Analysis Overview
SHA256
a9ad141dbfd79c2411bd99d1da466c369ac09ed5c6f179c63b15132e837167e5
Threat Level: Likely malicious
The file astronomity - pass 1.rar was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
Executes dropped EXE
A potential corporate email address has been identified in the URL: usersOID00037fff8af871ee0000000000000000@84df9e7fe9f640afb435aaaaaaaaaaaa
A potential corporate email address has been identified in the URL: sdfsdfsafkjykehyirhiehumnrfzwzesfzezeszjhefjhzefjuzesf@outlook.com
Event Triggered Execution: Component Object Model Hijacking
Loads dropped DLL
Checks installed software on the system
Detected potential entity reuse from brand MICROSOFT.
Detected potential entity reuse from brand STEAM.
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Checks processor information in registry
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-14 21:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-14 21:00
Reported
2024-11-14 21:17
Platform
win11-20241007-en
Max time kernel
1014s
Max time network
1017s
Command Line
Signatures
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: sdfsdfsafkjykehyirhiehumnrfzwzesfzezeszjhefjhzefjuzesf@outlook.com
A potential corporate email address has been identified in the URL: usersOID00037fff8af871ee0000000000000000@84df9e7fe9f640afb435aaaaaaaaaaaa
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\virus\injector.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| N/A | N/A | C:\Program Files\Notepad++\notepad++.exe | N/A |
| N/A | N/A | C:\Program Files\Notepad++\updater\gup.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\virus\injector.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Windows\system32\regsvr32.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files\Notepad++\updater\gup.exe | N/A |
| N/A | N/A | C:\Program Files\Notepad++\notepad++.exe | N/A |
| N/A | N/A | C:\Program Files\Notepad++\notepad++.exe | N/A |
| N/A | N/A | C:\Program Files\Notepad++\notepad++.exe | N/A |
| N/A | N/A | C:\Program Files\Notepad++\notepad++.exe | N/A |
| N/A | N/A | C:\Program Files\Notepad++\notepad++.exe | N/A |
| N/A | N/A | C:\Program Files\Notepad++\notepad++.exe | N/A |
Checks installed software on the system
Detected potential entity reuse from brand MICROSOFT.
Detected potential entity reuse from brand STEAM.
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Notepad++\functionList\typescript.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\themes\HotFudgeSundae.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\cs.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\plugins\mimeTools\mimeTools.dll | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\plugins\NppConverter\NppConverter.dll | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\batch.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\coffee.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\cobol.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\cpp.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\bash.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\updater\libcurl.dll | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\themes\DarkModeDefault.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\contextMenu\NppShell.msix | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\perl.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\cobol-free.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\autoit.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\hollywood.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\nppexec.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\updater\LICENSE | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\themes\Deep Black.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\lua.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\sinumerik.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\xml.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\langs.model.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\themes\Twilight.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\sql.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\toml.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\tex.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\localization\english.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\fortran.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\ada.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\updater\updater.ico | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\themes\Monokai.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\baanc.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\lisp.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\cobol.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\java.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\inno.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\fortran77.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\plugins\NppExport\NppExport.dll | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\updater\gup.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\html.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\themes\Hello Kitty.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\xml.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\autoit.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\javascript.js.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\themes\Vibrant Ink.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\actionscript.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\batch.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\raku.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\python.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\ini.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\themes\Bespin.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\vb.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\typescript.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\readme.txt | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\themes\Plastic Code Wrap.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\autoCompletion\javascript.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\themes\DansLeRuSH-Dark.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\universe_basic.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\nppLogNulContentCorruptionIssue.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\LICENSE | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| File created | C:\Program Files\Notepad++\functionList\php.xml | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ANotepad++64\ = "Notepad++ Context menu" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ANotepad++64\NeverDefault | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\NodeSlot = "2" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2499603254-3415597248-1508446358-1000\{82F801B4-9CB7-4AC4-B5F2-D71B95BB4FEB} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\MRUListEx = ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\MuiCache | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\ANotepad++64\ExplorerCommandHandler = "{B298D29A-A6ED-11DE-BA8C-A68E55D89593}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593} | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InProcServer32\ = "C:\\Program Files\\Notepad++\\contextMenu\\NppShell.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InProcServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 8c0031000000000047595065110050524f4752417e310000740009000400efbec55259616e591ca82e0000003f0000000000010000000000000000004a0000000000bbbcd900500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\InProcServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 19002f433a5c000000000000000000000000000000000000000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\*\shell\ANotepad++64 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B298D29A-A6ED-11DE-BA8C-A68E55D89593}\ = "notepad++" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\system32\BackgroundTransferHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 276272.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\root\Office16\Winword.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\Notepad++\notepad++.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\astronomity - pass 1.rar"
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\virus\injector.exe
"C:\Users\Admin\Desktop\virus\injector.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start steam://rungameid/2524890
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8536d3cb8,0x7ff8536d3cc8,0x7ff8536d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7032 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7376 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7280 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7040 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8988766276758551047,3837955845852855968,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Microsoft Office\root\Office16\Winword.exe
"C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Desktop\virus\astronomity.dll"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8536d3cb8,0x7ff8536d3cc8,0x7ff8536d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4944 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,7267355082084191876,1255072966931051749,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7048 /prefetch:8
C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe
"C:\Users\Admin\Downloads\npp.8.7.1.Installer.x64.exe"
C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Program Files\Notepad++\contextMenu\NppShell.dll"
C:\Program Files\Notepad++\notepad++.exe
"C:\Program Files\Notepad++\notepad++.exe" "C:\Users\Admin\Desktop\virus\astronomity.dll"
C:\Program Files\Notepad++\updater\gup.exe
"C:\Program Files\Notepad++\updater\gup.exe" -v8.71 -px64
C:\Users\Admin\Desktop\virus\injector.exe
"C:\Users\Admin\Desktop\virus\injector.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start steam://rungameid/2524890
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0xdc,0x7ff8536d3cb8,0x7ff8536d3cc8,0x7ff8536d3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1840 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,10002277138146218599,10127539073395745231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 88.221.135.19:443 | www.bing.com | tcp |
| GB | 95.101.143.193:443 | www.bing.com | tcp |
| GB | 95.101.143.193:443 | www.bing.com | tcp |
| GB | 88.221.134.3:443 | www.bing.com | tcp |
| GB | 88.221.134.3:443 | www.bing.com | tcp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| GB | 95.100.245.51:443 | store.steampowered.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | store.fastly.steamstatic.com | tcp |
| US | 104.19.229.21:443 | api2.hcaptcha.com | tcp |
| GB | 88.221.134.3:443 | www.bing.com | tcp |
| GB | 23.214.129.109:80 | windows.microsoft.com | tcp |
| GB | 23.214.129.109:80 | windows.microsoft.com | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 52.96.228.130:443 | outlook.com | tcp |
| GB | 40.99.218.82:443 | www.outlook.com | tcp |
| GB | 52.97.202.66:443 | outlook.live.com | tcp |
| US | 151.101.193.181:443 | play.vidyard.com | tcp |
| GB | 184.28.198.218:443 | cdn-dynmedia-1.microsoft.com | tcp |
| GB | 184.28.198.218:443 | cdn-dynmedia-1.microsoft.com | tcp |
| GB | 184.28.198.218:443 | cdn-dynmedia-1.microsoft.com | tcp |
| GB | 184.28.198.218:443 | cdn-dynmedia-1.microsoft.com | tcp |
| GB | 184.28.198.218:443 | cdn-dynmedia-1.microsoft.com | tcp |
| GB | 184.28.198.218:443 | cdn-dynmedia-1.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.193.101.151.in-addr.arpa | udp |
| US | 52.167.30.171:443 | fpt2.microsoft.com | tcp |
| GB | 2.18.108.226:443 | assets.adobedtm.com | tcp |
| US | 20.42.73.26:443 | browser.events.data.microsoft.com | tcp |
| US | 20.42.73.26:443 | browser.events.data.microsoft.com | tcp |
| GB | 52.97.202.66:443 | outlook.live.com | udp |
| US | 13.107.42.22:443 | signup.live.com | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| GB | 95.101.143.144:443 | msft.hsprotect.net | tcp |
| GB | 95.101.143.170:443 | msft.hsprotect.net | tcp |
| US | 35.190.10.96:443 | collector-pxzc5j78di.hsprotect.net | tcp |
| US | 34.107.199.61:443 | stk.hsprotect.net | tcp |
| US | 35.190.10.96:443 | collector-pxzc5j78di.hsprotect.net | udp |
| GB | 2.19.252.146:443 | aefd.nelreports.net | udp |
| FR | 18.244.28.48:443 | iframe.arkoselabs.com | tcp |
| FR | 18.155.129.16:443 | client-api.arkoselabs.com | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | udp |
| US | 52.182.143.215:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | udp |
| GB | 52.97.219.242:443 | outlook.live.com | tcp |
| US | 52.113.194.132:443 | ecs.office.com | tcp |
| GB | 52.97.219.242:443 | outlook.live.com | tcp |
| IE | 13.104.208.162:443 | storage.live.com | tcp |
| IE | 13.74.129.1:443 | c.live.com | tcp |
| GB | 2.20.12.75:443 | acdn.adnxs.com | tcp |
| FR | 51.11.192.48:443 | eu-office.events.data.microsoft.com | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| FR | 51.11.192.48:443 | eu-office.events.data.microsoft.com | tcp |
| GB | 95.101.143.219:443 | www.bing.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| US | 76.223.111.18:443 | eb2.3lift.com | tcp |
| NL | 185.89.210.180:443 | ams3-ib.adnxs.com | tcp |
| GB | 95.101.143.219:443 | www.bing.com | tcp |
| GB | 95.101.143.226:443 | res-1.cdn.office.net | tcp |
| US | 151.101.129.108:443 | acdn.adnxs-simple.com | tcp |
| DE | 37.252.173.215:443 | fra1-ib.adnxs.com | tcp |
| US | 151.101.193.108:443 | acdn.adnxs-simple.com | tcp |
| US | 151.101.193.108:443 | acdn.adnxs-simple.com | tcp |
| GB | 52.111.242.2:443 | loki.delve.office.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 95.101.143.226:443 | res-1.cdn.office.net | tcp |
| GB | 95.101.143.226:443 | res-1.cdn.office.net | tcp |
| NL | 178.250.1.25:443 | csm.nl3.eu.criteo.net | tcp |
| US | 151.101.129.44:443 | cdn.taboola.com | tcp |
| US | 8.8.8.8:53 | 2.242.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| IE | 13.69.239.77:443 | eu-mobile.events.data.microsoft.com | tcp |
| NL | 185.235.87.218:443 | ag.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| FR | 185.235.86.215:443 | gem.gbc.criteo.com | tcp |
| IE | 13.69.239.77:443 | eu-mobile.events.data.microsoft.com | tcp |
| NL | 141.226.228.48:443 | am-trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | am-trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | am-trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | am-trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | am-trc-events.taboola.com | tcp |
| NL | 141.226.228.48:443 | am-trc-events.taboola.com | tcp |
| IE | 20.67.204.227:443 | consent.config.office.com | tcp |
| US | 13.107.6.156:443 | admin.microsoft.com | tcp |
| GB | 92.123.26.35:443 | res.cdn.office.net | tcp |
| GB | 95.100.246.113:443 | account.microsoft.com | tcp |
| GB | 95.100.246.113:443 | account.microsoft.com | tcp |
| GB | 23.73.136.91:443 | m365cdn.nel.measure.office.net | tcp |
| GB | 23.73.136.91:443 | m365cdn.nel.measure.office.net | tcp |
| GB | 2.19.252.134:443 | aefd.nelreports.net | udp |
| GB | 95.100.246.113:443 | account.microsoft.com | tcp |
| GB | 52.98.207.130:443 | outlook.office365.com | tcp |
| US | 104.19.229.21:443 | imgs3.hcaptcha.com | tcp |
| GB | 88.221.135.0:443 | www.bing.com | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| NL | 185.89.211.84:443 | ib.adnxs.com | tcp |
| DE | 37.252.171.85:443 | fra1-ib.adnxs.com | tcp |
| IE | 52.109.76.243:443 | roaming.officeapps.live.com | tcp |
| GB | 92.123.26.202:443 | metadata.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 2.19.252.143:443 | binaries.templates.cdn.office.net | tcp |
| GB | 104.86.110.128:443 | tcp | |
| GB | 88.221.135.35:443 | www.bing.com | tcp |
| GB | 88.221.135.35:443 | www.bing.com | tcp |
| GB | 88.221.135.35:443 | www.bing.com | tcp |
| GB | 88.221.135.35:443 | www.bing.com | tcp |
| GB | 88.221.135.35:443 | www.bing.com | tcp |
| GB | 88.221.135.35:443 | www.bing.com | tcp |
| GB | 95.101.143.210:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | browser.pipe.aria.microsoft.com | udp |
| IE | 13.69.239.77:443 | browser.pipe.aria.microsoft.com | tcp |
| US | 8.8.8.8:53 | 210.143.101.95.in-addr.arpa | udp |
| GB | 88.221.135.0:443 | r.bing.com | tcp |
| GB | 88.221.135.0:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.143.195:443 | r.bing.com | tcp |
| GB | 95.101.143.195:443 | r.bing.com | tcp |
| GB | 88.221.135.0:443 | th.bing.com | tcp |
| GB | 88.221.135.0:443 | th.bing.com | tcp |
| GB | 95.101.143.195:443 | r.bing.com | tcp |
| GB | 95.101.143.195:443 | r.bing.com | tcp |
| GB | 95.101.143.195:443 | r.bing.com | tcp |
| GB | 95.101.143.195:443 | r.bing.com | tcp |
| GB | 95.101.143.195:443 | r.bing.com | tcp |
| GB | 195.200.9.138:443 | notepad-plus-plus.org | tcp |
| GB | 195.200.9.138:443 | notepad-plus-plus.org | tcp |
| US | 8.8.8.8:53 | 138.9.200.195.in-addr.arpa | udp |
| US | 13.107.21.200:443 | bing.com | tcp |
| GB | 142.250.200.35:443 | www.recaptcha.net | tcp |
| GB | 142.250.200.35:443 | www.recaptcha.net | udp |
| GB | 172.217.16.228:443 | www.google.com | tcp |
| GB | 142.250.200.35:443 | www.recaptcha.net | udp |
| GB | 142.250.200.35:443 | www.recaptcha.net | udp |
| GB | 91.108.103.100:443 | notepad-plus-plus.org | tcp |
| FR | 18.245.175.95:443 | cdn.carbonads.com | tcp |
| FR | 3.164.163.59:80 | crt.rootg2.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 72.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| GB | 159.65.211.77:443 | srv.carbonads.net | tcp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.179.227:443 | www.google.co.uk | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 159.65.211.77:443 | srv.carbonads.net | tcp |
| FR | 141.94.2.147:443 | ovh.commander1.com | tcp |
| GB | 91.108.103.100:443 | notepad-plus-plus.org | tcp |
| FR | 52.222.201.89:443 | m.servedby-buysellads.com | tcp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | tcp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | tcp |
| GB | 142.250.200.14:443 | fundingchoicesmessages.google.com | udp |
| GB | 216.58.213.2:443 | googleads.g.doubleclick.net | udp |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | tcp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | tcp |
| GB | 216.58.212.193:443 | ep2.adtrafficquality.google | udp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | tcp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.16.228:443 | www.google.com | udp |
| GB | 172.217.169.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.187.225:443 | tpc.googlesyndication.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| GB | 172.217.169.70:443 | s0.2mdn.net | tcp |
| GB | 172.217.169.70:443 | s0.2mdn.net | udp |
| GB | 142.250.200.2:443 | googleads4.g.doubleclick.net | tcp |
| GB | 216.58.201.98:443 | ep1.adtrafficquality.google | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.133:443 | objects.githubusercontent.com | tcp |
| GB | 142.250.179.226:443 | ade.googlesyndication.com | tcp |
| GB | 142.250.179.226:443 | ade.googlesyndication.com | udp |
| GB | 95.101.143.182:443 | www.bing.com | tcp |
| GB | 91.108.103.100:443 | notepad-plus-plus.org | tcp |
| N/A | 127.0.0.1:55292 | tcp |
Files
C:\Users\Admin\Desktop\virus\injector.exe
| MD5 | 2b776aed49e20cd5a45707fc186c4544 |
| SHA1 | b858a8d13bea20ad97c621395313c45b3e196b19 |
| SHA256 | 281b17332f7453b4521e13be5c986690441d276659488197555b7bee78f5ed70 |
| SHA512 | ca32eb24c1c6760e70d67183bdb04658be8043b75d10e3ad2d99aa85a0abde808d74a9101b165e514f7291ea1d1ad296aed83af9b7e243c741cce7b9babfe630 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | cb557349d7af9d6754aed39b4ace5bee |
| SHA1 | 04de2ac30defbb36508a41872ddb475effe2d793 |
| SHA256 | cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee |
| SHA512 | f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aad1d98ca9748cc4c31aa3b5abfe0fed |
| SHA1 | 32e8d4d9447b13bc00ec3eb15a88c55c29489495 |
| SHA256 | 2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e |
| SHA512 | 150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f9da14714cebb15bf70354d50bd2c24d |
| SHA1 | 50d18210b7534644ca4f5072707bbf79d92db4be |
| SHA256 | 32c1da16372cbe207fff4f6bb9c13c7352eaed9f699f0a763957c857ef5bec20 |
| SHA512 | cc6960c671550111c395b6ac6b9cca5e1a5b53012addb585eefda46e498c801d728d06c0d39efe33897eb23fb72d76d09ec5c16d223b6f5a8fed497a39558e78 |
\??\pipe\LOCAL\crashpad_2540_GWCBQOCAAFBUQZZV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 128e26a983b0e601be1ff707a432f065 |
| SHA1 | 48fa7bb18b6944f2d1a61c985496f5ef23d24943 |
| SHA256 | fe00c55f916c6b9add17536debd7c7e47e20b30d799eec0bc2cb4d78217cc79e |
| SHA512 | da9ea229cd31bf01069fc6b6a88cb0318e5cd42b0299077b2a6d21e663dce4d7363619a1daf15f774fec12397148bb5d0e7cd517ba100031c0b3d5251ecd93e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b70fc90e15d15b4ec6e4855ef6037c64 |
| SHA1 | ee8074043ff3891b65b2a4eab5c22d31141158fd |
| SHA256 | f0744d3736b99ae355894b4271fd190873433efafb9f3549107d3598f519b80e |
| SHA512 | cd6a3fef9d7cb3fae8704a72517c6d898b4164e3cb2c22e3e9cbfc414585a7f61ccac16518931e6f955e1d5efd9a6661ecdf3b1e59534e04fca51ffadcea8f01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ebbb57d99403b0f9f75d1b7fe24262d1 |
| SHA1 | 130ed7fcd3cce199637cd26c87823f36179ec434 |
| SHA256 | 345fce85f527314bd54c61072f762ae08e13c6cde403b78fa2edeb5feb578f76 |
| SHA512 | c0b37512f180c4106f07e84a56dd7325729a29ec108f238ed90ce04106b466aa25e4bab575acfcda965930587bc446878463daeadd92157a5f6375823efb4251 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d8ca3460611334c392037c6917bf9f81 |
| SHA1 | eb440012c06b56b651644292beed787dece814fc |
| SHA256 | cac3da90326fe8058bd600b6d5667c67a5308f12f00c8e462c555ddfa0088b9e |
| SHA512 | 97352bca1cd88fb62f07f4808ab84a03865c72bf01486803443e36fc986e86cd1bf10d9692bcd4e98d9384eb11325ceb915fb01fc4049c6960f45469612f8c84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | fb2f02c107cee2b4f2286d528d23b94e |
| SHA1 | d76d6b684b7cfbe340e61734a7c197cc672b1af3 |
| SHA256 | 925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a |
| SHA512 | be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ad7ac90373db329a376703940c43d281 |
| SHA1 | d4552b76dcb7894ace7724e942b6c8a67aa215ea |
| SHA256 | f6c0ae6d063a995da519357083fda9d9f69451318544457699b5f52f5dcef81a |
| SHA512 | d17ec301cdab4cbe88676c45a0069cb3d58b192253b351e4d69019afa8951b425e898de6503a94188069aeefde752c141650ef13b5d6ad8efdbe827f8865fce8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c4cd0.TMP
| MD5 | 7b065d7463f32a02e3b466cd1abdc1e9 |
| SHA1 | 0e41b46b124ac7b96ddd1bcd0370903ffc402661 |
| SHA256 | b369f96dd15d5c7cb30e59e6283b27389524f0b8c924e6227359b268a98a2a08 |
| SHA512 | b39dec326f0f58693ac3ec65f519d767ec57d0d5e99b87d14f741c840c4cfc6a8a8bb5d64cc4b899e15f225e66aef31d2d49af550962f5db5bbbe8cadde429bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0ab9f672307547ac09a4d8a924366fdc |
| SHA1 | 9cdb48f5ea0a8403abfb1e93e47512ca1ef84c37 |
| SHA256 | 9c19248fbfb4cc09c9c33921af0fdc385d48d88bf919f8b7a2b91f86797b8bbd |
| SHA512 | e48b7c5a715cc8299898d22d0d9aa2afb14e69a2cd075ad40c1188b665cf7cb16888c17dd0d0ffaea781abc88cab6db6aff522eb75a3b25b7d8e3893efc33660 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a06def469b144c8ff6030e30751a5515 |
| SHA1 | 8415250375c6b927bc79f7cae9e27f28185300f4 |
| SHA256 | 548ece6faebb314fb908a924050d8e1e4624a0df13ec8320a2f69336d9f8c46c |
| SHA512 | 79c08d3130c91fbe4ecd274de1a3699eb163d5740b69af99d33dd5817492553b18e14754565e3bf3454da120cd379a9e47af413867aba8b6ed4a38984f9d0f8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2e5e0af688ef7a0a1985e2bd04528a36 |
| SHA1 | 9c6810ff1239c5b85d90c94725227c911ee88b5d |
| SHA256 | f1a9b49584bc3681de55a83a83561586f149db985858d5d60b00e3fc063d245d |
| SHA512 | f25a1ec62fb803a2c8bc17d062ef4c73d2de11c5c533ce63d1c7dae749eb1fd22fd0343ea0a377be5984c3070254fe797e628094652f178ca3e1ba8b4dc43fca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ddf4fcc591f220abf8d95eb3b2e0de8b |
| SHA1 | 48a218cdf45ea12593ae2721f8f41eadc5d51ad7 |
| SHA256 | 9285bb83e7641b5a4c6e9fe572231618bbf06aabc5cb7e49956d5871fd54f3a7 |
| SHA512 | 83ddf7b606d40244c1d0021861b2fcaa1c600260f9238f8d01b10f143a435b2bcc8ec4041541d3d6e80b2f7eafabd067ae980c9ffbca24458bc5442f5bbd24a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72c4d28257313c4b442958613df3db7d |
| SHA1 | 61c388f44584deaee1a80a1a9b64070d2439f0de |
| SHA256 | aeb644b4d800ceff79f07712216ba8562c2986329b0e753473e7ebbfc9390b0c |
| SHA512 | 26cc30242e3b04f6566296e1989bea073827540726255adec2c97d65265cc0c86dcc338be8821434258dc697545e1d1b52612a7da76a65eb4ff21592196d89c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | def72da2a71a153dacbfd0aafe6f01b8 |
| SHA1 | 01085cc53493860c9aa06628487d56c685aa29b0 |
| SHA256 | 9ce96b895c8fd2899a9802ae539a8dd321f04c3b87ce8efebd1a3e068ef9d0e6 |
| SHA512 | 475ac7f9d54aa6ade94c8cd635f84cb91959a0b3aa333f923cbae2bf330e860ce3caff85b4859f905022ff5afc9052cbc169586b69045250f76ac01d5f82e58f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c0442c24ee8cc5f28cf7198bb13fc69e |
| SHA1 | 345ff06c025bbeb4d613e03dd4241fc931d44ebe |
| SHA256 | 61455ec3370174cf9b498cea3a1bc0fe322af22fcc166c3888d096f7f6a54deb |
| SHA512 | 0f83a6fcf6ce0e6e9ccdd250e2132907626f015313024d996834a364d6e21a0af65ea0ca3aa27ffd02f7417565b9e1187cb2f1f6ec6da325dff92b78f73ac8e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a6356d44dcb0285b9b0abdcdecb7bcb0 |
| SHA1 | 296c2002f061aa0189c6a49f36e8ee6b5e22afc2 |
| SHA256 | 7c65e6b21c367f2d6e3ee3d656688a6e20c6a022daf116e94e6e215117b13622 |
| SHA512 | 662b8bf51794b15125b325f631fbd055e1d620d5749bc8bc5ee03193a1d50df25640f117df1c614f389c9b843c5a265247a86ce9ded91e293b91cdb58379cec0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 30eddb78781ed54a33186c7fc2b3762d |
| SHA1 | 5d3cf16931e5f50680bc9c124e5460138c9f0abe |
| SHA256 | 4678cb7f482b2571c2b590a8111085de04f320ec3827e4f293999b33ad31b59d |
| SHA512 | 22afa18f5933ec3116d8f6a164d15239e70cc11accc74e7f274a48397b67395d13c0441cf188170569aee27bcd4b00e5533b79f851247d203e3b3144e224c96f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 789ca2a875bbadf37cc010a2f0886da0 |
| SHA1 | d778537d9fe7cb5292fdd271e06845e8ebe4a059 |
| SHA256 | 61785f2dcde3cc7f71a900afa8d2ac9a50a025f5c6eacadad08f68cfa5c7813e |
| SHA512 | 8fd35cb26f3dd03cfefa3f755550d1a80308a22e937a31528551a0013f22c8eb033ef3bcaa5f7fe8e50b435ba4954919ee5245b28c84fa994cc1de32440dc0de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b07d3384-5074-4665-bbd0-c776e424046f.tmp
| MD5 | 26ccd16c494b03d1e96ced4aca2ff72d |
| SHA1 | 63414a7a060676486ac71dccf967e85df40360f5 |
| SHA256 | 0cc90a2b3d6cceb9f8121e7797dfeec11e6e3f46d631f4e831f987f7029b7cae |
| SHA512 | b604fb39538b88b01e221e2cc316dc28042a07faff60111b91dad31869bd453443cba402d6556dd50b0e1c4a832bf09df6da850195456c934d623850200057b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f646eea485e56cfebc0a565f365099ce |
| SHA1 | 9e5233ee5b64a26bd5ca10b3a61e21047533f663 |
| SHA256 | cbf0305966a7d64a2a20f5725412e1c452199dd979261d0c2f2853271f0597ad |
| SHA512 | a6a2a814f9def3242dfe63ef243d663ce6c01fbd3de984f8fbed2bee03ba8aaa2006b958addea6e4a4743b00dbc61efa0843e5917d42a168f595ef4be6eb2b5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4f75e1b1dd88f3d531b68ea695f15a8e |
| SHA1 | fa4d9668454b292de05745dbef1db513afd6d1b6 |
| SHA256 | 78f22b7ef68cfe61bea98d63f6586e5d5d7d9be08221c4a83f9599087e90fa1a |
| SHA512 | 37ee50a97d54f0951347a62ec0705057908b304ac7f11469dcdba1ad0717bf083b5c9e373c155fd6ad637e32b8eb31523a322bc95fd92bc34706d336d6ea2ffb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cd5d0a99c723b3c594733f9cbea30488 |
| SHA1 | 352b25bee1bd42deef6bdaebb0418dc88dafd24e |
| SHA256 | 81cfb678a489809e28f09378354d549e66e28f734fbbfc4735f236f7d13905fb |
| SHA512 | b58ff55089a0340cbe9a3f1dbd9ee209ac16a1e0f5177800bebf99b541fe5ce2eb20485598e20a92431aa1fb58eab3582af892b035e3072fd44520a32fcace1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 181293f164861a4f4a8f98f862ec1a97 |
| SHA1 | 938bdd9c4e0ba282f4b1c80d6320497cf965724a |
| SHA256 | 8842464fa63e66daa07b0bba042548cd5797cca9389c553f30cf1a247cbc5c4f |
| SHA512 | 0acc73e87fecb17c6b80b1ad506b6343cedddc14ce22651dc38d4f03addbbcff1e4d9a49f307087c9a730f84e2b0a895f9bd6d281bd0ca8cd77fd0f0cd914d15 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5a0613c6f32f9986f7093a2cb847914f |
| SHA1 | aaf68e9f0e3629f8ff22688c980d47a1971b8653 |
| SHA256 | 32befd3d6b129cabf837fb1d407b3a2eeed17e734e033d1e886c100cee223aba |
| SHA512 | 3085c6a455afbdb7d8c7177cd86500a8f3e13ccfb2853b18cf73d02489315982576ad497b7e8fff08c22eeb5a9e92eee3b3120e081011f3d462b0b64beca343a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 53eef924a426ba7c2c8cb427524236fa |
| SHA1 | ee50a36692e4e4e5711760ea444e3c2e67c60f8b |
| SHA256 | 0eb6b7714a1d29ab8b5d34d7b8c14ff0044f9b48cffb9ac04ba56d3f909606b1 |
| SHA512 | 29672179a7cb20d2e96ca8934c6205737b3a3f1d8f84b7ca44206b0c05caa6a6845cf76383b3dec55cb0d8fafb5782d7650592235701b09048b1a1e121d4c9ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | a68455ccdeb6b43f47dbcbddf22cd027 |
| SHA1 | fec7f402f0856f48e31aab42ff24d8b13db9bac3 |
| SHA256 | 35c03aa1837d14e658b87f6cfbe5bd36ac72a8cbf3240495706a2dd66c4a88de |
| SHA512 | a9be1d0c1e74a37c1e332696327b16461790aace479d83d416b9989aa34e926d81fc89d9724aad2938b374acaa03d2ce0e9a1468af70404c8b69a37f32c3cafa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt~RFe5e73c6.TMP
| MD5 | a6976a0c534fe3cd7e19e4c0ed996631 |
| SHA1 | 5feaff563ecff3217512c034acbd238159436862 |
| SHA256 | f9e398b15045edd9326451899fed94bb6df99642dba66b32443d8c3a51cdfd3e |
| SHA512 | d390b207a6e70e722df7b6b4769d6b5d656fb5a4f1bb7c86de015495f56172e5e020b024a692bfee8736f54fe51397dabebda57c93d6db5066396514398e9cdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | b173e672108ec1e4bbef975cd4f564ce |
| SHA1 | f53b7c3a0ac8a518e3da1722ed031ced41b071f1 |
| SHA256 | e0b26c27b33a62b3c7778e64b5730fab129fb4c5f7006b67cebc85e9715c74fe |
| SHA512 | 47f8e5eab86e6c086c498027c6159f098c209579c811619f279dc9541e7cfa9528a901bd696fee25e515dc1c00062731cff5d0a26dce64fb56630c1b6528e3d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | 97d5f65881dcf1370e0f450c74916071 |
| SHA1 | 8356aa6595b01f1b3d60df82686d78c6b573c033 |
| SHA256 | 3ac8ef666dc310ef3a2a6f90247aab7bcbdaf26b21147f7b06f1bd39bdf848cc |
| SHA512 | 7e5da137492e2d0f42cd6a7f1b36fdef012af3282eeaca25b3da50eeb5420b199fa65bcc6d3f67da371c31173a10ff06804a368872cbf4b63f9beb44a2d30f4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | 8ac8b7c0dd1d6d86adcd3c0786f64b45 |
| SHA1 | a1421b21ce4bb81feb134fe276e2edfbf985d396 |
| SHA256 | 66007135fe1f8e481d6d846fa8757b2a96b94c2a18d06056ba030ce75c45773a |
| SHA512 | 4beefc587f51f03a45ed001890d14a49c3d608b2edddeb54441538dfcb661eea0765eabaf19a2ddadbd0960aca4fda16642ff11bf83b92ce7e65db7405233de2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\302a8a7b-2f9c-4eec-8630-abf91946341a\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | 7399ab87d57d1c716ca6b4d2dec0cf3c |
| SHA1 | 2a7914b4c7709b491b144387cfdc3566068afb33 |
| SHA256 | 3e54fc5a070ec5e5c0c4023ed920463382dee73cddd66b8f7bfb23423a4fa3f1 |
| SHA512 | f7736beae63e624e2d0cd13e45e169107dd83b86bfedf1f691fbe472f3b9b7e68e4b8d00fd8413d533f3757ac47189b24a7882d426cee30747dc95220a044bd7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | 32144a0d6d0dbc106ce7bf7786b60561 |
| SHA1 | 331e6f59a4559c4e3c973ad583626063d26c0ca0 |
| SHA256 | f45f002569d32e42f0c3291f902f3934af30f1d0b4e74983eb806375a59dcbc3 |
| SHA512 | 292de6d956df41a5adfa2b4479c2116ad013ddf85a9bd43662e4c09552714f63a683b43fdf0c8466db1d819b785ff4ca97c2a8525831337410950d82b76eed85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3e011641e43390a39e65510b1056321f |
| SHA1 | 450398b0fb3b667038237357f3b08775a74cf17e |
| SHA256 | 29edd8a30c334c17b0c635404ae2df493367b021aadb35b6d9c38e57519b28df |
| SHA512 | f93c6c3efa13d3d0511af41b3d1d5a73ca34bf86d22306f67c28295d11a4faad34803424241a4a83c7e7ad4c930b4c69ea221b74ac740140ace9b26269a360a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba
| MD5 | cf87ff89a0ed4bd02ee718d7b741b0a3 |
| SHA1 | 661da62c1f32cdff6656c6e281396897b6c19989 |
| SHA256 | 8c4d6ff07c896d74eb4e04275ea9a0b1a9ecb5d556a75b4b067456b69239add6 |
| SHA512 | 764fb8a955682ccc4f93892fb185a1bd3098178c348ebe819c6b9372e6ae5ba6819cc4cea1190c3f4949c95ccf3da73ac50d33b61f1d84767878dfadf2ad3802 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | fc9d9169b3c75ac821732a72c42cb6fb |
| SHA1 | a450a1c135c754840665fbd752d08e75736d727c |
| SHA256 | 49857e9d49825fe9f6a8bd14c2a1081d29d5e991822bc85100f2ff554f940ff1 |
| SHA512 | c80fc4092015b73fd84902a532abb8510bdaba5603d69dff10b8bcf3452c3df3050b9a5383bd0c04bd775affd028bac9d19cd7cedae44bbb4452b3cb77dde0e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3c0d394eaac93653735e8c4143437e19 |
| SHA1 | 1dc7f38d81519a65283996b39116b6016a277c4a |
| SHA256 | f4ec5d476ddf37a8e20c608fae0c46e8dc1accb0d770d3b337e5bfb84b20fbd1 |
| SHA512 | de488f0b80164b517f464113a26d68b846b95e803703b8b1763c7b254f3fbc5f2932b17f7cc93f1a182bec9323e100b131df7c29959c4b83683f3b7df1766b09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096
| MD5 | 12b32a7e703b676450b881aeca27c6a0 |
| SHA1 | 2a9f6483f3a755ece27b43ca4de251f3fb273493 |
| SHA256 | e1a3966188de01b65a3f7ae4edcc4f14d6d4852fdf35250ec4982f3eda135b6e |
| SHA512 | 069323fa959490d6e385053a003af4ab07536cb2894e1d86f2ea3c5729893a125a98157b6ddc69f8ac72ffcfbb278f7b8626bf55fe0f1dc0b644ec68584d3a96 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8
| MD5 | 12e3dac858061d088023b2bd48e2fa96 |
| SHA1 | e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5 |
| SHA256 | 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21 |
| SHA512 | c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | 28e6d3fccc4efdca58928790eebb57dd |
| SHA1 | b46171944006098a2c2510bf09bde18eed218632 |
| SHA256 | 3ad73e022ea33cf8709856caad2dc996728f29c8ae164e5c0a890907cdcb64b2 |
| SHA512 | 556bbb909216b895fcbf6cc04efb097a522165b75359d62dc6c803b30bdbab3d3b2b2b07fb3cf190c322f7356b3260ef25c877867e380beef47e3e7a7b22c355 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\d60d4834-cc26-4ed9-9b6e-88e8952ad177\322ae1bdab361352_0
| MD5 | 71c5052ce1e9300d263ca38ca995d8df |
| SHA1 | ea491057d672053f3414449c483ee71716a9fe0b |
| SHA256 | 7bf87c36e480c80b9583b9b5083995b2a2c257bce87595683a7675b7cce35b0a |
| SHA512 | 77d1e2fd6490653b1af011d578d4d3c2aad61f3fd150f4470382fa40b45c75e3b9f2997cafa0561686db1d7c6b71ea31ca57cc76a39a593beb6d52065b4fe323 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 91a0c797c6bf602766b8935970bed9a0 |
| SHA1 | c5d6cd2697f2310a2c226d8990c39e7c10a14acd |
| SHA256 | f8fc8b73132aea9732eeb3b81ed4fca02cfce47f1f1c7b5a28d2badeaa6b4d77 |
| SHA512 | edb31b62605e929f874659d94517dd19a518001751964c014ca4ae65cfe040fbafc1f8c0d6f4b537b9f1d93a6b3da9654798ffc903c8084c22442b2031e83b3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef42880b0c0f99c22a5fa0ef1997c252 |
| SHA1 | f3c9215c4cb4f6c892bdd302c169851449b9d444 |
| SHA256 | d52201ea167b84150728d4d8034eb47f72eb21d97c078783de30290409d27eec |
| SHA512 | 11182fec0059ecaf37d34a15008c4dff6a330a2591f297a334fa69de17d4b76d5b811f54763c9b604c54cb6de5b8eab185ca21881f1c0324d3038ce07729f146 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 09150ecf0ae1779471a41e1777cf3ae7 |
| SHA1 | 163715ee9fa474c0033855b993f5c60e136db777 |
| SHA256 | 85e76e4adf0e427d071d8287e38592b2dbd39eaab4dce106da3646c91745bc04 |
| SHA512 | 069885c35a3fc0da3cc17b0b22b68c55c67b2e411d6531c839537f840a08f494614c8fb63daa10e7f4374a81dc1395bdd7da9ba9f0d79bb03c60eef89d6da978 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a05e1e00-0112-4159-a88d-fdade876d475\index-dir\the-real-index
| MD5 | 2b110731b9d81816c182f038eef62dc3 |
| SHA1 | dc76d28e8f0fc8579107a4d16b17499412a10482 |
| SHA256 | 6a5cf91bf28cf0f5b3903ed9ee6c1db73f38bc5bceec6cd195a867bcde4dc746 |
| SHA512 | 02ae792b55c06762fbdee85d5a9f03cc0691126fbb4dbd764b056dde22e29dca629d7a5fab2c7769f6560b826ec01833d8b46e22097a9c2d5e1028c0fb23eced |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\a05e1e00-0112-4159-a88d-fdade876d475\index-dir\the-real-index~RFe5ec2b2.TMP
| MD5 | a431d5b698e0054d7bcf14ab5910e5cf |
| SHA1 | 59d8fe5d072e3a902e3f73aa956801f9a21a923a |
| SHA256 | 0fe4ddd5e41e8c38d20824bb281a4b8b666c3fa87f8b13bdfebd0569829d3c7c |
| SHA512 | cba61f3e5616585db9cbfd139bf1877338f70a0fa293a759732cf0b39718520fe8edfa55f7348aa33cae955e5b6dff681440c420398042a153e479b76ce8a437 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 36533033593ddf6b4c3a9084a756c623 |
| SHA1 | 8f1ec3e5b1402832fe68ccb99833aeefb2bc13c2 |
| SHA256 | bd14f955d57d6894186ed31e779420b9c92a8d39fa88b2513a3c6585b8aadb3e |
| SHA512 | 465e02711f501e6e3c300efd437801011a7cb3674945c673bccc01a56e43571874cd8454c119f1242f7db88b88250ef269bae08d6a8825a8a9566a5ca459fe95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\302a8a7b-2f9c-4eec-8630-abf91946341a\index-dir\the-real-index
| MD5 | 6d694de8bbaa4cbc9f1c1860045fd0f8 |
| SHA1 | b46f9e093a6279b5072b4c9bdf50464063e2c5d5 |
| SHA256 | a511236abad3c106183163e568c33dc93d7629fa5f64e4f45eb8a49c77607088 |
| SHA512 | 5322b227732cdecacf4592b8937c8e5507cf4aa8754fbf996dc7fef97b82928785c1e0882351139b2ce068eb187dc5e0cf18755eca0c4abd76258f8ba88d57ac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\302a8a7b-2f9c-4eec-8630-abf91946341a\index-dir\the-real-index~RFe5ee2cc.TMP
| MD5 | 36ebc30d60d96ef680e1725b865d3a3e |
| SHA1 | 889f91c6c69256dc3b18afd6e1dec92f75263011 |
| SHA256 | 06313071a6c1e2194d3220b828ed45d9ac870fd7ada5538d8bdce6fe669a95dc |
| SHA512 | 5b1a118ad5145588698983d6fbad70e2f50fea690b8dc61c67bca388cf4b78f17d5fafbdc529bd8fef87eb67bd325126c5b2fce1b8d3273d07f1903174634af2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\20a2f91a-c240-4aec-bbe6-d5d850add34f\index-dir\the-real-index
| MD5 | 6f51a3176e7a785b6de8abf28245d139 |
| SHA1 | 83583a0f49a128ce05a2581996427b117baefbb4 |
| SHA256 | 97201f186b99d4e5f02efde9737312031b9fd38f2ab568093d0d2a19e20fffdf |
| SHA512 | 83de2dd26b6799ffe9289d5669b5f3c4dce01f399a4dc1cad1ca17645d128222cfb4a4b12f5e4e90e42675232394f5129372f31b52ff05356673a311e4e87d64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\20a2f91a-c240-4aec-bbe6-d5d850add34f\index-dir\the-real-index~RFe5ee463.TMP
| MD5 | f7f0a0ae3fed9bffd2a8027e050d7e7f |
| SHA1 | 0f9da6b2519dedc0fa8a7f31744f8444f9873654 |
| SHA256 | 04428981170eee38a656c055783b9bb649186533b93f9b3e4fc8ab94219706a5 |
| SHA512 | 6c7f884dab3e39d0a5e309d22d2d5dcd96190558ee5f305c54922e7f2b890adee86b24c85bade2cd9443ad4f5223bd82d198b5ee1ac1e5f66de52496d74da314 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt
| MD5 | de188ef11b4cd90e8dcbc75f2b2fbf2a |
| SHA1 | dc7b78cf45a26cb618ae1f6259192d88554f3841 |
| SHA256 | 6d2b336fec9180c5ff6303148c4536f14580ad02c8e90a6ad3d56412c159476f |
| SHA512 | 6590a8b5f5c429a68ab90b68b483e69c1cc3e00c157909788306503be9219848dea277f9012616b6724e06c22730f0cf756bf77f5e9634eb6a499f2be0e6d79b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt
| MD5 | e86233f143051fd97753e5e00cdaf3b4 |
| SHA1 | 96869cfb6bda0fe7eee0559dbd0f7a086deb01bf |
| SHA256 | 6e447ac587c8c06684175d061a7fb26202cf2bcf2910bd5244f516511217aeeb |
| SHA512 | d60d8fae1c646dc5741c9a069a40667868cef65fc1b7d9628824ef75aa9f68be7ab47f6794296027f4f6b77ff2eb821cd43348803318284e832439f069a48077 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\d60d4834-cc26-4ed9-9b6e-88e8952ad177\index-dir\the-real-index
| MD5 | c6c967a810bdf1703ec41d591e077371 |
| SHA1 | 8e064df5bf8d9fdaef69c774bb842183aae08272 |
| SHA256 | 33a137ddf9d16821815034c43581d26ae33042044754482345f6bbab1fe211b0 |
| SHA512 | c8d4d8661250893af5eaa61f37ae133d732c2e22f3a19183d3b374f65a6f3e5a3ba5641efbf4edbd1b1c4f0b00f90bf42268010c972f6842f37cee58a06b79f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\d60d4834-cc26-4ed9-9b6e-88e8952ad177\index-dir\the-real-index~RFe5eea00.TMP
| MD5 | 4ec6a55ab8ccbf4d2bd476d7db15127b |
| SHA1 | de98f0b47c1dfb43a781a307d27d2c7eb8715afc |
| SHA256 | ff946311b6fa584fa84f3275c944e609d37befc1c1e38b5d2cbb6b70e4fb33f4 |
| SHA512 | 3913ab69731694f2fe6ba9db19f878bedc3c637d74a27517200558c8200370fd4009394ffa5a7e6325fe22cd7237f057ff1a64d3261030334e857e736535c0ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\23506dad-2cb2-4f09-b1e3-63683554a40e\index-dir\the-real-index~RFe5eea10.TMP
| MD5 | 2ef2a3865ead873725f7c5676246ac21 |
| SHA1 | 8def59a53d6058e4e427cc40a7f887c4e35425a2 |
| SHA256 | d13195dbeea4eadcacd233b4901f4a25d7a86ca65784edd864a6064b923666be |
| SHA512 | c3211c61f40454b327eeb35b5fb6b8b3c30f54bbe7005fa185c79b31f4fd1b64245b5744640cf1408dcf956f5ef76ba94e1f7a1b526a7bd81fcad26d2ef68715 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\23506dad-2cb2-4f09-b1e3-63683554a40e\index-dir\the-real-index
| MD5 | 29ab290c088cdec5aa1deb06f655b3b4 |
| SHA1 | f9b09bc552064b7a92c0c825b696c38c4d4948f7 |
| SHA256 | fa359d812c93c70f94a0fc3081d4b9e303ec2e6a83ce4b8b3d5dfb63e26f1e4b |
| SHA512 | b6679c2ccb1e1c4929cfc71314fcf040d94dce78cdddd12053c0b1ee8bc4f65d46f530b13e804bf97f7e3ad13e1df3cb8888f0b834f76a4a62a55f0bb7d7c2b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3d5e816eac9fcd746eb6cebc352c0c66 |
| SHA1 | 3fd984d25e93d0c551728c6ce8bca5bf9e167053 |
| SHA256 | e97b8d7b5a4a929c82fa78e3f7393fc63cc8ee2fd08d43640ba39792cafd9d08 |
| SHA512 | 56f46e168d7f41aed5ebae227d9f659e0a333e7b518382bb535c66eea3554f0c7f306561d8e45791d227bec794182fa18b335149d1b8a0d2abe79bc182b6dffd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\20a2f91a-c240-4aec-bbe6-d5d850add34f\index-dir\the-real-index
| MD5 | 5d1dad92cf96cf44120599e1372a784b |
| SHA1 | 8f4e591678a5137a1141aaf4c42d7a539baed3a9 |
| SHA256 | 0d45d92760f8b94392a5bb12df0f203c80ada42ba5300359b18d25804e961d9d |
| SHA512 | 6bcae71e10ff861e9e168437b0264eccb6d7408d2a1f7c1d38bd281323e9b07c3a97eaba9866d9ac5a31069877b693df2714c7c499b8e03ff1ad72942cdeaf6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2dae601661b26da40309c18bbf309688 |
| SHA1 | 9c88fb4a44082ef363fc6c6fec3cb0b24d07b511 |
| SHA256 | db183fb680f0295679b33d410d0e0f0e2fc019074446981fe4ea17e49549985b |
| SHA512 | 3e63fc52d379769fe594f3675a2124adb0601074087c981cac4178269ec0cf77dd1e395cb960c76adfbacac4d616f950cd074c4f2b502e9bc66d6b93e37393a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 93b0a0924d00160fbb34680eae18061d |
| SHA1 | 056f4533f816bf2ddb8faffea39fb33feddcceec |
| SHA256 | bbeb8794f6b9832dd9c9033519a32f14441b3305c7e21eec302aec620b78cda3 |
| SHA512 | fac05254fcec5c086bb6e84a9e93f62e6fc4f5574b4fab4590232fab711273876e8be88e6b95053e19b324d7a935d0465200be699a64db92b75a2f5ce237bb31 |
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bc09e7e98abcb362e03e64b0223284a4 |
| SHA1 | 15d714544a19eef52ac0a2ea38d5b35a23a11aba |
| SHA256 | 0d88b0febca55cde176944f979c177f8a8dd05591114ea92a927d43ed073ea3d |
| SHA512 | d938b930d40eee0e32da7151e8d774a9b184e2f57b9d8b25892899dd58cd24096217f00cea857c01d153b6237ca3c42a704bf7dd8745a08cc25bd3759dfb4a8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b79a15b4cad86b0dc61fb9b3eaaf48e0 |
| SHA1 | fab32a3336c5e6b85d7cad0e8d1586d8e4774ef8 |
| SHA256 | 937fd5684619f62688045e3fc4bed7548ded7e62437175fc93837832599de268 |
| SHA512 | d6db2c1f783d49e9bdec2261f1d82151756ebac5ded50b971bc8b15e42ab5d1bc735cae5d02ccb17ba8042798b2a274d6a30495f188f4b2b5bd91e63b8373ace |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt
| MD5 | 5261788bc862a18db282115e1561114c |
| SHA1 | f46183780ab408fe9a6416bfdfe2a31b55cd6e94 |
| SHA256 | bb5870fed52a5db65fbc90c26db5a95f7c3e8361112084375a36ab2452dfa283 |
| SHA512 | 93e7d6c7a9c6885d568373ae7b57cd492bf0791835b115cda8c3e9ff5d99066acdc61d08417bf63570d65c0996ee08dc5733e8985e09ee32468e0a0954e0fd05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\25d3992a-d3f5-4716-9ba2-0fc95df62694\index-dir\the-real-index~RFe5f503c.TMP
| MD5 | d2c7a622d7cdfeb36df973c2da5b66d4 |
| SHA1 | b56a447ae4dc6233b2323bb0bb3f86affc85d7c8 |
| SHA256 | 4482e5720aee95f3465e0525e0a2ab919427274615525a72c9f1617da5fb3557 |
| SHA512 | 5a23ac8e6e4b42cbeb1147ec3659ea65dd44e96340b2f8af147f8c8a63078b27c924c3421c5c857e6e6d34232774a2036acd50404781540656276ed92862b462 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\25d3992a-d3f5-4716-9ba2-0fc95df62694\index-dir\the-real-index
| MD5 | 8f1cd292aec0de3fd217889be5e8e79d |
| SHA1 | d7d7d025b4cee6413da0e2513ba0db87eb5d476e |
| SHA256 | 49a0c32c46c0ca8abeaf4430ec25e5e8bd28017a1ce987ee2509304ed67ac2a3 |
| SHA512 | b53a67f177a5b4df830a1cd14530b8a42d5d754c089caaa8ddbc9990d7331bd305f2d56ee5e317a9e8b788f0a72485ac6a44615aac55da5a32d247c8b517d237 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt
| MD5 | e02a9b9bf281c557cc5dd70caf0d8364 |
| SHA1 | cd63b0c800b04442cc518a0d9df3d1206401a080 |
| SHA256 | dc4f5c2674bd0cc063fc6e740a56893bcdd1cd901b3805b30a5be0c30f109ee0 |
| SHA512 | 80ff7989c393014b49ec924f098db291d146129f11b3ada3afb5e41c2c1b680049a4ba40dfbf58d2be3e28f2e7cfce418daa58872024c97daedcaea9002bfef8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b6a30224fcf63582335f5e48f4b0703a |
| SHA1 | 7a54de3c532285ba08a3aaebcdb7f8bbb48c63b1 |
| SHA256 | 9fd15d777037c5b579405de5a7f954a8b990baf2eb741162b14729a24818e700 |
| SHA512 | c3253508f2be6bc7bf496ddd41f7b7b55663b6558748017857170648180c02ca2059b317e3f5b724af6a919944d2b05573c299ee0df07031e74c41606f49a657 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 738ab4769a4fec01669ec020b98639fc |
| SHA1 | 7081cf91aedf7eded6a21b620a145567cec3e529 |
| SHA256 | 7090e4a527ecfdcfd5641a9bf34e2996636fcfae8c48ae90d782835ea13400f5 |
| SHA512 | 3d611f46941bc2b1773c791dd968d6e788ce733fec52d389c27d15af069fc8d20f2ea4cf83fd0107681c5ec43c1ad92bfebb83e3e8fa85d405f2190485983ee3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8d9e1804742f4a539e8b04ce6041c5e7 |
| SHA1 | af6f794081cece77b56bc30ec7cb3a6252ad44c6 |
| SHA256 | b5f8690821844f4681b01b3a78ad5d9e3d366e22997a3937225cab513f211563 |
| SHA512 | 52ac7f3ea87a690b82e859b67b27022f9c0043513ceef67de6cf990a4aec14e49b5d9e1cf77a0103dc50e39f5a6b78f8ff804f13f12e3d8b1637d35746ef114e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4520afc7704fb37bcda5ac1e18ffbff2 |
| SHA1 | 0ae4524c72090f85cbf52ec0903684dd20517264 |
| SHA256 | 9573aa9fd4d546b1a13e1bc7876602d95be1576636f557611a95c313895b0c6a |
| SHA512 | 705718af7a6178d997b0267e79879d1d30e64677881869f113ed95dc2a40d025f5dc9cfac51b7fdd15a299dd9106ceb51c2bf8c497f93fa80925ea90183970f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
| MD5 | 95395068be2fbe50e611390f90b82350 |
| SHA1 | de570923d9728437f5781bdc2224f4de3cf01b97 |
| SHA256 | 8db2bc6b7cc84ae0cded900a5ef3b72f1e66603d5aaf3cc73703a0d418297212 |
| SHA512 | 9fd4f841b1e69d494598e7baa3c2018add4c0cf60726e509e1976278c318796826f1f97fa532273e6430ec6bd4b419f39d2c38592896a63e4a65fd73328e1745 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c676bad0049a9319c61727e93a44ac1b |
| SHA1 | 812d7d547ad6258d5a2779485855041c10df36f0 |
| SHA256 | ab81248abd4bec8c6dd4407ccb8e7547d532308bf112e73195559e0e611af79c |
| SHA512 | 017bd8d5ad870e0db30062cb336d393fecd1567845e2d8d7f358eabf835b3d5d40736159a863b05bfde07dbb22c639ecf898ae291dd1ad30b3422187914a1afe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1343c2a7e1e4df4f3fb7a1e259fcfd21 |
| SHA1 | 8a02880d70bdc449eac5d839bb7628c84872aa6b |
| SHA256 | edfcc168f10c7f0d545e62a213d9d32123d16605c2dd5fc6a9eae3008e3e787e |
| SHA512 | 03b701f3126ce938f7f89e7bd6a6887df837a0653337d7b9076c7ccb809c44abed4d53bba92a6289f15420e2836ba922ea683ea9100a5622182823b942fd8e9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 1d95e2bf44ebb318972a0be7f62c2e4f |
| SHA1 | 0a2adf6949449c7e5a35b8618365db84fb822f49 |
| SHA256 | d67b3a4ee9bef0835d20d36f3b16e0a332200b8fa88646db78cf8290ccbf24e6 |
| SHA512 | 00c42870eba476ebbf28ff8978c1db3e957759599fac1a681784736d848bd98cf1d7b7910ce2f1d43b4dcb94504255963ebb762a43790edad19fbb48269fe313 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 1a522bfc60754c8486931680d71d4fcf |
| SHA1 | fa4876d919c3bb329b1aea942ed1bb0a6b28c23d |
| SHA256 | 354c6c445fcf51eaf0711b2b75da027164476590e4c66807711b2e3094183345 |
| SHA512 | b9acdf419f22f6a899ffc7d8da3b89eb62e1a1c87e033248e916874130bc71ba964a46d2f22894421ddcad4fb355d34dcee54dfdd6f35529a4caf06a7e91ddad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 39eebec3bbde268114051ea0d7595ce5 |
| SHA1 | af6d9a8ce9f9ae8626eb174866e405ce3fdc886b |
| SHA256 | e7fc19767f41c8c6752bacbd78e9be17005f4796673d25b81fd2bf5f7f0e04be |
| SHA512 | fc5e23b9c8192e70c59bd32bfb863f761053a5ccd301c8fabb28c145f5b0447df31eaf2a767813978ecb2b8eafd71c4d398878a0fd13057ea6657c1a5c1f9238 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5a0797d8c88f0662417e570e710e7b61 |
| SHA1 | 18c4e141de5d7e55367b44342ec5b7bd7f3a71d2 |
| SHA256 | 1c3d040a945f59e34d2a44199e9ad6389fe1bf3fe5ca1d72a8852d37c3206c32 |
| SHA512 | b2e82824baaf5165ff2fb816eec76601b8d15830227a0fbb113d96721f8e5799bd6bd46392d6198bbe91d36691e5d862e87a022db55ab0080dd0984241eb2637 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | df395dd2c907dd1696139072d6da372a |
| SHA1 | 0b8785e5766acb8d7f97ee5425086687b54c803e |
| SHA256 | aae2b4e7b66f813d3b27ac562d249816fcc7511ad6843010f5978193928402c8 |
| SHA512 | b3b42a57870c88e586525550b2a1b40925029edc928e753da97a8a8c6d8c1d7f7f707521a89d6c8f725dfe5999f742b92fab3144dfc4af094ad8003715fb4084 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7b3800b636981493a665fde58c16f8c9 |
| SHA1 | aed21ebeb0330ce0a8e0eafee2c17ec0e9f2a5f9 |
| SHA256 | 72d0c6d08197042a450bb195d803117c653ba93b88e2cb16b2b29047aa2bcc99 |
| SHA512 | 0ded8f0c7a5050695e03afe4ed92e96eee33d16465679d17f0251106abde79f16c64a68bfa0384f9da55661cfdd7c3bf0ac35badc6213efcc7ebe060a5c4c68d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 926f195a40d8fde5fb8f49a39c329b70 |
| SHA1 | da65b4a6afdba6f1281b6ab249f526a3fdf66791 |
| SHA256 | be9358fea52de09d8b397ea0df18dd78ed33e810bd20befed5b77c0a12d5671b |
| SHA512 | 43aac75e5cfe7c70b4c1eb75c70c34a8b22edbd8eb0119de358018ada420642dbbbdd4e85f69d625b4d64b835502450a1f72484b0421dd17d6dc724428b1fff7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5a3f5e994bbaac1ab2823e7e12b41262 |
| SHA1 | b6cb5d56cadbf3f46f1293e53fb0ebf3b09652f0 |
| SHA256 | 9afa52978c429af8482a86d1740f03fe2bd1ed85bdad85888e5a4c23a33265b1 |
| SHA512 | a5185dc00a0ed5c52e43ce4dc1e69881a576d9110fd0d422edd4b999859adf826ac562baa465b03ea5780f5820ca849194b3b756da72559e0b0fcb4c08428488 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
| MD5 | c6a53258a7353efe25b5bbbb450fb713 |
| SHA1 | ccd980898b7cadf15c324af5e2cd78fcdbef04f2 |
| SHA256 | 06695fe7943a32aef6049cbaf062efc15896c11f1fbec8aced4c0631c8717cdd |
| SHA512 | b0156de0efa084a9dc2b6ddfcfb473159682817584c1b7a2f5412b621a29f8061db68cfaf46a73b98b656bc67cf9f98e78e771f69920c283c6303cb6b9913565 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1
| MD5 | 0d730712a0df535eb34c5bc331d7f35c |
| SHA1 | 36fa808825a8d36d3cad51cede0bb0dc58c09fa4 |
| SHA256 | 9cdf43b14da10bba176ed096a7fcd20ac966c94731cd67f11660765d833a3af7 |
| SHA512 | 3a587ec7ec479bad763e1be0cdf434d6e4a0ad3bf2495d49fd102610d8330dfa978ba3f01c66cc81ef39cd2113f12859e4e82e4f2631ac8642aa454ebeb62f8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | de76cdb68eb33bca9aeb18ede962d1e7 |
| SHA1 | f4c5ef2d8dab035c4a4984095cd49e6f0bc1f3d0 |
| SHA256 | d39e0c664aba5d0174c9955981e8638b0f633730d5ef98b901a36f29ffa5a940 |
| SHA512 | 49b6ff40cfb42a9b17b1635b799618e9869027e71938407b823ab0c2287d1ec494608f1989141005a254ea6b089c988b1611be5294b5a0321c522e0b423fa620 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c799fed8446a74a182682c50a4bd32aa |
| SHA1 | 66ad30b2a1abe63624dea58d73a6a26a192e502c |
| SHA256 | 0c823e0484e349ad0b676dead9602e65dc1c66715b0ec0b954f592e39cb84418 |
| SHA512 | c151081158b67e8e67e96f8c051d2c4a657276df03c757e50924d4494f8d64a88580ecf35c2e4dfad84476b58715994101d8a2cb058eea4290963b55ab2ca63e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG.old
| MD5 | f05661e84c345df413294b6d675b5340 |
| SHA1 | 41393b1f881ecc39a8cf6f79ee75b7287345482f |
| SHA256 | 74b3d7f65b8fcf5d07b3c456c87fad21e5fbb52ef9102fa098137183e0841729 |
| SHA512 | da5e7dfda1b59d181b8872c6b246c79357631b3387e9e5363da7c3547fb19529c0429177cb418daa59acdcd4a767825c54acab73087a352363c357090fcb331a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG
| MD5 | a25ddfa21f7143fa72f57fd53ec85b64 |
| SHA1 | c301dda020163eef4733f91c29a0bb651c009c0a |
| SHA256 | 1034f0426fa0e7d5019232b003279dc140c2c5dfaf0abdfcbe008e979f90f554 |
| SHA512 | c098d083df2811bf6834d68668dc35494cb242ac43bf7bee43ed1ee11a8099618a97dc81760558b1399da6660fd76f628d33a9472fd99957b432966a36f499a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 86e76c5d3778aa8733358a77ac2c3a38 |
| SHA1 | b2861c9e376725271294d689d28e226248332b2f |
| SHA256 | 7f5129f655960868ec6aa2566e12fb4d8f3d73ecb77a3b10546630f78f488bb3 |
| SHA512 | 7b8328431b560b13792169409c3d7d9aa8dd8c36f3999195452b938a9182d582d00f25da84d4c0d6830d5136922a5175c6fd5ce28a300137f7f9b08de126df29 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 46f193cdaf89b9cb5e991a4a2e271575 |
| SHA1 | 4d254436b51e4ea28b3727538c019785e8505e95 |
| SHA256 | 9849240c50f511a28e9580be8e86f5b70b4897f93ea387c285aa524474d87abe |
| SHA512 | e47af456946a34c0cf356ea02f8b4ad9af3cffa0bd54a21636f0b2ed1e1a9a29ad046f2cb5145c3cac21ef8484264887eed27478ddf06a99e91ebac2ee6ef88f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 69ee4a5b515037d693dc4962846a2afa |
| SHA1 | 658158811f3812815d5e449d9cde30cb5464ef22 |
| SHA256 | 0640d6e200e95a7b352cc0b1da748b502a05a28d3f6fc0e2516e57fa83410126 |
| SHA512 | 02f2a2ee53cc5b016db2a0f04fbb6d7a8b1111c02115b0e9a69a0419e4fcd0cfd424ae14f74ebdb5c4358056f965239eaefb96f69aa34ab872e4d346d82fe701 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2a57e825dadec9a9a0fe4a783aeca3bd |
| SHA1 | 5fff2321a8d5672d9f7e3a82887c4a746b7f7b7a |
| SHA256 | 68b48499a6f79e7a226cc563096528763084c81be60eff036579370bc18b4912 |
| SHA512 | 7f316b6da7c78f84302025ea61df99167b230ad3c950013dfa4eeb6d1aaca0d108dfa1aa00fa4b0cb7b34f07e059fc6fae4e882302777e36f5f4a9e8dee2e808 |
C:\Users\Admin\Desktop\virus\astronomity.dll
| MD5 | ec5f89d0727fa28af13fffd9ab4a8f58 |
| SHA1 | 29d50b03dcc5cd97870593e98941eeb14e5ad406 |
| SHA256 | da3838bfa5df88cc032a86dc6cd28ab6f587a5648b7842636e963299a92e2f94 |
| SHA512 | 533c59ba72c1273bb494711ab763fa1738e56ccee7deb2cbccfc4d52fc4ad4a3d72453836dbd7dcb3826d70a69c8d869dda966c40ca48d3a4c94665ba9431573 |
memory/3452-3264-0x00007FF827610000-0x00007FF827620000-memory.dmp
memory/3452-3265-0x00007FF827610000-0x00007FF827620000-memory.dmp
memory/3452-3266-0x00007FF827610000-0x00007FF827620000-memory.dmp
memory/3452-3263-0x00007FF827610000-0x00007FF827620000-memory.dmp
memory/3452-3262-0x00007FF827610000-0x00007FF827620000-memory.dmp
memory/3452-3267-0x00007FF825350000-0x00007FF825360000-memory.dmp
memory/3452-3268-0x00007FF825350000-0x00007FF825360000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 29847e69a782dac396e3a418eb72f950 |
| SHA1 | 4581167de750d2cd6ff7c5cd9f433a181770e6f1 |
| SHA256 | 289fd56e9949d55a033f059639775bd411e90279280c62be79e9b8cc32eb6d65 |
| SHA512 | c78e0b7e09f4013e482d3cff929992fc179c4ffc4b560e0705aebaa96a10115fbaa2f7f50d66e0f4674cd14f44587259f59b1bd8eafe34a98bc8004dad24e853 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 215aed3447d942dba83b4b5c8f8a417a |
| SHA1 | 45a73e9b8f54b2d706a83ae21b5708e4cbeece94 |
| SHA256 | 9dc591c6445314ad073233824abf0151d31a6d8acee79bf5fe3014804d26fdb6 |
| SHA512 | 926b5721774c133e3eef85099e7a874ef892b4347d5951bae4c7ad5f7007019bf3a075bd3553e51a6ec5573bc68e10ab8ea27b197fae39d9fb366f7055fbd187 |
C:\Users\Admin\AppData\Local\Temp\TCDEEC6.tmp\sist02.xsl
| MD5 | f883b260a8d67082ea895c14bf56dd56 |
| SHA1 | 7954565c1f243d46ad3b1e2f1baf3281451fc14b |
| SHA256 | ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353 |
| SHA512 | d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e |
memory/3452-3798-0x00007FF827610000-0x00007FF827620000-memory.dmp
memory/3452-3797-0x00007FF827610000-0x00007FF827620000-memory.dmp
memory/3452-3796-0x00007FF827610000-0x00007FF827620000-memory.dmp
memory/3452-3795-0x00007FF827610000-0x00007FF827620000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\d489579f-ff89-4d4d-88af-0a16af475670.down_data
| MD5 | 5683c0028832cae4ef93ca39c8ac5029 |
| SHA1 | 248755e4e1db552e0b6f8651b04ca6d1b31a86fb |
| SHA256 | 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e |
| SHA512 | aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 95aaba557b2990dd9d7ef3898d58c341 |
| SHA1 | 7e08d817aa2ca9ba2d7d0d8c7b1b7b755e4adf9f |
| SHA256 | 87c53752f944f0112fc1004cf64fdee58895d77e748dbb8b1c0483ad0dda6256 |
| SHA512 | 019d29fa079240c2923c52d967c289e3c56d4a735a5685de96af0936315c1b89b866b942c7cdaa2f803ba830a6eac63895339b73bb30fc0a28facf9d706507cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 26fe7631f9a0930bb7d1f9afe48565bf |
| SHA1 | 5ad51fdda5c8c77a259febe0d19ab5ace5f57d6b |
| SHA256 | 33f69aae709faf36309e385f6e9b6414baf7fbb3ad3734a515061d91497eb576 |
| SHA512 | 7afc192fad5a539e24559f890f26defc74b0802f1260892a7fc47bd08bb4e4c3198eb397eb1588e66074842275f2da9b90fc92f4a211e39309d62e5834ea4239 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
| MD5 | 5a4482d990bc1ef2b352d0356e4a82c7 |
| SHA1 | 61b6925753df399afdf7c99db981cfdd964a217c |
| SHA256 | 9d1677b02d76d6abe49048ef876da080ed22c198e63f813b36f3734ae0c1e7eb |
| SHA512 | ce25c7d7228dd8b936aba2d6174e0aee526c9ec6a8f7b541b0ce9dcb09ee2dfa4a1b8d98e42cf00e77243161d9875cc35d137cfaa01ff775778a55168fc012f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e99a20207c0ccc5d376e86917e1cb0c8 |
| SHA1 | 115dbb4164ba311da156afe9039f152ac2408a84 |
| SHA256 | b6a20daa6e149a965f34ba7a339cb3fca95ba0c1cc51903efd9b2697d75782db |
| SHA512 | 4f0817f7e16edc01b4a41c5dca6ddc0827c781bebf5e47c2d40aebe3659f59c81bebfda5fe002e63e02dd233d6877440fbf202e00f56cd493eeafa605581724d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f663a9be597a61d403a33ac83bb0b7cb |
| SHA1 | 27b63e025bbb7d581842b633a0d86b8f8d015c70 |
| SHA256 | 1eaa8e986b3274794affa16b10f28688a8ce72cb11171a0c52778a3ca95aed46 |
| SHA512 | c1cb85e53652f5224061b5d588c69cb21ed5ebc6982caca6b6929180b7418d9999f5e625360efa37f1ce009d3fdd1aa9a3f13417598a83215aba3b01d0d4926a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 60570ea4adc08bb0ca7582db87554970 |
| SHA1 | 146e74aecf39baa5ab4cbf80815591a6d949818f |
| SHA256 | eeb910926f0e1b2d31694c131f6909a800b5d003257b30eb624c3dfa161cbe30 |
| SHA512 | 79093fdc399492fa498e0255b4208ba34c431c9fb5fe090a7f8e3244f30c3103cf165e41de8c23cbbbe77df32b395ab2a6eda7e3f0f0bb55796e80c290faccb4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | b9d1568462964c5cc2b3008fcb830dc7 |
| SHA1 | 35f3d96f95f2c0d084d2c3f74682660fd03412d7 |
| SHA256 | 46948f251c4c16a776c08b85b42f11f7a740aa57c431be37fe1a39d936808bc9 |
| SHA512 | b2e0e1585d2ae53cb3584bfec38aa9140b2d15899ceabdaff371bbe9822ace42180f05e1a2cc71de886d6b266c91fedfd4548caacc3d92ab9b026953f10eb114 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | d5bc372bf50b08f138a689d4d0660adc |
| SHA1 | c47efe36591606fc8b709fafca86c67739e133d2 |
| SHA256 | 72ebd2fee8eccccd3fe2c56bfb7f34c57597c5dad12bfb66901d0f7f4f2cd65d |
| SHA512 | ff6aa82bc24fa56835947b37c1bf3c59f85ce35dfdb4540c7aa53bb86aad7391f6704b01c2fb14ffe3b0a1f14a8be666a3ab07439943b816f919b98c691015c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | d309e539ef984bd38c639575907a2c52 |
| SHA1 | 6d952074faf8d2b1a52938b25c740397c1087d71 |
| SHA256 | 61aa874726232e3ebfe5b1091e9959f55896e70dd4e28c33313a7b9fc4858d89 |
| SHA512 | 24505193d55a422d305c6767f8b05fde70030b5d0575619f9528a02fd2f1b1dd239b6ae13767d4e9d46ab3f9ff752460a067460222ac1b9b93319e389fe1c58f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | c9564f4bb140b80a24cff33be5ff7a9c |
| SHA1 | d8a33b4c456fbb27747c968c6aa5af8da7f824a7 |
| SHA256 | 5042eb3591a1a2c4e0330259e08fb3434faffe69ad7cbf4b704ab71f92da0c3c |
| SHA512 | 8b2662fe5ce03a56fbdf9871f5e93faa07750b929c4786cc38f4436d861c7b3fdf05d202532b104d451ce7848dc530b34296917d38f12478ccca0636d9c1ffab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 24dc1b830ec445a29cb4c519a732ad35 |
| SHA1 | 4480169c219d78619b181cf4908f5f07b192e481 |
| SHA256 | 266aad8798c9ecce949d6aff0dbc877a5c754f95474a161feaf6df8f8f9c8706 |
| SHA512 | 7b39902dc37aa324fdc5fcc28385513cd42fad29d276fcc32c063748f29276ed41fa3438f788c7b1ead17183c72e6223b1699089296f9eeac95f067388419959 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 043c32c36d6f1b763591f4bb5a1bca47 |
| SHA1 | 5e33f4b3fa2c9d09aad4874b7aea0ebad185c95c |
| SHA256 | 5a349c6e2840e53c1fcf94e5fbb1eca3d427b59f4b1e2f694085f722071664b9 |
| SHA512 | c736bd0024e87f3832ebcfb648a5a6147b12247326296c96144f08aefbef3ca92e9edb088b8328f65853708adaeb63129e645ab2ba16c30b2dfd3a9f0dfad290 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 48cb606894d9b620ca6c87434c37cdec |
| SHA1 | 5c7fb7a0cb926107ca02d142d1682a574d7e7457 |
| SHA256 | 746fd2108db5866abf453372a0ef7507d795e92312ab9b11d316fa1e8bae174d |
| SHA512 | 999679e9ef12cf21cd34cb06520d83db8923265925690b8e6291cbc2eb9d9ef6fbf7a04971d4619798bcd6c1268242dfc8bcff2149bb10f042c091a16d78b4ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010c
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fd9d01f357185b1ffa30d8540db2ed0a |
| SHA1 | 98cb7088446f240b5bb3801085c3601cc3292abb |
| SHA256 | 89ca8e6f51b4b92be2afb64d0d3e7e301f994305201ec6fa7559b4ad115de8cd |
| SHA512 | f52a161859142df19c9d7e6215c04a6f8bf4929315ef88cc8f38f304f328ed02e2a6d49b00772acb0ca342e3ca5a9aea34af8818fc6b4c21ae14eb56e450e1b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9904fbdf599f8b5a9291c7253967ccea |
| SHA1 | 18e320909eebba1920f1462e991e482db64f6684 |
| SHA256 | b7f2dad8c28dab964e3155e2ec5f59911c4afb447a5910fda438ebd4a72be68e |
| SHA512 | d308a340f2b8e9b6e2ef8585625b378cdb9ba7ee03163572922f6db078d1210280c376749ceb215629b7798074f56bc1b4b1ae3fd6020b5674489d34a5ac50c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 1124dbc89269ecf12ef7cda1eb53e12c |
| SHA1 | f83e974cb6fe8ad3cf7844ec12b54e14a5f71867 |
| SHA256 | 8bd2dfdb8bf2dc00c54dbe60e8851782b55eaedc3457645d083779548317aa07 |
| SHA512 | b8a2304f1402575b7f5de5d803126d871b6dc79129ae98b93b58959e296c8de8fb5b7cc0f183c8bcccc5dfd8b8d687ddafd242082192e9606628364b14fc04fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a0ab63cfe40b353cdc845674f7a58b8f |
| SHA1 | 3a68a7613c6adba40390790aa684e2d90cbcbaa7 |
| SHA256 | c73fff33d7bd59328b3bf0259b6fd7cc4f1ffa93d5412493d4d0019c1201b595 |
| SHA512 | 4e75df9de217386ffe9c0bb8c18afae170fb236436bacdd9892bd3bf53b7a3ec0859fd4578844ca257b7bbcfc3bd6c652962fa8b732890d09bd40a2be470351d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a0c2e798af38a07e0158beb3d18ae1a6 |
| SHA1 | 8570eb51fe574bca339051793a9a74f1a0542fbb |
| SHA256 | 5375dfc7cf2076c8e5e6a52ffdc77c8121bc26b09cbf8b3e784935cf3837ee20 |
| SHA512 | 51bfc403f4750d1647b8e9cdb2c10d91746c929f8e79ed4d76416f8f0c59073170d95f73015cf938832131a3fcb8ae9f4b0607921c15d81b6da450288fc8a4ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000128
| MD5 | 0d7efacbf81f99f9b3b82ac627cc34cc |
| SHA1 | 54ba921739b19ff14708d61bf424e4713a51cce8 |
| SHA256 | ee19dc2db1f7d41b35f1a8bd976f452d5fd58012d0eff83c53fb835a4ffd8764 |
| SHA512 | cf8b4b0f8f586c1ac11d220b4033f91a3a98f167110bae904947407a8b4896afe18bef08871d09f6a2634d58a7118345e90a358b386d889f83abb246d8b6e44a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0a64f7de44778fe5ae429ab1cf6f977 |
| SHA1 | 218406a1872865cfc8f9dcc0de8841ad0aac2b12 |
| SHA256 | 8ef4fd42349478ef74de8d7be0fadc1e862919ee4c327ce94fb98bb46956acda |
| SHA512 | 40605902955a6f881780fc372fb596337646083e01c8c92799a565a42995de909d74412e4494f23832b3e7c4aa69e4fb5d763aac593a0fa883d6aaf09af2bb83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c4969af659f4e11f7306948cb2d82a66 |
| SHA1 | a9d35bda21896d05d3be2e9ff2b161e214d1f5c4 |
| SHA256 | a5f9f66881d11e056c9b9d4d971d96b4b1d703b1cea2d4be5737b65a7d0dc81f |
| SHA512 | 2561a8d5fc6645b179403eac031330e93557e247b55af4cb3d93280950e9ae63c271ae08431052284ada4009e7d96f7a303b1cde53714eddb45651321f5b47d7 |
C:\Users\Admin\Downloads\Unconfirmed 276272.crdownload
| MD5 | 251d47503743b09d4ec3847356487ac9 |
| SHA1 | 2365dec100d7ad2ca99079e2a6fdae7d801cdf43 |
| SHA256 | aa130d151859eccc8b4cc535ae756682069d626087e8c56a35b630df4b5f0024 |
| SHA512 | e3ff13f400e095b091e1fae184b9a83416c17c1033558b1512f765e19d866a776414db964d5e7a713eaa0ac0e07a98524540a0dba88294f137c0eaacdaa62e20 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 55e1d8ad7c03380630f70a876b315578 |
| SHA1 | 2846c037272af8da108c3abd35e8fab8ba08a318 |
| SHA256 | 5a986f39d2c39679d1ba0cb0a1163ae4f70333d433c37be98754750c23ddd1d8 |
| SHA512 | 3dbed11216fbf9c609bc4a13a9d54c8e05f44c4a52aa67429a28b1d9f5ff969edb83801d4fd1de277831a1597557968faa9620c3c155d2c9dd091840fb9073c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bea3d723908226ce3d1a6f0255f4642d |
| SHA1 | 34d6932aa692c7d094915c2ab08887e13682780c |
| SHA256 | 6d2c3faace495ee7087b477ab2c74878d25e54bd9a0de737469d47d49cd880a0 |
| SHA512 | 4e1870ce9e31547be357c9e464b567670f916e72339460877094a85da582236c4d01ea76a7fe1b278fb0a7dade0e7b9de69b05b166a16ddcf2748b771c7e3355 |
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\ioSpecial.ini
| MD5 | 906ad5f1d2621438c003c12c4ad86405 |
| SHA1 | b7d7a742b039963b29f32c54ebf8d8932fb09794 |
| SHA256 | ef51f48ce8890fc74bb17851d314d2b737efbadae8d7e04d0699b41e0a22481b |
| SHA512 | 1a783098a7dafe2652a14e23eb6d7b381fd6fb9b80cb28f2020e83e9b8ab0eba159196d33e104d6d1d5415bbfa0ac1cd01c322fb5ea30fa76fc984c175314183 |
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\InstallOptions.dll
| MD5 | d095b082b7c5ba4665d40d9c5042af6d |
| SHA1 | 2220277304af105ca6c56219f56f04e894b28d27 |
| SHA256 | b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c |
| SHA512 | 61fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a21149fe04e28a10f8fee338c95c999e |
| SHA1 | 7c1366cfe277d481623507874476f05572ddc12e |
| SHA256 | 7ca4676333587daacfbb5ec1559fc3c53083ee770cf908d5aa618886900e977c |
| SHA512 | 85caad7eab3350f11928c36fb25ad9301c2a6ac4e6e3f81ed8707340815efa24f0af3ae15131cbb852dc3e0fb090af38c0da7f371a1782a6e289af943d064a85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7db590effd2d67c4edd9b995d0067aef |
| SHA1 | a20c92d2dde3bafd6f50e40eb7259456ca7dff9e |
| SHA256 | d614ba136ef8481f3b3bfad8e6ee7875964acaa3db33b15b709690565cbe84e4 |
| SHA512 | 00db853124b28cacbe5e98c4ac82d0b10e639b40b274b0275c2f397da767be0c92067162c6055e30878a1b6e8a2456890f72203a88c486bf3a65de0b92f5cf37 |
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\ioSpecial.ini
| MD5 | d83b09c4e97923cc9798484531118760 |
| SHA1 | b41d38e1de2aaa6632f9bae564c04661c59e865f |
| SHA256 | 07a0a552d57dc1e7e54da30507bc92ec02b8fcaad0d54fbb1701c4d96843aa9c |
| SHA512 | ae79205e75a78caf35f787ca16288a8e52fb92fe883382fd3e40bb794efce4c9d1cf90bb3bb262b5937478c57a145e4eb5ce101219e9ec7352ae4b73a8cc3f28 |
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\ioSpecial.ini
| MD5 | 44a4e3613b45c6f77e0c470cc69962f7 |
| SHA1 | 070eb18f62952d1334538a9c2513efd0c1e3dbef |
| SHA256 | 04e4b6950cecb78c5aff659d45d0a57c7686c12335c3ab278f181d053bbb0958 |
| SHA512 | e1620cbf56574bf9c82e3f0c0e0fa1c95569e8a6c3d832f6499f874be929de16a83ca3e3993413ccff64ebfe5e1456c79b3f54d7372fdba4b8433f38b795ea8d |
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\LangDLL.dll
| MD5 | 50016010fb0d8db2bc4cd258ceb43be5 |
| SHA1 | 44ba95ee12e69da72478cf358c93533a9c7a01dc |
| SHA256 | 32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e |
| SHA512 | ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233 |
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\UserInfo.dll
| MD5 | d458b8251443536e4a334147e0170e95 |
| SHA1 | ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3 |
| SHA256 | 4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7 |
| SHA512 | 6ff523a74c3670b8b5cd92f62dcc6ea50b65a5d0d6e67ee1079bdb8a623b27dd10b9036a41aa8ec928200c85323c1a1f3b5c0948b59c0671de183617b65a96b1 |
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\System.dll
| MD5 | 4add245d4ba34b04f213409bfe504c07 |
| SHA1 | ef756d6581d70e87d58cc4982e3f4d18e0ea5b09 |
| SHA256 | 9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706 |
| SHA512 | 1bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d |
C:\Users\Admin\AppData\Local\Temp\nsaCE6A.tmp\nsDialogs.dll
| MD5 | 1d8f01a83ddd259bc339902c1d33c8f1 |
| SHA1 | 9f7806af462c94c39e2ec6cc9c7ad05c44eba04e |
| SHA256 | 4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed |
| SHA512 | 28bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2221cc59c3e6ceb773cc31a7e175316b |
| SHA1 | 7123c551f0412b72bffc2010ea3876d12a7ef636 |
| SHA256 | 9d6067190c619351eff766a7ec8b23c50d79936968a0b2651471272ddb4dd3a7 |
| SHA512 | da6aa5d65848ce35d65f8aed142b376df7eef43076e614ab6f45ae960484cbfc85a7683b73b4d169d3578983dff15d5a737bb609df5f8236b243027c3713ddbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 20b8723d65ad7440f3bba422f7e4484f |
| SHA1 | e46d6b4040b8237ff70e1ae03723e4b4bdff754a |
| SHA256 | 549c858cc8bc18ce0636485e73f7a305d6dfe20ad4c91273c0e8de6a92c28b60 |
| SHA512 | 82651f07599145eb919cd19b6015ecb31c566e05ad68943c5172dce5696baa35e0e9852d4f30587cabe3f1aa0873ed71ff449884eb73931a6a2aefef0c5f4849 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | 383d7084c60e18b1e3bd1f175f8c3332 |
| SHA1 | 1fe79ba98a15b38cb76052fefb5953603695fa20 |
| SHA256 | aa2f872af0cb6b18ee42cde8ea2e8934880f5476bad520a5cfba2871cd9b3c45 |
| SHA512 | 0c93d5cea8550c6fcf1d34d3613de084ce43103e63367e3e10a034cc9f0215befb7a8cc1c8b18e2c6c1a3069d31c847eb6343a11da137a48bf64fc93175fd250 |
C:\Users\Admin\AppData\Roaming\Notepad++\plugins\config\converter.ini
| MD5 | f07150054a6afff4d8e9d58899167722 |
| SHA1 | e092cd960ab728667d91b37d64a02d7f6821518b |
| SHA256 | 5b0a08439e8e93817772f84e1098f14152d9da36c2601a0600ddaae6f61359d0 |
| SHA512 | 8c86aa4c058a8ab5fd26f21cacc8ddaffa8ce6012bb329d3c5b817da00b4b43018a575c768d1921c6eeab7537f172c7cb3de658b014365ea52fb3c87547182b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3611f025-21f0-4bbd-b1cf-18882216e7e3.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e345ab72210d1d9e0f10226a8834d8c9 |
| SHA1 | 2643fe83f1d901689adf56e530c2ebdf35add7d0 |
| SHA256 | b64a2658c66bcd0f82904213a629c65643b573ba82ef1bee74c5e88139943d72 |
| SHA512 | acabb6f82058a268dc038ea121b955c38070ea0723e10a42586464ae5dc61602f7a7c74041dcc06e6efa2314fef0b1e15b428792fcc6875212f7b4443e777f83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9abd4ffa0dddabcd992c3be7d67b9d58 |
| SHA1 | 565864bfe4bdbbca3a470930931168ccb548c68b |
| SHA256 | 4cc29f8c629321e8d5b2455ed41f52d2ecf39eeb5be9b81c27c0c9d13e125751 |
| SHA512 | 78049329406b9e290f2bbf75d60494c4b01111e09234d5748c35ad803079052bd159a6b6afa6cfb468682895bc9bdc77cc90e7d5b961cbc9bb6676f2d0db9a9d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bae41c565557a9282a9cec811b1813fe |
| SHA1 | 54b93e00ed0b97060073c17561f33dc9ea86cf74 |
| SHA256 | c7590e0bf2ce412c5d636d7abb5f501716dc5a4fd6638311177442312de0d721 |
| SHA512 | b21803e3797b1cdc12c1a63bf5f9aa6d40343744dbdb6e110dfc4bb3ff03bbebee3d312301eb6e8a01070249f5ff0abf17bdb52103e3f1aa454be221db6f8737 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4e66febe6588fce816e8d347442aa68e |
| SHA1 | dc6a1a522b4d1b28dde575d4f3391305f8b53950 |
| SHA256 | 79ef66b1c6dc6fe3d8737b38520aad5d94a15c5197454c2821d5538d67718e46 |
| SHA512 | 88c8ac3fe3fcd08569f5d25bf7408f5fd8f349d01c372f444562f66ec922adcf6d9f1b41c107e7ae1a2134532024a883c73af63482ad0ff4094cd14e55f4a601 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ab1f829df5c166aa7eea69fb751459fb |
| SHA1 | 90e773e8f12bfa3af8e3dce0d230b4f13b5fe62a |
| SHA256 | 25d5127fce162cf0bc3d4528f523cbb16fea293c28e66b9a4563cdd7af3a669c |
| SHA512 | 38bbb89ee4ae344012d6e018cd1a8e2a7e165343e32e881dd02678d20aee4980f1c8ea0da5fd2390574dcbbf66a268aa3df7be7034abd4c61cc481ef9718f3cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |