631fbd055e1d620d5749bc8bc5ee03193a1d50df25640f117df1c614f389c9b843c5a265247a86ce9ded91e293b91cdb58379cec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
789ca2a875bbadf37cc010a2f0886da0

SHA1
d778537d9fe7cb5292fdd271e06845e8ebe4a059

SHA256
61785f2dcde3cc7f71a900afa8d2ac9a50a025f5c6eacadad08f68cfa5c7813e

SHA512
8fd35cb26f3dd03cfefa3f755550d1a80308a22e937a31528551a0013f22c8eb033ef3bcaa5f7fe8e50b435ba4954919ee5245b28c84fa994cc1de32440dc0de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
c4969af659f4e11f7306948cb2d82a66

SHA1
a9d35bda21896d05d3be2e9ff2b161e214d1f5c4

SHA256
a5f9f66881d11e056c9b9d4d971d96b4b1d703b1cea2d4be5737b65a7d0dc81f

SHA512
2561a8d5fc6645b179403eac031330e93557e247b55af4cb3d93280950e9ae63c271ae08431052284ada4009e7d96f7a303b1cde53714eddb45651321f5b47d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
91a0c797c6bf602766b8935970bed9a0

SHA1
c5d6cd2697f2310a2c226d8990c39e7c10a14acd

SHA256
f8fc8b73132aea9732eeb3b81ed4fca02cfce47f1f1c7b5a28d2badeaa6b4d77

SHA512
edb31b62605e929f874659d94517dd19a518001751964c014ca4ae65cfe040fbafc1f8c0d6f4b537b9f1d93a6b3da9654798ffc903c8084c22442b2031e83b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
36533033593ddf6b4c3a9084a756c623

SHA1
8f1ec3e5b1402832fe68ccb99833aeefb2bc13c2

SHA256
bd14f955d57d6894186ed31e779420b9c92a8d39fa88b2513a3c6585b8aadb3e

SHA512
465e02711f501e6e3c300efd437801011a7cb3674945c673bccc01a56e43571874cd8454c119f1242f7db88b88250ef269bae08d6a8825a8a9566a5ca459fe95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
bea3d723908226ce3d1a6f0255f4642d

SHA1
34d6932aa692c7d094915c2ab08887e13682780c

SHA256
6d2c3faace495ee7087b477ab2c74878d25e54bd9a0de737469d47d49cd880a0

SHA512
4e1870ce9e31547be357c9e464b567670f916e72339460877094a85da582236c4d01ea76a7fe1b278fb0a7dade0e7b9de69b05b166a16ddcf2748b771c7e3355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
b6a30224fcf63582335f5e48f4b0703a

SHA1
7a54de3c532285ba08a3aaebcdb7f8bbb48c63b1

SHA256
9fd15d777037c5b579405de5a7f954a8b990baf2eb741162b14729a24818e700

SHA512
c3253508f2be6bc7bf496ddd41f7b7b55663b6558748017857170648180c02ca2059b317e3f5b724af6a919944d2b05573c299ee0df07031e74c41606f49a657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
5a0797d8c88f0662417e570e710e7b61

SHA1
18c4e141de5d7e55367b44342ec5b7bd7f3a71d2

SHA256
1c3d040a945f59e34d2a44199e9ad6389fe1bf3fe5ca1d72a8852d37c3206c32

SHA512
b2e82824baaf5165ff2fb816eec76601b8d15830227a0fbb113d96721f8e5799bd6bd46392d6198bbe91d36691e5d862e87a022db55ab0080dd0984241eb2637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a06def469b144c8ff6030e30751a5515

SHA1
8415250375c6b927bc79f7cae9e27f28185300f4

SHA256
548ece6faebb314fb908a924050d8e1e4624a0df13ec8320a2f69336d9f8c46c

SHA512
79c08d3130c91fbe4ecd274de1a3699eb163d5740b69af99d33dd5817492553b18e14754565e3bf3454da120cd379a9e47af413867aba8b6ed4a38984f9d0f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cd5d0a99c723b3c594733f9cbea30488

SHA1
352b25bee1bd42deef6bdaebb0418dc88dafd24e

SHA256
81cfb678a489809e28f09378354d549e66e28f734fbbfc4735f236f7d13905fb

SHA512
b58ff55089a0340cbe9a3f1dbd9ee209ac16a1e0f5177800bebf99b541fe5ce2eb20485598e20a92431aa1fb58eab3582af892b035e3072fd44520a32fcace1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5a0613c6f32f9986f7093a2cb847914f

SHA1
aaf68e9f0e3629f8ff22688c980d47a1971b8653

SHA256
32befd3d6b129cabf837fb1d407b3a2eeed17e734e033d1e886c100cee223aba

SHA512
3085c6a455afbdb7d8c7177cd86500a8f3e13ccfb2853b18cf73d02489315982576ad497b7e8fff08c22eeb5a9e92eee3b3120e081011f3d462b0b64beca343a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
53eef924a426ba7c2c8cb427524236fa

SHA1
ee50a36692e4e4e5711760ea444e3c2e67c60f8b

SHA256
0eb6b7714a1d29ab8b5d34d7b8c14ff0044f9b48cffb9ac04ba56d3f909606b1

SHA512
29672179a7cb20d2e96ca8934c6205737b3a3f1d8f84b7ca44206b0c05caa6a6845cf76383b3dec55cb0d8fafb5782d7650592235701b09048b1a1e121d4c9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
3c0d394eaac93653735e8c4143437e19

SHA1
1dc7f38d81519a65283996b39116b6016a277c4a

SHA256
f4ec5d476ddf37a8e20c608fae0c46e8dc1accb0d770d3b337e5bfb84b20fbd1

SHA512
de488f0b80164b517f464113a26d68b846b95e803703b8b1763c7b254f3fbc5f2932b17f7cc93f1a182bec9323e100b131df7c29959c4b83683f3b7df1766b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
39eebec3bbde268114051ea0d7595ce5

SHA1
af6d9a8ce9f9ae8626eb174866e405ce3fdc886b

SHA256
e7fc19767f41c8c6752bacbd78e9be17005f4796673d25b81fd2bf5f7f0e04be

SHA512
fc5e23b9c8192e70c59bd32bfb863f761053a5ccd301c8fabb28c145f5b0447df31eaf2a767813978ecb2b8eafd71c4d398878a0fd13057ea6657c1a5c1f9238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
2dae601661b26da40309c18bbf309688

SHA1
9c88fb4a44082ef363fc6c6fec3cb0b24d07b511

SHA256
db183fb680f0295679b33d410d0e0f0e2fc019074446981fe4ea17e49549985b

SHA512
3e63fc52d379769fe594f3675a2124adb0601074087c981cac4178269ec0cf77dd1e395cb960c76adfbacac4d616f950cd074c4f2b502e9bc66d6b93e37393a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
7b3800b636981493a665fde58c16f8c9

SHA1
aed21ebeb0330ce0a8e0eafee2c17ec0e9f2a5f9

SHA256
72d0c6d08197042a450bb195d803117c653ba93b88e2cb16b2b29047aa2bcc99

SHA512
0ded8f0c7a5050695e03afe4ed92e96eee33d16465679d17f0251106abde79f16c64a68bfa0384f9da55661cfdd7c3bf0ac35badc6213efcc7ebe060a5c4c68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
8d9e1804742f4a539e8b04ce6041c5e7

SHA1
af6f794081cece77b56bc30ec7cb3a6252ad44c6

SHA256
b5f8690821844f4681b01b3a78ad5d9e3d366e22997a3937225cab513f211563

SHA512
52ac7f3ea87a690b82e859b67b27022f9c0043513ceef67de6cf990a4aec14e49b5d9e1cf77a0103dc50e39f5a6b78f8ff804f13f12e3d8b1637d35746ef114e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
926f195a40d8fde5fb8f49a39c329b70

SHA1
da65b4a6afdba6f1281b6ab249f526a3fdf66791

SHA256
be9358fea52de09d8b397ea0df18dd78ed33e810bd20befed5b77c0a12d5671b

SHA512
43aac75e5cfe7c70b4c1eb75c70c34a8b22edbd8eb0119de358018ada420642dbbbdd4e85f69d625b4d64b835502450a1f72484b0421dd17d6dc724428b1fff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2e5e0af688ef7a0a1985e2bd04528a36

SHA1
9c6810ff1239c5b85d90c94725227c911ee88b5d

SHA256
f1a9b49584bc3681de55a83a83561586f149db985858d5d60b00e3fc063d245d

SHA512
f25a1ec62fb803a2c8bc17d062ef4c73d2de11c5c533ce63d1c7dae749eb1fd22fd0343ea0a377be5984c3070254fe797e628094652f178ca3e1ba8b4dc43fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0ab9f672307547ac09a4d8a924366fdc

SHA1
9cdb48f5ea0a8403abfb1e93e47512ca1ef84c37

SHA256
9c19248fbfb4cc09c9c33921af0fdc385d48d88bf919f8b7a2b91f86797b8bbd

SHA512
e48b7c5a715cc8299898d22d0d9aa2afb14e69a2cd075ad40c1188b665cf7cb16888c17dd0d0ffaea781abc88cab6db6aff522eb75a3b25b7d8e3893efc33660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
c799fed8446a74a182682c50a4bd32aa

SHA1
66ad30b2a1abe63624dea58d73a6a26a192e502c

SHA256
0c823e0484e349ad0b676dead9602e65dc1c66715b0ec0b954f592e39cb84418

SHA512
c151081158b67e8e67e96f8c051d2c4a657276df03c757e50924d4494f8d64a88580ecf35c2e4dfad84476b58715994101d8a2cb058eea4290963b55ab2ca63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4f75e1b1dd88f3d531b68ea695f15a8e

SHA1
fa4d9668454b292de05745dbef1db513afd6d1b6

SHA256
78f22b7ef68cfe61bea98d63f6586e5d5d7d9be08221c4a83f9599087e90fa1a

SHA512
37ee50a97d54f0951347a62ec0705057908b304ac7f11469dcdba1ad0717bf083b5c9e373c155fd6ad637e32b8eb31523a322bc95fd92bc34706d336d6ea2ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
de76cdb68eb33bca9aeb18ede962d1e7

SHA1
f4c5ef2d8dab035c4a4984095cd49e6f0bc1f3d0

SHA256
d39e0c664aba5d0174c9955981e8638b0f633730d5ef98b901a36f29ffa5a940

SHA512
49b6ff40cfb42a9b17b1635b799618e9869027e71938407b823ab0c2287d1ec494608f1989141005a254ea6b089c988b1611be5294b5a0321c522e0b423fa620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
c676bad0049a9319c61727e93a44ac1b

SHA1
812d7d547ad6258d5a2779485855041c10df36f0

SHA256
ab81248abd4bec8c6dd4407ccb8e7547d532308bf112e73195559e0e611af79c

SHA512
017bd8d5ad870e0db30062cb336d393fecd1567845e2d8d7f358eabf835b3d5d40736159a863b05bfde07dbb22c639ecf898ae291dd1ad30b3422187914a1afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
bc09e7e98abcb362e03e64b0223284a4

SHA1
15d714544a19eef52ac0a2ea38d5b35a23a11aba

SHA256
0d88b0febca55cde176944f979c177f8a8dd05591114ea92a927d43ed073ea3d

SHA512
d938b930d40eee0e32da7151e8d774a9b184e2f57b9d8b25892899dd58cd24096217f00cea857c01d153b6237ca3c42a704bf7dd8745a08cc25bd3759dfb4a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c4cd0.TMP

Filesize
1KB

MD5
7b065d7463f32a02e3b466cd1abdc1e9

SHA1
0e41b46b124ac7b96ddd1bcd0370903ffc402661

SHA256
b369f96dd15d5c7cb30e59e6283b27389524f0b8c924e6227359b268a98a2a08

SHA512
b39dec326f0f58693ac3ec65f519d767ec57d0d5e99b87d14f741c840c4cfc6a8a8bb5d64cc4b899e15f225e66aef31d2d49af550962f5db5bbbe8cadde429bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
24dc1b830ec445a29cb4c519a732ad35

SHA1
4480169c219d78619b181cf4908f5f07b192e481

SHA256
266aad8798c9ecce949d6aff0dbc877a5c754f95474a161feaf6df8f8f9c8706

SHA512
7b39902dc37aa324fdc5fcc28385513cd42fad29d276fcc32c063748f29276ed41fa3438f788c7b1ead17183c72e6223b1699089296f9eeac95f067388419959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
d309e539ef984bd38c639575907a2c52

SHA1
6d952074faf8d2b1a52938b25c740397c1087d71

SHA256
61aa874726232e3ebfe5b1091e9959f55896e70dd4e28c33313a7b9fc4858d89

SHA512
24505193d55a422d305c6767f8b05fde70030b5d0575619f9528a02fd2f1b1dd239b6ae13767d4e9d46ab3f9ff752460a067460222ac1b9b93319e389fe1c58f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b07d3384-5074-4665-bbd0-c776e424046f.tmp

Filesize
7KB

MD5
26ccd16c494b03d1e96ced4aca2ff72d

SHA1
63414a7a060676486ac71dccf967e85df40360f5

SHA256
0cc90a2b3d6cceb9f8121e7797dfeec11e6e3f46d631f4e831f987f7029b7cae

SHA512
b604fb39538b88b01e221e2cc316dc28042a07faff60111b91dad31869bd453443cba402d6556dd50b0e1c4a832bf09df6da850195456c934d623850200057b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
128e26a983b0e601be1ff707a432f065

SHA1
48fa7bb18b6944f2d1a61c985496f5ef23d24943

SHA256
fe00c55f916c6b9add17536debd7c7e47e20b30d799eec0bc2cb4d78217cc79e

SHA512
da9ea229cd31bf01069fc6b6a88cb0318e5cd42b0299077b2a6d21e663dce4d7363619a1daf15f774fec12397148bb5d0e7cd517ba100031c0b3d5251ecd93e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7db590effd2d67c4edd9b995d0067aef

SHA1
a20c92d2dde3bafd6f50e40eb7259456ca7dff9e

SHA256
d614ba136ef8481f3b3bfad8e6ee7875964acaa3db33b15b709690565cbe84e4

SHA512
00db853124b28cacbe5e98c4ac82d0b10e639b40b274b0275c2f397da767be0c92067162c6055e30878a1b6e8a2456890f72203a88c486bf3a65de0b92f5cf37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
20b8723d65ad7440f3bba422f7e4484f

SHA1
e46d6b4040b8237ff70e1ae03723e4b4bdff754a

SHA256
549c858cc8bc18ce0636485e73f7a305d6dfe20ad4c91273c0e8de6a92c28b60

SHA512
82651f07599145eb919cd19b6015ecb31c566e05ad68943c5172dce5696baa35e0e9852d4f30587cabe3f1aa0873ed71ff449884eb73931a6a2aefef0c5f4849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ebbb57d99403b0f9f75d1b7fe24262d1

SHA1
130ed7fcd3cce199637cd26c87823f36179ec434

SHA256
345fce85f527314bd54c61072f762ae08e13c6cde403b78fa2edeb5feb578f76

SHA512
c0b37512f180c4106f07e84a56dd7325729a29ec108f238ed90ce04106b466aa25e4bab575acfcda965930587bc446878463daeadd92157a5f6375823efb4251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
86e76c5d3778aa8733358a77ac2c3a38

SHA1
b2861c9e376725271294d689d28e226248332b2f

SHA256
7f5129f655960868ec6aa2566e12fb4d8f3d73ecb77a3b10546630f78f488bb3

SHA512
7b8328431b560b13792169409c3d7d9aa8dd8c36f3999195452b938a9182d582d00f25da84d4c0d6830d5136922a5175c6fd5ce28a300137f7f9b08de126df29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bae41c565557a9282a9cec811b1813fe

SHA1
54b93e00ed0b97060073c17561f33dc9ea86cf74

SHA256
c7590e0bf2ce412c5d636d7abb5f501716dc5a4fd6638311177442312de0d721

SHA512
b21803e3797b1cdc12c1a63bf5f9aa6d40343744dbdb6e110dfc4bb3ff03bbebee3d312301eb6e8a01070249f5ff0abf17bdb52103e3f1aa454be221db6f8737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
26fe7631f9a0930bb7d1f9afe48565bf

SHA1
5ad51fdda5c8c77a259febe0d19ab5ace5f57d6b

SHA256
33f69aae709faf36309e385f6e9b6414baf7fbb3ad3734a515061d91497eb576

SHA512
7afc192fad5a539e24559f890f26defc74b0802f1260892a7fc47bd08bb4e4c3198eb397eb1588e66074842275f2da9b90fc92f4a211e39309d62e5834ea4239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
383d7084c60e18b1e3bd1f175f8c3332

SHA1
1fe79ba98a15b38cb76052fefb5953603695fa20

SHA256
aa2f872af0cb6b18ee42cde8ea2e8934880f5476bad520a5cfba2871cd9b3c45

SHA512
0c93d5cea8550c6fcf1d34d3613de084ce43103e63367e3e10a034cc9f0215befb7a8cc1c8b18e2c6c1a3069d31c847eb6343a11da137a48bf64fc93175fd250

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\d489579f-ff89-4d4d-88af-0a16af475670.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCDEEC6.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\InstallOptions.dll

Filesize
15KB

MD5
d095b082b7c5ba4665d40d9c5042af6d

SHA1
2220277304af105ca6c56219f56f04e894b28d27

SHA256
b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c

SHA512
61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\LangDLL.dll

Filesize
5KB

MD5
50016010fb0d8db2bc4cd258ceb43be5

SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc

SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e

SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\System.dll

Filesize
12KB

MD5
4add245d4ba34b04f213409bfe504c07

SHA1
ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

SHA256
9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

SHA512
1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\UserInfo.dll

Filesize
4KB

MD5
d458b8251443536e4a334147e0170e95

SHA1
ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3

SHA256
4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7

SHA512
6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\ioSpecial.ini

Filesize
1KB

MD5
906ad5f1d2621438c003c12c4ad86405

SHA1
b7d7a742b039963b29f32c54ebf8d8932fb09794

SHA256
ef51f48ce8890fc74bb17851d314d2b737efbadae8d7e04d0699b41e0a22481b

SHA512
1a783098a7dafe2652a14e23eb6d7b381fd6fb9b80cb28f2020e83e9b8ab0eba159196d33e104d6d1d5415bbfa0ac1cd01c322fb5ea30fa76fc984c175314183

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\ioSpecial.ini

Filesize
1KB

MD5
d83b09c4e97923cc9798484531118760

SHA1
b41d38e1de2aaa6632f9bae564c04661c59e865f

SHA256
07a0a552d57dc1e7e54da30507bc92ec02b8fcaad0d54fbb1701c4d96843aa9c

SHA512
ae79205e75a78caf35f787ca16288a8e52fb92fe883382fd3e40bb794efce4c9d1cf90bb3bb262b5937478c57a145e4eb5ce101219e9ec7352ae4b73a8cc3f28

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\ioSpecial.ini

Filesize
1KB

MD5
44a4e3613b45c6f77e0c470cc69962f7

SHA1
070eb18f62952d1334538a9c2513efd0c1e3dbef

SHA256
04e4b6950cecb78c5aff659d45d0a57c7686c12335c3ab278f181d053bbb0958

SHA512
e1620cbf56574bf9c82e3f0c0e0fa1c95569e8a6c3d832f6499f874be929de16a83ca3e3993413ccff64ebfe5e1456c79b3f54d7372fdba4b8433f38b795ea8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\nsDialogs.dll

Filesize
9KB

MD5
1d8f01a83ddd259bc339902c1d33c8f1

SHA1
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

SHA256
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

SHA512
28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
335B

MD5
29847e69a782dac396e3a418eb72f950

SHA1
4581167de750d2cd6ff7c5cd9f433a181770e6f1

SHA256
289fd56e9949d55a033f059639775bd411e90279280c62be79e9b8cc32eb6d65

SHA512
c78e0b7e09f4013e482d3cff929992fc179c4ffc4b560e0705aebaa96a10115fbaa2f7f50d66e0f4674cd14f44587259f59b1bd8eafe34a98bc8004dad24e853

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
215aed3447d942dba83b4b5c8f8a417a

SHA1
45a73e9b8f54b2d706a83ae21b5708e4cbeece94

SHA256
9dc591c6445314ad073233824abf0151d31a6d8acee79bf5fe3014804d26fdb6

SHA512
926b5721774c133e3eef85099e7a874ef892b4347d5951bae4c7ad5f7007019bf3a075bd3553e51a6ec5573bc68e10ab8ea27b197fae39d9fb366f7055fbd187

Download Submit
C:\Users\Admin\AppData\Roaming\Notepad++\plugins\config\converter.ini

Filesize
646B

MD5
f07150054a6afff4d8e9d58899167722

SHA1
e092cd960ab728667d91b37d64a02d7f6821518b

SHA256
5b0a08439e8e93817772f84e1098f14152d9da36c2601a0600ddaae6f61359d0

SHA512
8c86aa4c058a8ab5fd26f21cacc8ddaffa8ce6012bb329d3c5b817da00b4b43018a575c768d1921c6eeab7537f172c7cb3de658b014365ea52fb3c87547182b9

Download Submit
C:\Users\Admin\Desktop\virus\astronomity.dll

Filesize
21.0MB

MD5
ec5f89d0727fa28af13fffd9ab4a8f58

SHA1
29d50b03dcc5cd97870593e98941eeb14e5ad406

SHA256
da3838bfa5df88cc032a86dc6cd28ab6f587a5648b7842636e963299a92e2f94

SHA512
533c59ba72c1273bb494711ab763fa1738e56ccee7deb2cbccfc4d52fc4ad4a3d72453836dbd7dcb3826d70a69c8d869dda966c40ca48d3a4c94665ba9431573

Download Submit
C:\Users\Admin\Desktop\virus\injector.exe

Filesize
25KB

MD5
2b776aed49e20cd5a45707fc186c4544

SHA1
b858a8d13bea20ad97c621395313c45b3e196b19

SHA256
281b17332f7453b4521e13be5c986690441d276659488197555b7bee78f5ed70

SHA512
ca32eb24c1c6760e70d67183bdb04658be8043b75d10e3ad2d99aa85a0abde808d74a9101b165e514f7291ea1d1ad296aed83af9b7e243c741cce7b9babfe630

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 276272.crdownload

Filesize
6.3MB

MD5
251d47503743b09d4ec3847356487ac9

SHA1
2365dec100d7ad2ca99079e2a6fdae7d801cdf43

SHA256
aa130d151859eccc8b4cc535ae756682069d626087e8c56a35b630df4b5f0024

SHA512
e3ff13f400e095b091e1fae184b9a83416c17c1033558b1512f765e19d866a776414db964d5e7a713eaa0ac0e07a98524540a0dba88294f137c0eaacdaa62e20

Download Submit
memory/3452-3797-0x00007FF827610000-0x00007FF827620000-memory.dmp

Filesize
64KB

Download
memory/3452-3798-0x00007FF827610000-0x00007FF827620000-memory.dmp

Filesize
64KB

Download
memory/3452-3796-0x00007FF827610000-0x00007FF827620000-memory.dmp

Filesize
64KB

Download
memory/3452-3795-0x00007FF827610000-0x00007FF827620000-memory.dmp

Filesize
64KB

Download
memory/3452-3264-0x00007FF827610000-0x00007FF827620000-memory.dmp

Filesize
64KB

Download
memory/3452-3268-0x00007FF825350000-0x00007FF825360000-memory.dmp

Filesize
64KB

Download
memory/3452-3267-0x00007FF825350000-0x00007FF825360000-memory.dmp

Filesize
64KB

Download
memory/3452-3262-0x00007FF827610000-0x00007FF827620000-memory.dmp

Filesize
64KB

Download
memory/3452-3263-0x00007FF827610000-0x00007FF827620000-memory.dmp

Filesize
64KB

Download
memory/3452-3265-0x00007FF827610000-0x00007FF827620000-memory.dmp

Filesize
64KB

Download
memory/3452-3266-0x00007FF827610000-0x00007FF827620000-memory.dmp

Filesize
64KB

Download