Analysis Overview
Threat Level: Shows suspicious behavior
The file https://applio.org/playground was found to be: Shows suspicious behavior.
Malicious Activity Summary
Writes to the Master Boot Record (MBR)
Drops file in Windows directory
Suspicious behavior: MapViewOfSection
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Uses Volume Shadow Copy WMI provider
Checks SCSI registry key(s)
NTFS ADS
Suspicious behavior: GetForegroundWindowSpam
Uses Task Scheduler COM API
Modifies registry class
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-03 08:51
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-03 08:51
Reported
2024-05-03 09:02
Platform
win10-20240404-en
Max time kernel
600s
Max time network
601s
Command Line
Signatures
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe | N/A |
Drops file in Windows directory
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "132" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{5AFCA281-3906-4E95-AFAD-CC317E617E = 4fbe7f49379dda01 | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 609d706c389dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = de6cf03d389dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f139344f379dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\applio.org\NumberOfSubdomain = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\microsoft.com\NumberOfSubdom = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{5AFCA281-3906-4E95-AFAD-CC317E617E = "0" | C:\Windows\system32\browser_broker.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "189" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\memz-master.zip.o249fd5.partial:Zone.Identifier | C:\Windows\system32\browser_broker.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://applio.org/playground"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe"
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3bc
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe"
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | applio.org | udp |
| US | 76.76.21.21:443 | applio.org | tcp |
| US | 76.76.21.21:443 | applio.org | tcp |
| US | 8.8.8.8:53 | iahispano-applio.hf.space | udp |
| US | 52.5.55.249:443 | iahispano-applio.hf.space | tcp |
| US | 52.5.55.249:443 | iahispano-applio.hf.space | tcp |
| US | 76.76.21.21:443 | applio.org | tcp |
| US | 76.76.21.21:443 | applio.org | tcp |
| US | 8.8.8.8:53 | 21.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 18.239.210.27:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | 249.55.5.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.190.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.215.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.210.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 2.16.106.139:443 | assets.msn.com | tcp |
| US | 2.16.106.139:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| US | 20.189.173.10:443 | browser.events.data.msn.com | tcp |
| US | 20.189.173.10:443 | browser.events.data.msn.com | tcp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.106.16.2.in-addr.arpa | udp |
| US | 20.189.173.10:443 | browser.events.data.msn.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 10.173.189.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
| NL | 23.62.61.113:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 113.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | s28667145.weebly.com | udp |
| US | 74.115.51.8:443 | s28667145.weebly.com | tcp |
| US | 74.115.51.8:443 | s28667145.weebly.com | tcp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | cdn2.editmysite.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | smweebly.pixelbits.io | udp |
| US | 151.101.1.46:443 | cdn2.editmysite.com | tcp |
| US | 151.101.1.46:443 | cdn2.editmysite.com | tcp |
| US | 151.101.1.46:443 | cdn2.editmysite.com | tcp |
| US | 151.101.1.46:443 | cdn2.editmysite.com | tcp |
| US | 151.101.1.46:443 | cdn2.editmysite.com | tcp |
| US | 151.101.1.46:443 | cdn2.editmysite.com | tcp |
| US | 45.79.99.181:443 | smweebly.pixelbits.io | tcp |
| US | 45.79.99.181:443 | smweebly.pixelbits.io | tcp |
| US | 8.8.8.8:53 | 8.51.115.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fast.fonts.net | udp |
| US | 104.16.40.28:443 | fast.fonts.net | tcp |
| US | 104.16.40.28:443 | fast.fonts.net | tcp |
| US | 8.8.8.8:53 | ssl.google-analytics.com | udp |
| US | 74.115.51.8:443 | s28667145.weebly.com | tcp |
| US | 74.115.51.8:443 | s28667145.weebly.com | tcp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| BE | 23.55.97.11:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | ec.editmysite.com | udp |
| US | 52.41.177.206:443 | ec.editmysite.com | tcp |
| US | 52.41.177.206:443 | ec.editmysite.com | tcp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.40.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.212.58.216.in-addr.arpa | udp |
| US | 18.239.210.27:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 206.177.41.52.in-addr.arpa | udp |
| US | 45.79.99.181:443 | smweebly.pixelbits.io | tcp |
| US | 45.79.99.181:443 | smweebly.pixelbits.io | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| GB | 142.250.180.3:80 | www.google.co.ck | tcp |
| GB | 142.250.180.3:80 | www.google.co.ck | tcp |
| US | 8.8.8.8:53 | consent.google.co.ck | udp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| GB | 142.250.178.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 4.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.178.250.142.in-addr.arpa | udp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | 26.173.189.20.in-addr.arpa | udp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| NL | 23.62.61.99:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 99.61.62.23.in-addr.arpa | udp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| CZ | 104.64.172.89:80 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:80 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.22:443 | login.microsoftonline.com | tcp |
| NL | 20.190.160.22:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 89.172.64.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| NL | 20.190.160.22:443 | login.microsoftonline.com | tcp |
| NL | 20.190.160.22:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.23.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | answers-afd.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | consentdeliveryfd.azurefd.net | udp |
| US | 8.8.8.8:53 | csp.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.253.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | answersstaticfilecdnv2.azureedge.net | udp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| US | 152.199.21.175:443 | answersstaticfilecdnv2.azureedge.net | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| CZ | 104.64.172.89:443 | answers.microsoft.com | tcp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 192.229.221.185:443 | lgincdnvzeuno.azureedge.net | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| GB | 51.132.193.105:443 | browser.events.data.microsoft.com | tcp |
| GB | 51.132.193.105:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 185.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.193.132.51.in-addr.arpa | udp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| GB | 216.58.212.206:443 | consent.google.co.ck | tcp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| US | 8.8.8.8:53 | id.google.co.ck | udp |
| US | 142.250.9.94:443 | id.google.co.ck | tcp |
| US | 8.8.8.8:53 | 94.9.250.142.in-addr.arpa | udp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| US | 142.250.9.94:443 | id.google.co.ck | tcp |
| US | 142.250.9.94:443 | id.google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 54.169.217.172.in-addr.arpa | udp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | play.clubpenguin.com | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.co.ck | udp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| NL | 23.62.61.171:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.46:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| NL | 23.62.61.137:443 | www.bing.com | tcp |
| NL | 23.62.61.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pcoptimizerpro.com | udp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:80 | pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | pcoptimizerpro.com | tcp |
| US | 8.8.8.8:53 | 124.8.63.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.pcoptimizerpro.com | udp |
| US | 8.8.8.8:53 | www.jqueryscript.net | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 172.67.75.171:443 | www.jqueryscript.net | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | jquery.app | udp |
| US | 172.67.164.99:443 | jquery.app | tcp |
| US | 172.67.164.99:443 | jquery.app | tcp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.75.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.164.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | static.hotjar.com | udp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 50.63.8.124:443 | www.pcoptimizerpro.com | tcp |
| US | 18.239.208.104:443 | static.hotjar.com | tcp |
| US | 18.239.208.104:443 | static.hotjar.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| BE | 64.233.167.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | ocsp.rootca3.amazontrust.com | udp |
| US | 18.239.215.62:80 | ocsp.rootca3.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 232.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | script.hotjar.com | udp |
| US | 18.239.208.43:443 | script.hotjar.com | tcp |
| US | 18.239.208.43:443 | script.hotjar.com | tcp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 204.79.197.237:443 | c.bing.com | tcp |
| US | 8.8.8.8:53 | 43.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| GB | 142.250.200.4:80 | google.co.ck | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
Files
memory/4816-17-0x0000025FC0030000-0x0000025FC0040000-memory.dmp
memory/4816-0-0x0000025FBFF20000-0x0000025FBFF30000-memory.dmp
memory/4816-35-0x0000025FBD5A0000-0x0000025FBD5A2000-memory.dmp
memory/356-42-0x00000293109C0000-0x0000029310AC0000-memory.dmp
memory/1476-57-0x000002986E500000-0x000002986E600000-memory.dmp
memory/1476-135-0x000002987F370000-0x000002987F372000-memory.dmp
memory/1476-128-0x000002987F2B0000-0x000002987F2B2000-memory.dmp
memory/1476-122-0x000002987F290000-0x000002987F292000-memory.dmp
memory/1476-168-0x000002987F600000-0x000002987F620000-memory.dmp
memory/1476-183-0x000002987FF60000-0x000002987FF62000-memory.dmp
memory/1476-181-0x000002987FF40000-0x000002987FF42000-memory.dmp
memory/1476-179-0x000002987FF20000-0x000002987FF22000-memory.dmp
memory/1476-177-0x000002987FF00000-0x000002987FF02000-memory.dmp
memory/1476-175-0x000002987FEE0000-0x000002987FEE2000-memory.dmp
memory/4816-202-0x0000025FC6F20000-0x0000025FC6F21000-memory.dmp
memory/4816-203-0x0000025FC6F30000-0x0000025FC6F31000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\rt5g2v3\imagestore.dat
| MD5 | 0d349081868b3327fdd91379fe4ce36a |
| SHA1 | edd7a12f0f7c247a56378a4f7fb4c6351c5e3bd0 |
| SHA256 | 9ff1055ad8fb71c2dc305b8ce6342936a24cf8e3859f6e24c11e708c2f02ba04 |
| SHA512 | 14fd64b622a0fbd28f0c4ff15dec5b110760b0d87eebede1a595507a449e075ee6e349469b20c9e2074a6e41c7f1ef04cfc39de04a15f0b3e1186d2b1a64eeb5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MCIU57VS\favicon[1].ico
| MD5 | fb8ba515d3111f1abb4547f174ce6c02 |
| SHA1 | 596c0d987910e9955386f13e9786efb235c8e9e9 |
| SHA256 | e3162d4b4c07645f90316a5980cb046224705ce3bcba7bcafaec059e1d077584 |
| SHA512 | 1fc363885870a2c7b173e6e516b01509c7b2a35ed15ba07b590db13115bb095ef33efcd7ef371a5e94470b2a0a7909bcf3492125e2bb4af3ad663db7664ebbb7 |
memory/1476-229-0x000002987EB00000-0x000002987EC00000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
memory/1476-236-0x0000029000600000-0x0000029000700000-memory.dmp
memory/1476-235-0x0000029000600000-0x0000029000700000-memory.dmp
memory/1476-263-0x00000290001C0000-0x00000290001C2000-memory.dmp
memory/1476-265-0x0000029000350000-0x0000029000352000-memory.dmp
memory/212-275-0x0000027F2A9A0000-0x0000027F2A9C0000-memory.dmp
memory/212-277-0x0000027F2A4D0000-0x0000027F2A4F0000-memory.dmp
memory/212-278-0x0000027F2AA00000-0x0000027F2AB00000-memory.dmp
memory/212-289-0x0000027F2B100000-0x0000027F2B120000-memory.dmp
memory/212-283-0x0000027F2C5E0000-0x0000027F2C600000-memory.dmp
memory/212-328-0x0000027F2D500000-0x0000027F2D600000-memory.dmp
memory/212-375-0x0000027F2BA40000-0x0000027F2BA60000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7W95R2BR\4TQ6xhX_0XDFyLdFRS-kPhFXirA.br[1].js
| MD5 | fbf143b664d512d1fa7aeeeba787129c |
| SHA1 | f827b539ae2992d7667162dc619cc967985166d9 |
| SHA256 | e162ccd10a34933d736008eb0bc6b880c4e783cf81f944bca7311bf5f3cd4aff |
| SHA512 | 109ec6433329f001c9239c3298a10e414522f21be2a3d7b8a9eb0b0767322eaad1fdf8f5b11edb1f42882b4e75ae71bef7fe786716407c8efad4feacb3dcf348 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7FLIC0\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js
| MD5 | 9085e17b6172d9fc7b7373762c3d6e74 |
| SHA1 | dab3ca26ec7a8426f034113afa2123edfaa32a76 |
| SHA256 | 586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d |
| SHA512 | b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\U0EMQ45L\favicon-trans-bg-blue-mg[1].ico
| MD5 | 30967b1b52cb6df18a8af8fcc04f83c9 |
| SHA1 | aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588 |
| SHA256 | 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e |
| SHA512 | 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
| MD5 | ea8ca388ae96abf98f7f3a17bf41f43e |
| SHA1 | 9eca357f0ef8584053bed4666c0678a69b438a8c |
| SHA256 | b3e9693ac28e4172f8076cd85b68f0a28b399e93c2f96b34878af7efcc670208 |
| SHA512 | a05b46702887160806a947edceb43bd41d1067765c319de19b8939889717be45d9bad863fb6408ff0d094c370c482bc264e4c954e0e91aadb12c2cf1705b42d5 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
| MD5 | bc1a054342041a4a1f52fff0be8339b1 |
| SHA1 | 8c269b07aa09ec87460beee54b088858d829ada7 |
| SHA256 | f8d38f183edb5ba28a1340b87582f8a9edf07b8827205d3fcda8e9f305dc2ed7 |
| SHA512 | a49a2ae6ee0ddb16b8ad5169e899f56869313c7b86a03c1af0ecfa9a33bbc1c9a14a386295cec6ac502e772968529aa406b7ef7771483ae43bc9f845052e0d2d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CFNGC9XN\favicon[2].ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | 822467b728b7a66b081c91795373789a |
| SHA1 | d8f2f02e1eef62485a9feffd59ce837511749865 |
| SHA256 | af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9 |
| SHA512 | bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 5da114d8c518bf2a5935819c06443a9f |
| SHA1 | 8fdf83ae65da5298559c07d813846790bb7b9337 |
| SHA256 | 4f6a2b1d4b08c93e5ab8600bbcfd120e4b8175ca04959d09f12418777b84c29e |
| SHA512 | 995e6776f68588dc917aea34d0ae9e03987f0b206ee18f69d7d36af4bf5ab02484452517749dcf9a2e5efe42d22da963a5f003366697c8357d2db3bc9ca44366 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XS9FIQX3\stl[2].js
| MD5 | 6029ea0d7e342d1f8ac4b3d21af18238 |
| SHA1 | fdfa3448753dd83aeef9bfe49a6b0d7b776ad68c |
| SHA256 | 2fa7eecab5db277fa2aaf6707b99648a42c60a323c2af6b7e0c2936fdc31eaa7 |
| SHA512 | 4b3e5740470c739916e64eb500042098acc16cca00ff6ac03f83d8867ebcb7b28479900f9ca8a22b0a448ee252fa2bf878d452751a50b3b6d30d517c41470071 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\044E7G2G\s28667145.weebly[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\044E7G2G\s28667145.weebly[1].xml
| MD5 | e65ee52f072abe42d771d73af8bb51e1 |
| SHA1 | 79f1d41964b9ecb99984c998b4943770af9ba715 |
| SHA256 | aa50344cdbfa118d9188c76ac19e7952c755d0b7dabe2e0d669f777fcd13a3d3 |
| SHA512 | 1bd9f4a2ec73b3880cd60749e6e8fff4511618bfc984dfae71b4145b12e0490747f9d06e53f9fd9528b676b3ff238a17b5a54a7c92618d3abb429844a9bc7617 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8BB34D7AC6ADCC019FE5325FE9DECAE8
| MD5 | bccc17bf25a73e13ae46081ae3da9cff |
| SHA1 | 48bfdb0a1da4215332b42fa27a31feb043cdfa62 |
| SHA256 | 8c8a6890fb4ca19dd66bf4e0f2fc3208f374d30e00c2574d6329e27c1613a109 |
| SHA512 | b04d9653e456bbeee1e966cd8a1b3214bd095ceed5b8289ee1fe372507c8867ae84bf050d39756a4b0952b367b8b2af27425efd095ce826100f27717cbbd0d59 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_8BB34D7AC6ADCC019FE5325FE9DECAE8
| MD5 | 139cbe5418421a74ea786ae5df7ef9d9 |
| SHA1 | d17197d52c40978cdd2d6e344c23fd776b527066 |
| SHA256 | d0a557e2fb2c1e2ce4730048a3f008c765a9a85bb853601a9f12561774834ddf |
| SHA512 | 6b661e367f7886814a9ca151f584fd7e4ab8b143b2bf2977dce26b2cecca99b18b792a6e5b1598dae58a69b826b21d651d20e341609b806bfa44240071e06bbe |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
| MD5 | 1242a9ec47dce0bd95e649abdc3b8780 |
| SHA1 | 99bca307a887de4e1a8dee22d5d3790c32113928 |
| SHA256 | 178857c93fa8f8d421ab9935d17927592afd31d518a859895378eb567274423f |
| SHA512 | 3c89928738a8fbfdcef4796841235162492e7dd0ed30613d15f11c08ff536164adfa343b523d8459eb0fcff904d4ca6dbd4fe8d09ef0b1921b4eec86a1922e17 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8
| MD5 | 50a395aaa82dc2c06ac72d1a218b6e79 |
| SHA1 | 3b32182afd8d0ed1649e777d42dcd0e090b49b90 |
| SHA256 | a0a12ce85707f793bbe26d901bba3f604fe23cc9e2c55c6b2973c22ce000e92f |
| SHA512 | 4aaf193efd74f1ea7c2d4eddaaa6dc9ae7bdd6f674ecbefe543d9eb8fd1e71d8a877be2f1456a9e6c7bd1ddd1b7bf48c308e1358dff1c95bdad5a1e47fe80e14 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 3a49657fd7107723afeb757a1a61c79a |
| SHA1 | 4c6c956db1bf1211227242082489496d0a1fb7b8 |
| SHA256 | 268e66ba08505703d9307ba56a9470af8ca61f8dce193d6e60bbdda88551ded8 |
| SHA512 | 4280f9ba32ffe64605e544bd518eb0e9ef9cf01fd6e0999bf6d5b40b07edb66f9643b4d19db0bea7dd9322b1690ea3927e1bbf02b473a32e8b8071503779fd34 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
| MD5 | 24e0651ed8ec9602ac0cc5ff3475a6cd |
| SHA1 | ec9be46126b783a4f6fc51d254db573238eeeb60 |
| SHA256 | 372016b9b8a6fbd400950ad07421a0527ed157b09bd00134fdf82add39d3a4a4 |
| SHA512 | 23141594f748ee56a50ddb9cb8c34fb6a19dfc3f4fc46393c4d5cca0fcbff7f18aee36df70009fd49bac415abbc0e1dfbb978a3bac99b18817bf2c6f9016f891 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | df9d2011be5a40357e9b63d8e80a2629 |
| SHA1 | 783451f558b4a726f2509a834994d7c87ef20f80 |
| SHA256 | 88265fc4afe4cedfa58219ad5040836182c4e185a692df502e76d48e7ec7d334 |
| SHA512 | 3617034d2b21192e4a97a1fc7da512800b85f05eda3c5e9445796f0d70308579d59dcd7a21b9b8456f594f6f5e72b3b503fafee67f05205c2d05bd0c7fe0b61f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
| MD5 | cd1a28076a6c7814e919a50d25093e9c |
| SHA1 | 14cd92d368f3a677cd890f0ff418d62e453f62b4 |
| SHA256 | 54a1ecbd8159fff4562e2a68c8f3a10d886e34de99ecf56e1695aeac197aa17e |
| SHA512 | 7d8641cddc81492836ddd47ae74443d5d9b61187a317912acc403147c21f30b61a178c8f37cb7dbc2a2030690f9573585580313335017403cfd077fe1c33eb92 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\H6X96UW5\favicon[1].ico
| MD5 | 4d27526198ac873ccec96935198e0fb9 |
| SHA1 | b98d8b73ad6a0f7477c3397561b4aab37bf262aa |
| SHA256 | 40a2146151863bcf46c786d596e81a308d1b0d26d74635be441e92656f29b1b4 |
| SHA512 | 1ee4b73f4da9c2b237cd0b820ffad8e192d9125ce7d75d8a45a8b9642ce5fe85736646caf12d246a77364c576751c47919997d066587f17575442a9b9f7cc97f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7FLIC0\memz-master[1].zip
| MD5 | b5b14b77ba398d9ca1b6ecfd815d80e7 |
| SHA1 | 9230c0145e2255e55decc3fbdbb8ffd2b0a2d1e7 |
| SHA256 | c2d501fc44e8736752c30fd20e4d704577cbced66447be645a14137e0b5237be |
| SHA512 | 84113fc9a359d966a37f085dba9b6a16f32fce44af66cd3e4a3612ba765f72014800f636835e163f40017381992fac1dfb84881c034bcacb5a64de84c94463aa |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7FLIC0\memz-master[1].zip
| MD5 | c83bed29066c2b16dc67b9099dd1c6ff |
| SHA1 | 1c7b4959ee2031c9e14301e8fcb6d0664f2b4f86 |
| SHA256 | b2e1e267b6cab98d5c73baa537616c809d89b85218d5bdc15c4d6424dd8dbe12 |
| SHA512 | 5288326c692902f8d880c8b07f382d6ed273ce130db8906f2a1e0b1c3b1a4f03dafcd00856e89b1ae557ace66f4fc58224b262fa643de88d7550905b43d85f81 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LICIZUQP\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\memz-master.zip.o249fd5.partial
| MD5 | 4790677e05d72ef7429dddf35562bf4a |
| SHA1 | 4243d6ea53db7e8cc0c355e70d6cffb54787b90b |
| SHA256 | 319bf6087040d17b87f46cd05f5ee064c291ba9ca46e1910f28d1f4c57cb3d96 |
| SHA512 | a93c5f691938bc1bdd9ef20b975f0b22cf494543e7df82ec31838bf811552ead5cd855959be4e47186ee7de944be005030f52f58b9dc85e7cde719cb97b794e3 |
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MCIU57VS\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7W95R2BR\nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKdFvXDZbtM[1].woff2
| MD5 | e4d6c8c57079b70dd94236cb4dbcd5be |
| SHA1 | f8bb42bd8b6b3ddbf7d70d1cb2e9472bb5351e6e |
| SHA256 | 12e285b031f40e3970e0368331f02807ee64cab3d25dec9bc34975c9b5cf6b4f |
| SHA512 | a21f5df08def6d84362d4231613aae319998c70ec783b7bbf1d2dad62b8ccad43a3e8612cb4bf4b5746cc3881b771319b7016e35fc89ddef973250ac178e0628 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7W95R2BR\nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_qiTXt_A-Q[1].woff2
| MD5 | 66f533f5ff80956354d1fb4aab3b8a2c |
| SHA1 | 4a1753616e5ab51c3f7b8e784de99d007b2cba68 |
| SHA256 | b3ab1bcb5bd68010806f88134ad581b56fa75da2a2000753848c61bbac82f4e2 |
| SHA512 | 817241abd6ba172d19704e69aee99895898cb4ad02a9f6880e210099b0201742e77c530146f92a0c1266b4d3f1376775f311a7bd4726fe618003476b4589a2b5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7FLIC0\nuFRD-vYSZviVYUb_rj3ij__anPXDTnCjmHKM4nYO7KN_k-UXt_A-Q[1].woff2
| MD5 | 54dc8147f54996ca05201938a6aec3fd |
| SHA1 | a246379477d6f774059d088cc727b5753ae1c2b8 |
| SHA256 | 4d073fea9dc9da8e5a2626c14c419ec6be0ec8acfb2d5ef5a90e9d995fc141bf |
| SHA512 | 025559c263757faa45c5e2d03882d770081ce72c647893fd9ea976b1f45ba57d25e0b4ef97f84a0353d3aabbe6dfbdd8e2abf0c86e5f78a6eb221bbf47e01943 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7FLIC0\nuFvD-vYSZviVYUb_rj3ij__anPXJzDwcbmjWBN2PKeiunDZbtM[1].woff2
| MD5 | f11f3e3360810e2035b9fdf79b261b72 |
| SHA1 | 3b1b2f4ae87993aa400fc441142a24a8b42fff8a |
| SHA256 | 68de36afaca4d3ec77779ec9ef705fde578be0b5419b9cd520515747e75716e8 |
| SHA512 | 2e1d376af2120ab4f1555bfdd4e3d1ccd1c18050c0c172c620b110b694dab7fa3188f5d8fb05b242b62706a6158a66a7f96fd903a274759cfa521e975911df5d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\H6X96UW5\favicon[2].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 97093d093abbd6e3b871aac462695b4f |
| SHA1 | 9fa3567f4ff6dbc2d9fa508af29d0909b733a000 |
| SHA256 | 5538984669153f185d4908b43d7c0fe8abf92754acad7823a548c1de7b8295ac |
| SHA512 | 85d63861124c9e1224f87d6bcfaac124f0676614ee862cbe2b2cef0e0c24cb6c5a51f038b61063abc28bf8fb3835aed77f2f39f64a9503ffc31ad174fe4b5b48 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_9F4E274B10FF02E2E61EFF961AEDDC4A
| MD5 | 486717224ec9c83f4bd643e67690c44e |
| SHA1 | 5e2bd3a73ba906aa5c798867e0df36202052b953 |
| SHA256 | 7686382107b7ac9d0a27af023e9b42e5f7301b8463d43b6a8a6a513048eccce9 |
| SHA512 | 4a89d76e4924f979cda61253ce6a784bea1cbd7ce8aa1175f7f8c7f0151d869c0c70f9766a22cf97429efb578b6ccd612a5aa219735e9e943f88e0ef75b21e48 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_9F4E274B10FF02E2E61EFF961AEDDC4A
| MD5 | 783e28b491e1f8a3f1ce78dd0c23dbac |
| SHA1 | 93a6c5c30e217138bb287f0f37d499c10896b2d6 |
| SHA256 | a9bff25363ab3482dac3317b598eb99dafc377e5cc6073b272975a4e4ef01906 |
| SHA512 | cc19bfbef4a1c1e5e4852da4b59c9e7af2e4c1b02b26f6b9535b5d4ef4efa43fdd12fe83047fffb3c396b28385a4634e0b88a1b79767257a30046efdb21254cd |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | e45b4d7c5907ab887d45c663ab075e2a |
| SHA1 | 7e26a3a801d837bb84825f3ec0cf71c4fbc0fd47 |
| SHA256 | 35c55a122316cc2a5c3b82a45c3c8de48648f47189cab497f7c052aef12c9160 |
| SHA512 | eea5ee0148b34cc20c858d94cb49770a5bb88ae865d4dc257621f6c44795af471df7bdb2422ea4aa34cde8a02770b39f2539797ac46bab0ffa28a0d0dfdaf806 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | fb03526b897d572b399f3cba89305c9d |
| SHA1 | 8af3cc1409538d35897494cebe129fbd25de3bdb |
| SHA256 | 129164308e702fdc66b08a3e37443c3538cb38d3f8a9ec9f2fc242809eb2f745 |
| SHA512 | a91a001a7d0ef541fb2ee9e95a441a651a5555a9b2575872aaa5fe376fb80c60fbc67183a34d24291d1b255d6a216455e93c05b1533a2c235bea40d947e96c09 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7FLIC0\googlelogo_color_68x28dp[1].png
| MD5 | c4a931d597decd2553aac6634b766cf2 |
| SHA1 | 6ec84fb4a2745b4b71520241be77db1fd1013830 |
| SHA256 | f56402b127698db4b4dc611a97a6f081d04c4691c60522c5912d189e37c94a9e |
| SHA512 | 4932e0f7f38085a7c52539bdd5c7f470740e560a4471bea30d12ef9e3efe77f6bbfac28d26c62a245c43d98ebf74c824b2b414843080a27edf1563a5f874ac84 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF5F32DF89BE3C421D.TMP
| MD5 | 3010bcadde4020b03669690b6abefb81 |
| SHA1 | 8a9e6086d0a52c815de673a102f4f0e73a86803c |
| SHA256 | b98d50767c1611dac536ff37aa6cbee971e1716313e32832deda8d36bfea7da4 |
| SHA512 | 2c6fc24e6dc65c49384916c34596b9d096da6833ad91c1e42b794d186348faaa0efe04c78ade3b4c6c66a6e55e5a5530f24ef159bc2ce9669d380234818ac9c7 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XB472W0M\warmup[2].gif
| MD5 | 325472601571f31e1bf00674c368d335 |
| SHA1 | 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a |
| SHA256 | b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b |
| SHA512 | 717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 97ceaf7f68aca227f4317ac5906ad89d |
| SHA1 | f5ec2d4829f9827247c24bbc93745eab5fcbe69a |
| SHA256 | ab57273ae2f223378cea1e3efea90e73dd54a98859c3346d5a78a6825be2eae2 |
| SHA512 | a00bb9d2f60f889c5a3f3a2d9b4d27df2fdf74a6f39658c3da828275eb893f2c18a0eb903f53f84aeb30f2255ffa6cc64ad77ef0c6a3dda147e21cbbf389ae31 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | 9badfd5038bd323f31f87aa3ec42118c |
| SHA1 | dbca90289b73d456010f91f006c861773fdbcd93 |
| SHA256 | 309a90edaeefccd68301dd133fbfdd3dfde0f83143b086dad4b3f62a801c44ab |
| SHA512 | da4b38b1ba71468902e2475bd136fc54553f06854573896f941b9eb216d215408c9d67e255957f343c28d3f69c07655bf7cd07b7224567dae7e2f503246c738e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7W95R2BR\wcp-consent[1].js
| MD5 | 5f524e20ce61f542125454baf867c47b |
| SHA1 | 7e9834fd30dcfd27532ce79165344a438c31d78b |
| SHA256 | c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9 |
| SHA512 | 224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MCIU57VS\favicon[2].ico
| MD5 | b939aee911231447cbd2e3ff044b3cce |
| SHA1 | 0f79060358bea92b93ded65860ffbc9ecae3dc14 |
| SHA256 | f35fe126f90cecbb6addd79308e296e8409dbebf6bc589c31749e67713e9bb3c |
| SHA512 | 8053232364d54966f4b8acdf9af61a1366bae09789d6a76b8e723d7c3f96287460248eda12083795766809569527f4821f7e87ca4a644ae900c3df33002c9977 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7W95R2BR\MeControl_5BiUVwve_jNbxMN6Aaj8bg2[1].js
| MD5 | e41894570bdefe335bc4c37a01a8fc6e |
| SHA1 | 34d6f423170a67f9280bf4d21c02958e48f7d870 |
| SHA256 | 8894250ad2ace3aca911b3e12fa60f3d3300c1a36cf795d8c1f8afc3edb461f0 |
| SHA512 | 7eeddf9223656fd6da30faaf52ea8789221b5a073b03818a6b5d98a4390633258bda5c404595c554bf83d331a0282e8920255cd403f21a8719730f3aa026d8a8 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_8BB34D7AC6ADCC019FE5325FE9DECAE8
| MD5 | 52ba2779e1f6d974d7955b3f5793218d |
| SHA1 | 9ee41fd8a16140a8176abe247d1615f7083559a7 |
| SHA256 | 7818839c23185d73f66882ea2c586a0fbcf7131b9060477ece39c1d1d29bbf4b |
| SHA512 | cb2d2d6b6bab9d3cf445025f897891fa2d6d3dfcf767a26bafe37f85c51a9d24cdb74b5aae70af39bc1c6bb43d7458f11eb7fdf263707d88b105d7b2c6ec5923 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
| MD5 | 053db006cf1ca04c48ea7f19f0afeb76 |
| SHA1 | 0ca701a29e4e327d241ddcd6ce7307c9720e24af |
| SHA256 | 267d103f05824e43bb4869b58e29fc0a2db44afe71ce28f7ee8a3dbe75a0dffb |
| SHA512 | 0b6dd2c65080b2c5387a76d0cf60ebeffccd51edc92f032ae4ed536aebae9771979d866a57c62e2dfd8dae4e3bf6b8fbb247af2c199adabe2ce2f8813d4b51ee |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
| MD5 | e09ca0d4dbf5ad97e38a87771c943c45 |
| SHA1 | 1873aeda4c902849f3fc461df717512ac3d5e03f |
| SHA256 | d4bd954b2486992eb397e3a7f59cd98e30376884e22b2b295a9b80771edf152c |
| SHA512 | 087d579591fe6f27314f4bc558ccd2b262a157d95f87f4a7d258411aff2b77130ab4cec83e49185f5d5df9d904da408dfb66c8dfee7f22cd6aceef2e0690310d |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | e5c1da5d2ed424732cd12e2811f10ea6 |
| SHA1 | 4492474cd7d4c9628654c2ad5282f1d1802521dc |
| SHA256 | fedbd431f78c9f996e6f16d8da8fd5b49d2e728606389bd6db96350429b66e26 |
| SHA512 | c4cacd361e355ddd5a68d0b342158ff74fa2614b792b3c4adf664d8e35581eb07ab133fcbe4dd5638fd8322ac4767ae81146311110889dbe64cf16b5441b9440 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
| MD5 | 966345e42118c8dc18aeca82ce3d62d7 |
| SHA1 | 189e64974b44aadad05818af9e6fcbe69a5507b4 |
| SHA256 | 5f17d7653463dc8c5ace60210b5578ac1008758e7d4cd04e1e1637ee6a305f8b |
| SHA512 | 6f021c32f3d6f70a47981be13d075e668f78af3162b7e5ec690812e0f22a70a91ce1170007fdd4f843c997015025caca48154420ac8e3bdea6f76da7b6fb599c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{2F66D10A-69F4-416F-9BA5-BA1B79CDFF84}.dat
| MD5 | 8c25f9f42d519b9cc34d49b881705330 |
| SHA1 | a22e914856750f86f0784e5052af7bca6f0258b8 |
| SHA256 | 0f553f4856cfd6bcf74d980a0f1e54e1ddef419e083903038c82d93639667146 |
| SHA512 | 047ea71e3f7e5a3d7afbbab3450ac03d186ae7da273637650af812bb322fd29cf0319cfe0dfbfa426933f2b364a664c30d7788869b6b77a99fbb9bd44774acbb |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{EC70778B-4C67-4C4F-AAE2-2AC92F716185}.dat
| MD5 | 29486747144f778cb1bb5bffd1bd4b42 |
| SHA1 | 70baa48dbe16127b8bc3959e01f57e076407df16 |
| SHA256 | 8fb70edde7ef1dfe30c4277e65c343d33fc7f92f9eaff04d1deae53e877ca842 |
| SHA512 | 7b47394358e4760c484038949d2ec060988d98b148870acec14fd1eb3a5605ccd9b2b1ea385349b8d2013e5cf32ad7375da6ffb5a6e3973968c112fdcc905ae1 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{80BA678C-68F8-495A-9EF6-E945AC974869}.dat
| MD5 | 07c96d95c3ea08f5a3b95e57d2112618 |
| SHA1 | 79ad08bd9c1e04b6f26b2db99204a8de8979bf62 |
| SHA256 | 43977608d5bc2aef8848ca588258eb491473b900dfea6a64bd9e0aeb8f4cfed6 |
| SHA512 | bfe61ec856d3bdc772bc8f48d9fe27364c5b826fbb3aa1aa5899b4bc69fb6c199980fd61d7e2dea107a03da04ee5c6fe61eaf1ad54610ca3c0275c60cd88b092 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{9C4CCF0D-3D3D-426B-B46D-8419F8039599}.dat
| MD5 | 66d1727e43e648a6238befe1ef681e7a |
| SHA1 | 6783c28f31352634130e638edcf307a89481d46d |
| SHA256 | db740d6738ce9925c5b68410cad28cdb023198a3f63bd301572d77f4b7404479 |
| SHA512 | 3b8b1d892bea738315a6a2c0ded863e8045ca1c6c28f3d063b5c9405ceeccc76fb54cdb9fa9652b0cb9132c6ed9fb75409ac86dd680c7002aa3800ca9bf29aeb |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{53B29021-E864-428A-A60F-F8606D6DDED6}.dat
| MD5 | 6ac6f2b9cc561de9d59d7a4472f1fabd |
| SHA1 | 262d3af8406aefff93dfb18c3eba5f95855a5fb6 |
| SHA256 | 1f55f535760c08d619a574f705271d4073f2bd5e67e17fbcbc46c47df0e67c7e |
| SHA512 | b4fe5222566f6a7c28d1c1fbe38e05bbd5d39ca93ebf247c6d684f55e392449a52d0f910dc68667a9014935433b3340085dbd2a290a10ffa4ff3ac8965423ee5 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{8F9FD2C2-0D4F-4015-ADC5-AC87577D5EE1}.dat
| MD5 | 64c4c5ae65f0623900aaf60e752e9e38 |
| SHA1 | 75886de18a2fe00aa84b0f607a0f562821091a49 |
| SHA256 | 5fa427622f4b4af6df0b316f3ab837a243d110333f84381e6e87292bec9d474f |
| SHA512 | bc23e42eac7f457a7766160bec44f24d82c0a36ea2b97e880877434d4e6c74b4c659ccb069aa2b1733da11745abdf97129060c8aacca635957a23b8e687d919b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{ABCD67AD-1EA1-423F-8F2E-1904E702C44D}.dat
| MD5 | efa64acc9628ac82673a3c6be1a9966a |
| SHA1 | 4868cab82833d00883e49c5d733b7934d61d9489 |
| SHA256 | c4a78ef3f73f940a38554b62ed755ba87fb685745e3206e85b4be4c19ce32c25 |
| SHA512 | 4aa342fa1e45a309bce7299bdde14e1a9f2ff518eb9debefe0dbb750ae290fcd9bfa0d4e14da87ddc2cdeebd24ba249c5024ec0ddf074fb26f680a7b8ad71eb8 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{7651802C-4F97-432C-A3A7-60ACDE265265}.dat
| MD5 | 58659e1da642040e50568c71f8579258 |
| SHA1 | 97b0e3e2c013df53ca8931e4a03021c5b80d0e0c |
| SHA256 | f0462790f0a9c650d381a412ec38f2bdd1c8e345fc4bdb145eb9a2b92aa2c101 |
| SHA512 | 3290f528924dd25b22ee680972069118bb33b93097e9ea3c293f71110a3e1d5a949a72f73194f837ac82495ed97d87e20648762ff78d6b49b12a7e5aa3285d39 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\rt5g2v3\imagestore.dat
| MD5 | b20da5c56995c4213e5dd9cc86eaad56 |
| SHA1 | 7586260218c6a387e526d3add765e05b46e5c18a |
| SHA256 | ad4965f6c6bb15c02252e5e3939b9460013691d700a4aa397d2d81b926dfcc91 |
| SHA512 | 5c6c7a76737efcbe6be01de0231b0b9ac46fe68fc34b4b31d3fb26a66c328859693f753b2e7b1b01a8a81e6b0fa62865e4042d4f698b035ed50bf787f4ab04f4 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XB472W0M\checkmark2[1].png
| MD5 | 4ed31cfd51e649f9e6ab8472e55b0ddc |
| SHA1 | b966aeb36708d3e027e141e25aa28422832241f2 |
| SHA256 | b047fd79af92686dac83158af07940e09ec1d224374aaf28c76e3e6763c428e0 |
| SHA512 | 53b25e0df68c9ac03fd32feb8dd0825e901bdec67f6443cf40f903efacc101a2b900b887f2b19dc40cfadc4d1e433a250566fcf8f1ffefc23808f45afb16f3b2 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_BDF0A62055B2DFF981253B43C2036DE3
| MD5 | 043242ef04beeedab7863ea4478afc5c |
| SHA1 | 712f40f9a8b16f999da94ab1839da53846df8de4 |
| SHA256 | 206c495bd205e5a0b42e6a111a5df2c3cf2c664282d2e20ccf1642285d4484a7 |
| SHA512 | e5ad061ff0c9122e1963dc5b1361f25c0d1e0b8258d631a4b2db9129fc1dc64c6c13b76a5069fbb3179346395a52be8401d64aaa50700ab7d47bc7a3ac18dd77 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_BDF0A62055B2DFF981253B43C2036DE3
| MD5 | f802666bce1365127683795775670b40 |
| SHA1 | be32057c977dff4b5bf34353a3fb59c0da393814 |
| SHA256 | b2e33019da0c360cc72966101c345754696ecab18e83ec9455001e8c8b3ae913 |
| SHA512 | c6cfcca034feebe5d898256e01c618fbd930f7f679500cf1dd0eb733ba8aaaea9f33461ad13110998bd312970762c7255a6ca0c46bb58972211f4181bbfee4a7 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | 4402c9b6ca82462377fb6485c0b7b055 |
| SHA1 | 31127fd965acc86f85902c55b3c4257aa6ae74df |
| SHA256 | ee970092c05a5104519797b1076cf296bd5859d759cc7aabcb934f87ae36472e |
| SHA512 | b3045530ef1dd16e429259fc58baaef1862b8877c1cee924cc8a3f7ef5e488a694fa60195eaf4f6f3d692834380e90cbc8a42d1fff0cbd439b4881cd9d32bab9 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
| MD5 | 90308fd67e97b4dbcaea621ae2f9e4de |
| SHA1 | fe483c07af8673febcfdcc2b0516069f41418b18 |
| SHA256 | c34c2ce677c02cfab8bc599adf2507b7accf35518921c628acf05b33be05e91d |
| SHA512 | 731b047349d8b19e4df578f6ca529a2b2839e892a79e90bb38d1c8a4608a36cf49ee6344c2325f6bcb2615cd05677f7ef18c2c6724b4473ec6ca29f4487487c5 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
| MD5 | 6cd72a6c120f55fbd4f64af18119b711 |
| SHA1 | 396161965f67b46fcb2e11ccae4e73f7ea671dd4 |
| SHA256 | 6db91323600fb502aa326f390a726c1161013504d717c64ea633550222151a90 |
| SHA512 | 73b0b941180d006ccfe2bc56ac62c23193689c641d1e2c49a321abf22997710e4f0eb2eef49a01dc2e54276d9eabe9576010a89b43ca2a060791b2c8cfd92bf5 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | 338ffb00b2112bcee6a5a129cab88415 |
| SHA1 | 377fa650f9da728104390a15ee0dbac8ad3b8218 |
| SHA256 | c4f98a3b6080442fd400b9c59febc1d425cac39f70adda3d62c9e68d124de894 |
| SHA512 | 87faedbf4389b120c6345a9d6cfaf9bc9c511e1b7c0ac76494aafc853e3682e94e04596e21a4268f9e593e2b76896891831a6068fce8b901158e6c21056b9bb5 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
| MD5 | b73b517db3cd4a4566cccfd4998b1ef8 |
| SHA1 | f2ed92a03b130a753364b7645dd232671380aa0a |
| SHA256 | e4cd360e7212ce1ff8797fc1d8af022cd1bf45260d37fae8072a46af2d98fa73 |
| SHA512 | 2dadb333f3e068ade08360a1da89c64402e539ec036c9e51af91bb5029566a6d77eaf67382fb4335d48e97e3887977cff55df6c6586417872c1fbf9d24272f17 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{D7B27A98-7746-47A5-AE03-0B7EB123E07A}.dat
| MD5 | ed1e6a730d471e037fc0104451007027 |
| SHA1 | aa98fc23b5ac95fd37331b1e2c9bc1531838453c |
| SHA256 | dd031475c7d5a951ec7e7de4ed51f6b47c9f6b4cda7d6add87c100292de97b67 |
| SHA512 | e655e1cefaf671ea50024c516cd9361b87548a12ce5fa92bc5976286e3e94d1e1013a1033cbe9481befe2b4624e036ee41628b09dc3e30b10e71442b7cb9dcdd |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{A36B1D03-010B-4BD5-A142-635EEE39C38D}.dat
| MD5 | 0dcd6f9099aac3736893920f2fffccbf |
| SHA1 | 6f1d4431f9f911c13916ced5a56615e111baa600 |
| SHA256 | a7cefbbe54bef33fc2d4da81be02474bd0fa532a8fc6f45013f58c65414ca7b3 |
| SHA512 | 982e4e67d5763cac7a130784784bdb53c965e97c338b698912946eeb994a861e48e0421ae4115e3b678395c241736b0d5a0125d6ad6e366373f3b6c67402b902 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\rt5g2v3\imagestore.dat
| MD5 | 0f641c406232a3d58b21e837ca30f936 |
| SHA1 | c1ad960ab0ffc43a3a55c597379634467aa2cb80 |
| SHA256 | fcfa3d8b83d77548817af4b7b469517ff40d15b0449d93fdc358b085ee87485f |
| SHA512 | 746dc6fc71abcb2518de22e1ae3bd58c433ecdc92cc067ec30654e53e115b889cf7ee0ea6e7e13f8585b585d177459fa81cc85a359417cf9b332fbf874659b6b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
| MD5 | 690d3ec293f371972aaeedd9c3db957e |
| SHA1 | fc6de4422a52fb466c3885e2debfaa1900014eec |
| SHA256 | b25c32d901f223c2ad9effc86fc7bdd8176bb2298d81b02545b9055efd8cd075 |
| SHA512 | 5e35eb61b7798fcaf9c86c3008c0fc4d617a1b12252b36fb2c6066b128b16877d02ad5813692b1f66c98c41b62bc6fe69f711ff7d19bbe4eb9ae979d6b80a7ef |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
| MD5 | 9bb6655c9d1dd57b7cb60b0ad2ce08ef |
| SHA1 | 17959a36961b739f677a17dd75c4056080c0403e |
| SHA256 | 2dd19b367e8f76f09d8214d1227597f1c411add02a56825d380d90eee107a48b |
| SHA512 | b0f8e5dd8dc079e71032c6595c308765898e55583acd99d973935196b51a9b7453919a879aea0ab09ec5a89833836258fd599d548116f5cc8bbed9ec46e22214 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | 897bb45bf7eb09662202176e1693ce87 |
| SHA1 | d7072320cd2cb6e38997820dd0aac9381c359e62 |
| SHA256 | e7c6d481810b7ddb4ac6ec788a25684004fa749f4a2f31a2b8de81286b9e8ba2 |
| SHA512 | 8c23162e19cfa8887f5da2d3cef66d2694738821794b02182fe5b3af554c0572e4a5710b571b035c5f2bf8c9c2a700c0050863bebb0de865e82892ef6c1b2895 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
| MD5 | 2199431624c769941b8093d1507f3c47 |
| SHA1 | ef9bafd7724146edfe0017c79aaa28ab6fdce893 |
| SHA256 | 99c80b8fe1b17cb1b3012821afc04d2ed3cad5b3a5c9b9dd30d9a6c4af974308 |
| SHA512 | 272233ef7d00755e4de34f0d719dd7f65729e8eaa4d2ec6927bb758cfa2f0efaac8f7ae7eb866d4b2ffebaaaa6ef0181d6d3b1b3327e4e94f88695e21698778d |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{6E432133-9A18-4C48-80E7-9D14E68AFB00}.dat
| MD5 | afecfb5b2470fea31f6ecae09bcfe28b |
| SHA1 | 06b57a8639ed7376b4feccbe6ec62bdd0aa8d534 |
| SHA256 | e6a52f4aaecb0e708f5a140a87c70658f393cfe7f0d7639ca7eadf851f902b2d |
| SHA512 | 8ba5045c18292b08c6f806d5b9052004ec77faa773638ee86d11ca29eeafc463234fe9868597ec00493f39a64f0582cd85c761a19b674bb7aa889293bd8404f2 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{CB03D10D-B6D0-40BB-B1D3-9784FDAD196A}.dat
| MD5 | 08ff52d66f4c80189636facffe03171f |
| SHA1 | 47f28a7a9b91f0d8ea7c084304fe72d536bc4871 |
| SHA256 | 8bf1bbfa6d1fbb3845133b6e9d408a41dd064e882f6d6d481084547acfa01a2e |
| SHA512 | 77aa0ae0e961c93ad8d489c30a5688dd760dcc1403470b6d1278e5de3703ccf6288a2a309135348ef601215e04adc6eac39de3f07565a43a7f30e5c644f4e08b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\rt5g2v3\imagestore.dat
| MD5 | 6eabebd0477e900487952811ae911480 |
| SHA1 | 966572bf120922e879b9c2ea3c40c6112061abf7 |
| SHA256 | 3914a7f9fdd1af39754982c83e8d86a722f2258c1de651e8d6b7219da43ae455 |
| SHA512 | eb80a82544ec82a94575a0a19c76e5380ee3a6c97c309ba8debc33e1b863a109a64df9a44320bb850fd1553a79391b784b8f7d565e33d9eb65cd88f5f3853996 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
| MD5 | 2031471ffe6935bc9dd01a2477993898 |
| SHA1 | ddbd5afa18bcc2b3e9d271265ccf794616a15e4b |
| SHA256 | 43e9b9051e260679679a5b293d09b70ec7f9a4eaf7b7cda5e121c30335445692 |
| SHA512 | d5a47331cde4d177d7b20858556860b5ca132384a36c9fa41272a8ae96bc955f5356cab2d3896d8c378158d5dccaff4343773abbae4377572e5eb8e325940631 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
| MD5 | a7b3d56f6efeb4ac3f5b8a69842643a9 |
| SHA1 | ab48056cebde398f61f71dd346968900de4c73c6 |
| SHA256 | c8db4baa6e5a5cf15a8622099988bf9d7f3e1a9a8b51c4920f274e5ec3fda30e |
| SHA512 | a5755e6620fa509030e6d224a31be1728fe3e546b844d9c69ae9bbf3888414dc9ab4e1729d841df9f9ef6a69122f245a5fd3fda6bd2392bd71e552d1869a8cca |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
| MD5 | 13d12a6b9d62ccd52fba21904f605136 |
| SHA1 | 39b17a3b36f5781ec0c45fdf22e04fad4e849ade |
| SHA256 | fe873db67663d9bba026d260eac9b3415cc024924ce73d14c33f2a3b1b0fe003 |
| SHA512 | 1517324b415787e303d320915243684df727b6e3f410044136b1a4773f84caa5b4e04c7ce4adbe41f8d7fb8f699e8bd4f6e68e9e7f8bde51315dd96de159145d |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | 39b0b40f35a717579f5e857158ec7cc6 |
| SHA1 | 0272ef50d2869a83a9221a448c92887126367b1f |
| SHA256 | c307151794fefce6add0c6e877ff7235a37503271e2a202e45a228455e262aef |
| SHA512 | bae5e2d99f117ec68af72357532090d7333d43d830ec55c2fe9e01fafc2021de47f7558677118288b5cde4e60e5ca4827a7942d05a16f0c0f6859d29873eb383 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{E62F8FC7-FAA0-40DC-8682-41C4EB8FE5CB}.dat
| MD5 | 1fb62a966e154a243c6859292c0b898d |
| SHA1 | 6fa9fea81fd5af978f3f7bcee6fbe3d8643e68c8 |
| SHA256 | 662cba78ccb63f8de56eb113ef9de56ab107a4e151ae5326df60df80c195d439 |
| SHA512 | 23675eb7f8d70969ec120fc0667521d5496391edd3c1ed3d278ad6da77459c135e6ab84524b245a593cf807cf8487d53617eb835a7ee01186b342b90008372c6 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{9F192729-940F-4C36-9194-30D5378AB5CA}.dat
| MD5 | 4fc0c23c54140a7ec1cbe2b05cbdf178 |
| SHA1 | c715870d5b30e232fff4517f85a559fa3d9ae22d |
| SHA256 | f93ee39b6ce0a7057b9236e5153704242ddce3535b8ed842fd59a720b4199e10 |
| SHA512 | 73d0eb713d35be7062c880975504e9bde08414775dfda19c278b1fdf3ac2aba94ef7a01f983f8bf3505806bb4ab12dc1121f2dbfa0dd4833720b84431b0a6837 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\rt5g2v3\imagestore.dat
| MD5 | 84dd2ab181e22bdf9ca86d9ec6d8962e |
| SHA1 | 8f20a704c17fb6a7630ee91017452d2300b5334a |
| SHA256 | cfcb124990efbf098cb6f55a27c4e9b2cc841f5a7535ca182ace143b15a4849e |
| SHA512 | db589f3ef1155523f5a70d678cd0f1f3d9aeea18611d9fce083009c770d4e0bdecaba7e0312aaf052530fffbb40475d48c6b38a7b3bad769b5ca919e740f8ee3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\rt5g2v3\imagestore.dat
| MD5 | 78b465bb77357f543349f4a72f9ee427 |
| SHA1 | 827ce396d7d5e06a952a75460c20a5e1d562a679 |
| SHA256 | 46758e5ca6bf9104c491baf9b157c7ab81f4bba0424b43c22931289cd9d10ea8 |
| SHA512 | 2e41f0de5ddcf96be8cf3a535ecbf97cc6c40524f3f47c4c94c93e1c1e3b0b6312e22e16523312bbff2ade7872abb5780c64d4ee4aa4f73f40f49d09e5123602 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XB472W0M\js[1].js
| MD5 | 780cc6471a17d9ccc275a90e17f0ed15 |
| SHA1 | cb9bd58ba641f36f53fa6533079ae2cf9636dd6e |
| SHA256 | 557d477424c7aabf34d3c54d10892d4b289fbba2a31eff1e595e9dc964c9d1d7 |
| SHA512 | e42d80b0745eee0c80cb8dcab50a728e03b241e6d5fcd1adb0a49e8c9de9eaa0c5687d74e8c0184336e04356d2c706a3d35fbcb6882d17af69b9a35bfdc988e1 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CFNGC9XN\PCOP[1].ico
| MD5 | 6303f12d8874cff180eecf8f113f75e9 |
| SHA1 | f68c3b96b039a05a77657a76f4330482877dc047 |
| SHA256 | cd2756b9a2e47b55a7e8e6b6ab2ca63392ed8b6ff400b8d2c99d061b9a4a615e |
| SHA512 | 6c0c234b9249ed2d755faf2d568c88e6f3db3665df59f4817684b78aaa03edaf1adc72a589d7168e0d706ddf4db2d6e69c6b25a317648bdedf5b1b4ab2ab92c5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-03 08:51
Reported
2024-05-03 09:02
Platform
win10-20240404-en
Max time kernel
599s
Max time network
386s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\applio.org\NumberOfSubdoma = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000005eac7e99a8918dded0cd29b46b55aa67860a19083c072cae0dbd45bd9b97b085e613381e137b79c69eb19d6250b84baafa3bef474c286d2a672b | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = e6398e3a379dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6a521435379dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4db33535379dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 652ef448379dda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://applio.org/playground"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | applio.org | udp |
| US | 76.76.21.21:443 | applio.org | tcp |
| US | 76.76.21.21:443 | applio.org | tcp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | iahispano-applio.hf.space | udp |
| US | 8.8.8.8:53 | 21.21.76.76.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 52.5.55.249:443 | iahispano-applio.hf.space | tcp |
| US | 52.5.55.249:443 | iahispano-applio.hf.space | tcp |
| US | 76.76.21.21:443 | applio.org | tcp |
| US | 76.76.21.21:443 | applio.org | tcp |
| US | 8.8.8.8:53 | ocsp.r2m01.amazontrust.com | udp |
| US | 18.239.210.27:80 | ocsp.r2m01.amazontrust.com | tcp |
| US | 8.8.8.8:53 | 249.55.5.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.190.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 62.215.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.210.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.56:443 | www.bing.com | tcp |
| NL | 23.62.61.56:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 159.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.173.189.20.in-addr.arpa | udp |
Files
memory/2232-0-0x0000023094820000-0x0000023094830000-memory.dmp
memory/2232-16-0x0000023094920000-0x0000023094930000-memory.dmp
memory/2232-35-0x00000230939F0000-0x00000230939F2000-memory.dmp
memory/1320-45-0x00000294523C0000-0x00000294524C0000-memory.dmp
memory/380-141-0x000002245FCE0000-0x000002245FCE2000-memory.dmp
memory/380-139-0x000002244EDA0000-0x000002244EDA2000-memory.dmp
memory/380-137-0x000002245FCB0000-0x000002245FCB2000-memory.dmp
memory/380-166-0x000002245FF20000-0x000002245FF40000-memory.dmp
memory/380-184-0x00000224609F0000-0x00000224609F2000-memory.dmp
memory/380-182-0x00000224609D0000-0x00000224609D2000-memory.dmp
memory/380-180-0x00000224609B0000-0x00000224609B2000-memory.dmp
memory/380-178-0x00000224601F0000-0x00000224601F2000-memory.dmp
memory/380-176-0x00000224601D0000-0x00000224601D2000-memory.dmp
memory/2232-203-0x000002309B650000-0x000002309B651000-memory.dmp
memory/2232-202-0x000002309B640000-0x000002309B641000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\o3kjd4r\imagestore.dat
| MD5 | 24be8f71d170e4194092cd6dd1a7a10c |
| SHA1 | 37364211465ece939be6c1485fe313f7c651bfff |
| SHA256 | 08e1ce56ae7310c158c51f1b728d6e09545edb545ce3232c78c88c924d5785db |
| SHA512 | 23d69b51259499afdf4f2f16d0d2ed2730005c9aae15ad4ba3c107ff810afea3a3eb3fc222d2a955c14e543c7311eb3e51c545b37f19f0ba5b02bb01102b2ae3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PDTIEX18\favicon[1].ico
| MD5 | fb8ba515d3111f1abb4547f174ce6c02 |
| SHA1 | 596c0d987910e9955386f13e9786efb235c8e9e9 |
| SHA256 | e3162d4b4c07645f90316a5980cb046224705ce3bcba7bcafaec059e1d077584 |
| SHA512 | 1fc363885870a2c7b173e6e516b01509c7b2a35ed15ba07b590db13115bb095ef33efcd7ef371a5e94470b2a0a7909bcf3492125e2bb4af3ad663db7664ebbb7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BLQDLNEB\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\S912DKVA\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |