Malware Analysis Report

2024-11-15 05:40

Sample ID 240604-cjk49ahf71
Target Galaxy Swapper v2.exe
SHA256 87d6a5343b80cf6fb434dca7f7efe2be542974d83756bdb7774750d8f0d5dbbf
Tags
discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

87d6a5343b80cf6fb434dca7f7efe2be542974d83756bdb7774750d8f0d5dbbf

Threat Level: Likely malicious

The file Galaxy Swapper v2.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery persistence

Downloads MZ/PE file

.NET Reactor proctector

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Adds Run key to start application

Checks installed software on the system

Enumerates connected drives

Drops file in Windows directory

Drops file in Program Files directory

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Modifies registry class

NTFS ADS

Uses Volume Shadow Copy service COM API

Modifies data under HKEY_USERS

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Uses Volume Shadow Copy WMI provider

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-04 02:06

Signatures

.NET Reactor proctector

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-04 02:06

Reported

2024-06-04 02:09

Platform

win10-20240404-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe"

Signatures

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4} = "\"C:\\ProgramData\\Package Cache\\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}\\windowsdesktop-runtime-7.0.20-win-x64.exe\" /burn.runonce" C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\Accessibility.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\mscorlib.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\System.CodeDom.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\cs\UIAutomationTypes.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Numerics.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\pt-BR\PresentationCore.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\tr\UIAutomationClientSideProviders.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ja\System.Xaml.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\PresentationFramework.Aero2.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\PresentationNative_cor3.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hant\UIAutomationTypes.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\pt-BR\UIAutomationClientSideProviders.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ru\System.Windows.Forms.Primitives.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hans\System.Windows.Controls.Ribbon.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\Microsoft.NETCore.App.deps.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Text.RegularExpressions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hans\WindowsBase.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ja\UIAutomationProvider.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\fr\System.Windows.Forms.Primitives.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ru\UIAutomationProvider.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Configuration.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\it\PresentationUI.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hant\WindowsBase.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ja\System.Windows.Forms.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\pl\WindowsFormsIntegration.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Drawing.Primitives.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Numerics.Vectors.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Xml.XDocument.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Threading.Tasks.Dataflow.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Security.Cryptography.X509Certificates.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Runtime.Serialization.Json.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\System.Windows.Input.Manipulations.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\Microsoft.NETCore.App.runtimeconfig.json C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Threading.Tasks.Parallel.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\de\UIAutomationTypes.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ko\PresentationCore.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ko\ReachFramework.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ko\System.Xaml.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\tr\WindowsBase.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\Microsoft.Win32.Registry.AccessControl.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\hostpolicy.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Transactions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Data.DataSetExtensions.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\PresentationFramework-SystemXml.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\PresentationFramework.Classic.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\es\ReachFramework.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ko\System.Windows.Input.Manipulations.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\tr\System.Windows.Forms.Primitives.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\es\UIAutomationTypes.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\de\System.Windows.Forms.Design.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Diagnostics.Tracing.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.ComponentModel.Annotations.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Net.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\.version C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\UIAutomationClient.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\clrjit.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Net.Mail.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\cs\System.Windows.Forms.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ja\UIAutomationTypes.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.IO.Compression.Brotli.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\pt-BR\System.Xaml.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\System.Windows.Controls.Ribbon.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\cs\System.Windows.Controls.Ribbon.resources.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\pt-BR\System.Windows.Forms.Primitives.resources.dll C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4CE2.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4EE7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI58DC.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Installer\MSI3BEC.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI43DE.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4650.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI476A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e58358b.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{EE5EB03B-D65C-4991-848E-2C6E024326DB} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{221BB52A-B763-4C9D-AA62-4B0B6C9AAD62} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e583586.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e58358c.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e583590.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4B6A.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e583591.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e583591.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\Installer\e583582.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e583582.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e58358c.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{B0FC828F-678C-4868-9B5B-99639758E6F3} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Installer\MSI37E4.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e583587.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4924.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI4A1F.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Installer\e583587.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI47BB.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{72C29BED-666F-4E5E-BC49-DF44C890742E} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e583595.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1c C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1D C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1A\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1B C:\Windows\system32\msiexec.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1C C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1d C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "64" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}\ = "{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}" C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F828CF0BC8768684B9B5993679856E3F\Version = "944782160" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4E3F426DBD05F2A509C6867B91443826 C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}\DisplayName = "Microsoft Windows Desktop Runtime - 7.0.20 (x64)" C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.80.15184_x64 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{0FD148E5-4BE9-4934-A390-D8E98F0880 = "\\\\?\\Volume{38FC5F00-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\windowsdesktop-runtime-7.0.20-win-x64.exe" C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_56.80.15184_x64 C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B30BE5EEC56D199448E8C2E6203462BD\Version = "944782160" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B30BE5EEC56D199448E8C2E6203462BD\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.80.15245_x64\DisplayName = "Microsoft Windows Desktop Runtime - 7.0.20 (x64)" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A25BB122367BD9C4AA26B4B0C6A9DA26\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System C:\Windows\system32\browser_broker.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B30BE5EEC56D199448E8C2E6203462BD\Provider C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.80.15245_x64\Version = "56.80.15245" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{4A151598-5CD8-4E7F-8B6B-5BB529F2BD = "8320" C:\Windows\system32\browser_broker.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{4A151598-5CD8-4E7F-8B6B-5BB529F2BD = d2895b1f24b6da01 C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A25BB122367BD9C4AA26B4B0C6A9DA26\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{4A151598-5CD8-4E7F-8B6B-5BB529F2BD = "\\\\?\\Volume{38FC5F00-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\s.htm" C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.galaxyswapperv2.com\ = "159" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DEB92C27F666E5E4CB94FD448C0947E2\SourceList\PackageName = "windowsdesktop-runtime-7.0.20-win-x64.msi" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A25BB122367BD9C4AA26B4B0C6A9DA26\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "122" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\galaxyswapperv2.com\Total = "104" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B30BE5EEC56D199448E8C2E6203462BD\SourceList C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f902fc1624b6da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F828CF0BC8768684B9B5993679856E3F\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\Version = "56.80.15184" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F828CF0BC8768684B9B5993679856E3F C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "122" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe.nkj1kjh.partial:Zone.Identifier C:\Windows\system32\browser_broker.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\s.htm.scojuwz.partial:Zone.Identifier C:\Windows\system32\browser_broker.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3144 wrote to memory of 2140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2140 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4164 wrote to memory of 948 N/A C:\Windows\system32\browser_broker.exe C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe
PID 4164 wrote to memory of 948 N/A C:\Windows\system32\browser_broker.exe C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe
PID 4164 wrote to memory of 948 N/A C:\Windows\system32\browser_broker.exe C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe
PID 948 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe
PID 948 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe
PID 948 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe
PID 4488 wrote to memory of 3408 N/A C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe
PID 4488 wrote to memory of 3408 N/A C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe
PID 4488 wrote to memory of 3408 N/A C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe
PID 308 wrote to memory of 3328 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 308 wrote to memory of 3328 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 308 wrote to memory of 3328 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 308 wrote to memory of 2400 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 308 wrote to memory of 2400 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 308 wrote to memory of 2400 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 308 wrote to memory of 5080 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 308 wrote to memory of 5080 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 308 wrote to memory of 5080 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 308 wrote to memory of 3908 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 308 wrote to memory of 3908 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 308 wrote to memory of 3908 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 2300 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 1408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 1408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 1408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 1408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 1408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 1408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 1408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 1408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 1408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 1408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 1408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 1408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3144 wrote to memory of 1408 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe

"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe

"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe"

C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe

"C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe" -burn.filehandle.attached=548 -burn.filehandle.self=544

C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe

"C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe" -q -burn.elevated BurnPipe.{2F474FE3-6357-4739-87BF-9C4673DC4FE4} {71EFFF6E-3800-47E2-9567-7DAB1CD0B882} 4488

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding B6D278D22F3724B58EBD4F42B9F26CBF

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A7F8DCD77FBA1B08C709D7AF6CBE4705

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 81F36068A27B08EB2FAC3330E83410F5

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 8C9EF19D85B84642C09A80F1577941A7

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x200

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 aka.ms udp
GB 2.16.234.57:443 aka.ms tcp
GB 2.16.234.57:443 aka.ms tcp
US 8.8.8.8:53 dotnet.microsoft.com udp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 13.107.246.64:443 dotnet.microsoft.com tcp
US 8.8.8.8:53 57.234.16.2.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 target.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 microsoftmscompoc.tt.omtrdc.net udp
BE 23.55.97.181:443 www.microsoft.com tcp
BE 23.55.97.181:443 www.microsoft.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 13.107.246.64:443 js.monitor.azure.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 48.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.6:443 browser.events.data.microsoft.com tcp
US 20.189.173.6:443 browser.events.data.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
FR 68.232.34.200:443 download.visualstudio.microsoft.com tcp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 200.34.232.68.in-addr.arpa udp
US 8.8.8.8:53 westus2-0.in.applicationinsights.azure.com udp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 20.9.155.148:443 westus2-0.in.applicationinsights.azure.com tcp
US 8.8.8.8:53 148.155.9.20.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 www.msn.com udp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 8.8.8.8:53 assets.msn.com udp
US 8.8.8.8:53 browser.events.data.msn.com udp
SE 92.123.135.79:443 assets.msn.com tcp
SE 92.123.135.79:443 assets.msn.com tcp
SE 92.123.135.79:443 assets.msn.com tcp
SE 92.123.135.79:443 assets.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 204.79.197.203:443 www.msn.com tcp
US 8.8.8.8:53 79.135.123.92.in-addr.arpa udp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
NL 23.62.61.129:443 r.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.14:443 login.microsoftonline.com tcp
NL 20.190.160.14:443 login.microsoftonline.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
NL 23.62.61.129:443 th.bing.com tcp
NL 23.62.61.129:443 th.bing.com tcp
US 8.8.8.8:53 www.galaxyswapperv2.com udp
US 172.67.72.193:443 www.galaxyswapperv2.com tcp
US 172.67.72.193:443 www.galaxyswapperv2.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 193.72.67.172.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 d3eub2e21dc6h0.cloudfront.net udp
US 8.8.8.8:53 img.icons8.com udp
US 8.8.8.8:53 drv.tw udp
GB 108.156.50.103:443 d3eub2e21dc6h0.cloudfront.net tcp
GB 108.156.50.103:443 d3eub2e21dc6h0.cloudfront.net tcp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
GB 89.187.167.3:443 img.icons8.com tcp
GB 89.187.167.3:443 img.icons8.com tcp
GB 89.187.167.3:443 img.icons8.com tcp
GB 89.187.167.3:443 img.icons8.com tcp
US 47.252.11.143:443 drv.tw tcp
US 47.252.11.143:443 drv.tw tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 145.178.204.143.in-addr.arpa udp
US 8.8.8.8:53 103.50.156.108.in-addr.arpa udp
US 8.8.8.8:53 143.11.252.47.in-addr.arpa udp
US 8.8.8.8:53 113.216.138.108.in-addr.arpa udp
US 8.8.8.8:53 pogothere.xyz udp
US 8.8.8.8:53 opositeasysemblyjus.info udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 accounts.google.com udp
US 172.67.72.193:443 www.galaxyswapperv2.com tcp
US 172.67.72.193:443 www.galaxyswapperv2.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 172.67.220.203:443 pogothere.xyz tcp
US 172.67.220.203:443 pogothere.xyz tcp
US 172.67.220.203:443 pogothere.xyz tcp
US 172.67.220.203:443 pogothere.xyz tcp
US 104.21.20.39:443 opositeasysemblyjus.info tcp
US 104.21.20.39:443 opositeasysemblyjus.info tcp
US 8.8.8.8:53 177.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 203.220.67.172.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 39.20.21.104.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 galaxyswapperv2.com udp
US 104.26.14.156:443 galaxyswapperv2.com tcp
US 104.26.14.156:443 galaxyswapperv2.com tcp
US 104.26.14.156:443 galaxyswapperv2.com tcp
US 104.26.14.156:443 galaxyswapperv2.com tcp
US 8.8.8.8:53 156.14.26.104.in-addr.arpa udp
US 8.8.8.8:53 lootlinks.co udp
US 104.21.60.73:443 lootlinks.co tcp
US 104.21.60.73:443 lootlinks.co tcp
US 8.8.8.8:53 73.60.21.104.in-addr.arpa udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 unpkg.com udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 104.17.249.203:443 unpkg.com tcp
US 104.17.249.203:443 unpkg.com tcp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 203.249.17.104.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp

Files

memory/2200-16-0x000001952C420000-0x000001952C430000-memory.dmp

memory/2200-0-0x000001952C320000-0x000001952C330000-memory.dmp

memory/2200-35-0x0000019529730000-0x0000019529732000-memory.dmp

memory/1692-45-0x000001C7FD800000-0x000001C7FD900000-memory.dmp

memory/1692-44-0x000001C7FD800000-0x000001C7FD900000-memory.dmp

memory/1692-43-0x000001C7FD800000-0x000001C7FD900000-memory.dmp

memory/2140-58-0x00000297B3210000-0x00000297B3212000-memory.dmp

memory/2140-63-0x00000297B3650000-0x00000297B3652000-memory.dmp

memory/2140-61-0x00000297B3240000-0x00000297B3242000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C2Z0XFW0\dotnet.microsoft[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/2140-172-0x00000297C98C0000-0x00000297C98C2000-memory.dmp

memory/2140-170-0x00000297C98A0000-0x00000297C98A2000-memory.dmp

memory/2140-168-0x00000297C9890000-0x00000297C9892000-memory.dmp

memory/2140-166-0x00000297C9870000-0x00000297C9872000-memory.dmp

memory/2140-164-0x00000297C9850000-0x00000297C9852000-memory.dmp

memory/2140-162-0x00000297C9810000-0x00000297C9812000-memory.dmp

memory/2140-205-0x00000297CAB20000-0x00000297CAC20000-memory.dmp

memory/2140-242-0x00000297C4B70000-0x00000297C4C70000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C2Z0XFW0\dotnet.microsoft[1].xml

MD5 a2512893dde9403c8e3662a1ce1129f7
SHA1 53ff36db2c4852ca5270ec64a1b08e171c55c934
SHA256 f4e81e13361ad7ec1a1b8c50ba65d15f27ed229bd8da4ed6148dfbe36a068127
SHA512 7c59156784204fde93fa80d0776f7cc3edfa64cadbc4796f7ba9986d4cbbf5be6f7226f60c7aba1dd2b5adb66efb798d80c8e93d2a3bc5ba0d58aba70b35e592

memory/2140-276-0x00000297CAA00000-0x00000297CAA20000-memory.dmp

memory/2140-277-0x00000297CAA00000-0x00000297CAA20000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\windowsdesktop-runtime-7.0.20-win-x64[1].exe

MD5 f95b07e77624be09213c3402f0912792
SHA1 ff040484be69ee1742deca0a1b127024025213df
SHA256 6fc91217f9396ccb9fbad9feb6328a6f12e305705775a528a4f011d17bb5cb62
SHA512 4e829a689c8bef50a3173cc04cedc327f9f6a7304b6e384147f5c1ca438e8e1747586fd7ab0ba248bbc347b6223bc9aab01e58795fc5cdb15bbbb8fa92b85876

memory/2140-349-0x00000297B3260000-0x00000297B3262000-memory.dmp

memory/2140-356-0x00000297CA650000-0x00000297CA670000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe

MD5 3655d3156717ba40cfb9e1496d5b20db
SHA1 ae23b6b7b047cecc69d8b097326a11ad3f4fd716
SHA256 eb4b8a3b8d088dbbe0169f5a2598fee4589486474d902c504965e2126900c189
SHA512 0211f9fe9672f56bcd20f242f9450d4c51bd4d7ddcafbfd502106751d83fa958780c0037737f103554844ae81af3ecb43f489bf1c09d65077e93fbec7ef5ad1d

\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.ba\wixstdba.dll

MD5 f68f43f809840328f4e993a54b0d5e62
SHA1 01da48ce6c81df4835b4c2eca7e1d447be893d39
SHA256 e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e
SHA512 a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1

C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.ba\bg.png

MD5 9eb0320dfbf2bd541e6a55c01ddc9f20
SHA1 eb282a66d29594346531b1ff886d455e1dcd6d99
SHA256 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA512 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\dotnet_runtime_7.0.20_win_x64.msi

MD5 dbb5cb3d7ddfd75d4f9df01aff0dbd2a
SHA1 3439b45e02ea5a682672df8e90bbb82595830173
SHA256 5749e12a7e95b038ff65d3c7da439b8c8e2ab2e6cc0183a1cca91f7c74ffbf52
SHA512 0404f0425ebee045f1990be11f21cfe6ad0a01f9f8467b8aff02b2253b015f914b62894879e295f2cc23d4a2213d549df54436b462ad4ea24402041b9598e3c6

C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\dotnet_hostfxr_7.0.20_win_x64.msi

MD5 d13eaa78c61f3e42dc2f074c0a1030a3
SHA1 fe1f8e2f4cc7180cfbd6be5cc4d1fcef8be3436d
SHA256 235e877472b2418e67862a9701a2f4f7060d039f4dc3680b42b7392608a4593f
SHA512 1261715d375c497cde320979bead6261d3f88e8b0737793febdfc051044a8a5276638e58c24657adcacf2f2a2f9741fd4e901c8b98a8d7afdabb080298ecfad8

C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\windowsdesktop_runtime_7.0.20_win_x64.msi

MD5 61f2d7fb63eeaffcf8f73825c8c6cf41
SHA1 3d7481dc7d1c6e803ac9825a753c8bf6b18a4923
SHA256 7168a15851151d448addbc9625ae40521867bd7418a43b00a9a881ac1a549331
SHA512 2fa7f974c767f7103ab9288c71eba6793f9d515bdded62d49d7007e396b03869444b920d523589c337659e75c2c123ba1cc62dc97bef4da250b15f2cee1ea398

C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\dotnet_host_7.0.20_win_x64.msi

MD5 9f40e8a9da0e56bd2472d6f376c9c3c3
SHA1 4b9e5385563cca4ed9af1701565745ec4e0fb13e
SHA256 223c31101de61725874708d0f33a67c05b24335f50f577ceeb970c14074be9ce
SHA512 f4cb80af5f4deb184217dce977d1960e67ea5cc54e4e2c4024ad542b19d66afa6dc2b584e07c30b3a2242d201e563260dc1a2bfde155e96d9ef52fc0e3be3bac

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.20_(x64)_20240604020726_000_dotnet_runtime_7.0.20_win_x64.msi.log

MD5 a79cfd767438011443da0420a0e3ef42
SHA1 40c37ca64e859f0e72dae5ed7e44f4729d96b4fe
SHA256 3e18c0f7a73737a89a15a94965f2a075411ea2b9eb8ab2f79b074f60ff4acc0e
SHA512 40f66545b9254f80aed8deaaf5dfb85142ebfcf5ebf97dae47b148bb18295c2dcca7742995e03088d92041a133dcb181b90f9cafd27618d7203c86862140f92c

\Windows\Installer\MSI37E4.tmp

MD5 60e8c139e673b9eb49dc83718278bc88
SHA1 00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56
SHA256 b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb
SHA512 ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103

C:\Config.Msi\e583585.rbs

MD5 84dc7d21ef7d7c513e9acda4b7516b00
SHA1 e5b77dd6c9654bdddb4b2dc1dc168e3a7ddc7949
SHA256 52b48ab8831c66cc351c9b145a19395e4e8c1cd9d6c1fcce7075730b1a50c78b
SHA512 d392265a1a2b85c1c8a84f6806ff75ef1539be2e48e333fc9816141a4e5a061647ea07d611cc5e728c3ee6327ad00767341cadea50d5a89dcaad604aed73da92

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.20_(x64)_20240604020726_001_dotnet_hostfxr_7.0.20_win_x64.msi.log

MD5 cd1a91a138e9d07f8fd3fcef13c2d00a
SHA1 00fa574c2ff5dbaf9c5acb6561c24d49b74b8fe5
SHA256 66e182450bb6e43c4492226b4ec4123fd5400362824379c792e1f3a2fdc6c991
SHA512 fb1fbbdb34da9fac71824a9e67e54f03a335b93819b40112adbf07a0bcea2bfec5cfcce6ee7369a9010aeb342011722f5f93d1e4cd6c9ad632c50ee3760e790f

C:\Config.Msi\e58358a.rbs

MD5 2fbdda1b0920f324b24d64c378beade0
SHA1 a110ea23604a900e709874ff99cfa139c61895dd
SHA256 dc872683b4d5b8cce64036544d3bc57145f5784b671b909ae53895ab81f0c3d0
SHA512 b27e1337c2a5ac5e5b44f31dacab84e59d93ac21567142dbd7240c333530253a225e4167613aca6a8fd577c7f8f488c43ad1758ee816f4fd07bb925f67be64e0

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.20_(x64)_20240604020726_002_dotnet_host_7.0.20_win_x64.msi.log

MD5 bbc9f7faeb1dc7da941cbbd15816da03
SHA1 dea51cd085dc7e4b1af60376f20887d266b5a2ec
SHA256 3a01b1acd50e69cff34e18de437ee9f898d027f2d70eef3c9f308f9c1c18a833
SHA512 a1d9c0c35e6cd7d243ac527cf125f5b8b692e620def3aa98715fbd6fdb501ad760f8079f91ddbb080cc71a0fd52a24b07d493d5d16237c2dc7ce6eef8f551512

C:\Program Files\dotnet\LICENSE.txt

MD5 31c5a77b3c57c8c2e82b9541b00bcd5a
SHA1 153d4bc14e3a2c1485006f1752e797ca8684d06d
SHA256 7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d
SHA512 ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

C:\Program Files\dotnet\ThirdPartyNotices.txt

MD5 5c13a5ea8c8cc3474240981d0ffa88ff
SHA1 1d8d3ce27d9dc3d9fb4fa4b06c20137d25879d80
SHA256 4f9bb3901879bafae3a17c6c4009ee5c15384a06fc234bed78937969079c77da
SHA512 32ea79ff5194d8a18e75f277aed5610b4955db15b0abbcc2664cf07f372bebfc57eb665ad078dc3da3ce5ee0d8856140c2a1bc7032b578dd103d43998d682d88

C:\Config.Msi\e58358f.rbs

MD5 e81adea66cab9302cbeb4ef3012fa7ba
SHA1 b25b844a0bcf1649403541929b38d9c36d8c2b77
SHA256 9bcd43240854c93e508effb4a31e7670b93d6cf1a73aa705262c1d577724f6cd
SHA512 55414c1740bd371698cef9bb3217a776b7cdd16e1ba3606bb0af5519bd83f00e87a1f4b9d12843c10c4cc976b6c7764682053c2ff6ac1cb83d85d3e9b6211234

C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.20_(x64)_20240604020726_003_windowsdesktop_runtime_7.0.20_win_x64.msi.log

MD5 90beb893af474b952dbaa02ba53fc014
SHA1 579d16ab467c6132a68bbfb1de4c7848c0c2676d
SHA256 4dade1d487ecf7683cb0e02f2e5418fa7d929a9a3c4c8ec00abf2afb74289da8
SHA512 1073375ea47e6b32393b79b7603f5af13f53f3fc082b210d9f689a9a874acceb16c4647a29d202143dd9ccd9c93c7c2c45c6413563e908858a5a0686166662fe

C:\Config.Msi\e583594.rbs

MD5 e1c4b7c2a29cfc668be3682425476927
SHA1 6bf1db396a9dbb2cce7192b493f51c5d49047c3d
SHA256 df665a035a20b820af10ce8a94e052edfda014cb2eeb07b374209fa853d939bd
SHA512 2667baa8bee9cba4d120b34c250075a6e5a07d1874071a5dac3d35d9752696252bff497fa728c49ef97ec7ddc882f11a768c6e3124d6b69b24812679de7f3984

memory/4748-1121-0x0000021EE4B40000-0x0000021EE4B60000-memory.dmp

memory/4748-1128-0x0000021EE4B20000-0x0000021EE4B40000-memory.dmp

memory/4748-1135-0x0000021EE4F00000-0x0000021EE5000000-memory.dmp

memory/4748-1148-0x0000021EE5800000-0x0000021EE5820000-memory.dmp

memory/4748-1153-0x0000021EE58E0000-0x0000021EE5900000-memory.dmp

memory/2200-1183-0x0000019534BE0000-0x0000019534BE1000-memory.dmp

memory/2200-1184-0x0000019534BF0000-0x0000019534BF1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1SX7W4I3\favicon[1].ico

MD5 84cc977d0eb148166481b01d8418e375
SHA1 00e2461bcd67d7ba511db230415000aefbd30d2d
SHA256 bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c
SHA512 f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

memory/4748-1208-0x0000021EE6C00000-0x0000021EE6D00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\XK92ZZYV\www.bing[1].xml

MD5 bdc9f9626b299eece9293c8aa1d0e1a9
SHA1 59d70be594197708f3dc3ed819e25bc4385e2af0
SHA256 a0454499d983cbe279992a7908c9fd2ac710f63fd470ad78c5c0b592f738c86d
SHA512 ed1dc60c23234b6a74331f5c9440625a7decff95483ffd3a56b61ab89e83dcf8f032c4daca58381fadd847f8fc2ca45b6d623b5f2c0ba783efffb0a67001620f

memory/4748-1251-0x0000021EF7000000-0x0000021EF7020000-memory.dmp

memory/4748-1256-0x0000021EF72B0000-0x0000021EF72D0000-memory.dmp

memory/4748-1289-0x0000021EF7310000-0x0000021EF7330000-memory.dmp

memory/4748-1389-0x0000021EF7310000-0x0000021EF7330000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5QL2I3FQ\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

memory/4748-1431-0x0000021EF7610000-0x0000021EF7630000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\o7B3FK6ymEOn7sBfZSmifVTwxPk[1].css

MD5 77373397a17bd1987dfca2e68d022ecf
SHA1 1294758879506eff3a54aac8d2b59df17b831978
SHA256 a319af2e953e7afda681b85a62f629a5c37344af47d2fcd23ab45e1d99497f13
SHA512 a177f5c25182c62211891786a8f78b2a1caec078c512fc39600809c22b41477c1e8b7a3cf90c88bbbe6869ea5411dd1343cad9a23c6ce1502c439a6d1779ea1b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1SX7W4I3\favicon-trans-bg-blue-mg[1].ico

MD5 30967b1b52cb6df18a8af8fcc04f83c9
SHA1 aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA512 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\4TQ6xhX_0XDFyLdFRS-kPhFXirA.br[1].js

MD5 fbf143b664d512d1fa7aeeeba787129c
SHA1 f827b539ae2992d7667162dc619cc967985166d9
SHA256 e162ccd10a34933d736008eb0bc6b880c4e783cf81f944bca7311bf5f3cd4aff
SHA512 109ec6433329f001c9239c3298a10e414522f21be2a3d7b8a9eb0b0767322eaad1fdf8f5b11edb1f42882b4e75ae71bef7fe786716407c8efad4feacb3dcf348

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js

MD5 56afa9b2c4ead188d1dd95650816419b
SHA1 c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6
SHA256 e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b
SHA512 d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

MD5 9085e17b6172d9fc7b7373762c3d6e74
SHA1 dab3ca26ec7a8426f034113afa2123edfaa32a76
SHA256 586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d
SHA512 b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 e7ed3dfdfc81ed8e5a7156e46a067388
SHA1 7f3c13860a43dc2ba075379341eee9fa4bc70079
SHA256 41e05814fbfd259731f667d36ddcc1aeaa0bd59546a514ea03a90f681004b6d7
SHA512 14d4d01a6fc15476d91a30a8d0698bef051c6b435eaa038216d696036b5c861ad2207695d885e5e8fd5fbe2738756845612082926785a25389067c79ce040465

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

MD5 d45ecd41e7ee97871e4f0934a9c37333
SHA1 5c774b323e6c563ffab79160debde90b24e9c1a4
SHA256 3c32b814ae6efedfedfbe912022287f3af62d8ebf60862bd1bfa6b4842049b71
SHA512 6c86798be2b80695933102df67e5d4449306b34ded5eb766a46019639204cf43a4f32ee50a91a39241b1e24b39ee1cea87a861c811bfcc63e4e29b039b47b9ca

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\wAMGEgzu6dXMQl4NYW_4fU74uOk.br[1].js

MD5 a3e0197c131eff764a5345df9069cd2b
SHA1 3c1ef5902793950ff3b64c736ec4d30761f6581a
SHA256 6f57a14caab2c7e1e4b57892cae18ada7a23db917f76c1f58df27dda020dbf60
SHA512 381bc523710396db6200230040f560ce52015722a978386719b0c8a2b17d8196362d2f3a5e172855e96ff513a6e85b7d99a1f5acb82edecf4ced9cbc7d4e0796

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\lLk8XmbdNzzlnPRzVzDhaF9yjqw.br[1].js

MD5 3ff8eecb7a6996c1056bbe9d4dde50b4
SHA1 fdc4d52301d187042d0a2f136ceef2c005dcbb8b
SHA256 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163
SHA512 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\K3hC1_cQXGFr6cxRJVWYpzZJaAM.br[1].js

MD5 02b0b245d09dc56bbe4f1a9f1425ac35
SHA1 868259c7dc5175a9cc1e2ec835f3d9b4bd3f5673
SHA256 62991181637343332d7b105a605ab69d70d1256092355cfc4359bee7bdbfb9c6
SHA512 cbb43000a142807ff1bb3bfac715cef1240233117c728f357c824ce65b06be493df2306c7b03598817f09b02e9e36ec52314f88467679c5bef3ee1504a10c7e6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\9xGNA8UskvA9WHF58zbLOHZ5HvI.br[1].js

MD5 d6741608ba48e400a406aca7f3464765
SHA1 8961ca85ad82bb701436ffc64642833cfbaff303
SHA256 b1db1d8c0e5316d2c8a14e778b7220ac75adae5333a6d58ba7fd07f4e6eaa83c
SHA512 e85360dbbb0881792b86dcaf56789434152ed69e00a99202b880f19d551b8c78eeff38a5836024f5d61dbc36818a39a921957f13fbf592baafd06acb1aed244b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\V_fBQ_iVmAgE_Ta_T-6BNXc0ZY4.br[1].js

MD5 f5712e664873fde8ee9044f693cd2db7
SHA1 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4
SHA256 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2
SHA512 ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\8CgcSSLayxEVUBf0swP_bQGMId8.br[1].js

MD5 a5363c37b617d36dfd6d25bfb89ca56b
SHA1 31682afce628850b8cb31faa8e9c4c5ec9ebb957
SHA256 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
SHA512 e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\_2I169N92jVtSc_VEsV0nma5sRY.br[1].js

MD5 3104955279e1bbbdb4ae5a0e077c5a74
SHA1 ba10a722fff1877c3379dee7b5f028d467ffd6cf
SHA256 a0a1cee602080757fbadb2d23ead2bbb8b0726b82fdb2ed654da4403f1e78ef1
SHA512 6937ed6194e4842ff5b4878b0d680e02caf3185baf65edc131260b56a87968b5d6c80f236c1de1a059d8158bc93b80b831fe679f38fc06dfb7c3413d1d5355aa

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\n21aGRCN5EKHB3qObygw029dyNU.br[1].js

MD5 cb027ba6eb6dd3f033c02183b9423995
SHA1 368e7121931587d29d988e1b8cb0fda785e5d18b
SHA256 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f
SHA512 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\Gyuq2bqitqDJM0BeAkbKXGlQXNw.br[1].js

MD5 a969230a51dba5ab5adf5877bcc28cfa
SHA1 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265
SHA256 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f
SHA512 f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\gKwIRAF4fg7noG1zyeUz8x3Jdhc.br[1].js

MD5 47442e8d5838baaa640a856f98e40dc6
SHA1 54c60cad77926723975b92d09fe79d7beff58d99
SHA256 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e
SHA512 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\9cuwOQ_qE7qTGKohzrf_gIjTlPI.br[1].js

MD5 fabb77c7ae3fd2271f5909155fb490e5
SHA1 cde0b1304b558b6de7503d559c92014644736f88
SHA256 e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c
SHA512 cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\Gw7eETSwe7GHmKwW1lRqGPQJXRo.br[1].js

MD5 17cdab99027114dbcbd9d573c5b7a8a9
SHA1 42d65caae34eba7a051342b24972665e61fa6ae2
SHA256 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de
SHA512 1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\psgXZvzYJMEW2ydikIk493Va1d4.br[1].js

MD5 f4da106e481b3e221792289864c2d02a
SHA1 d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994
SHA256 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9
SHA512 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\IPjqENt_x1c56fZCsFxov2V2J84.br[1].js

MD5 9a4dafa34f902b78a300ccc2ab2aebf2
SHA1 5ed0d7565b595330bae9463ab5b9e2cdbfdb03c4
SHA256 ba98a6ebc3a03098ca54973213e26f0bf9d1e7e335cdfc262346fb491c3cad69
SHA512 1a8b4fce1c0e585bfcf8f11e0192fb04a80dbde7035a9c8fc426cd6383d6902bd77222331372ea33aa50d92b7cc7965656b11f480085af70267b3fd8355ebfd4

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\K_V1CARn2Q2lTs5njJKUvUkHyi4.br[1].js

MD5 6c2c6db3832d53062d303cdff5e2bd30
SHA1 b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d
SHA256 06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70
SHA512 bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\1rUTIFRcUHTZUBaDs_0q8KvUlR0.br[1].js

MD5 c63e610f6bfb2687ee044cee7d3e16c7
SHA1 b78022432ac754cc41335341a8e07f2676bad789
SHA256 c150d5e192ece8d69ba8029d87ecbc66674013b8418264cc86f0abcb0da0a38b
SHA512 11029009d8d0885d16a4b546816cc0f22f51ffd035fdd87d58eaf432017947460a1a78a543c0eb3875af49342a240ea606aced23654bc190ba6a4b7101e13a3a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\3US3nNU_RgsSNFm9Bzw6xgeuOHk.br[1].js

MD5 d42baf2a964c88aaa1bb892e1b26d09c
SHA1 8ac849ca0c84500a824fcfd688b6f965b8accc4c
SHA256 e3a15dab8cc5adbd2cfa1a162bf06583da6fb7be3831323d819cd881bfb0672c
SHA512 634bb1c984c9d74876051937240295a5ed5dc6404379decafbc4df074aefda5246ec33be84d2b21e0099c7bdd406e9cae6ebdf0ff01ddec3806b89dc50810c12

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\zXHaGKCOTtmQ_Ueik3R6GTcUz-8.br[1].js

MD5 fe1f9add646fe3c4eb695f76b6eccdfc
SHA1 caf4f7fd1142398e9a9386bce595afb66fd41c77
SHA256 2d790381800ec6ddb18f82658ff2515866a1e3e470b926d46dd8b46ffffa7403
SHA512 1f621757daa2864d4d258c6a69a60490df224ef5dd86a230f8d410e50ac1423a9e0dcb44225c17be2dd14826c54e545626b991cc7741055ba96d1d95d638a24f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\5L3iD467J3iJWEPwIjxlK0MMDpY.br[1].js

MD5 2ef3074238b080b648e9a10429d67405
SHA1 15d57873ff98195c57e34fc778accc41c21172e7
SHA256 e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da
SHA512 c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\nt6a1ZR520utsLoZmSYgwxdOPgI[1].js

MD5 0c2672dc05a52fbfb8e3bc70271619c2
SHA1 9ede9ad59479db4badb0ba19992620c3174e3e02
SHA256 54722cf65ab74a85441a039480691610df079e6dd3316c452667efe4a94ffd39
SHA512 dd2b3e4438a9deaa6b306cbc0a50a035d9fe19c6180bc49d2a9d8cdbb2e25d9c6c8c5265c640ac362dc353169727f8c26503e11a8a061a2517a303f61d0ccd3c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\910ptS3pcIDQ7a5acMaHuQliuN0.br[1].js

MD5 8898a2f705976d9be01f35a493f9a98f
SHA1 bc69bec33a98575d55fefae8883c8bb636061007
SHA256 5f30270aa2dc8a094d790e1e4a62b17c7d76a20b449d9b69af797a55fada9108
SHA512 c8575df93fbd1f65a285d484257adfe12733e47a6524a18d5910d33562eefd1d9da7197d16c7a3cad3bc5ad89546ff0fefe90e5c96e7850ecec9708c90334349

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\mOy7YpeLJ3c40BBAFNUI6SmOUTY.br[1].js

MD5 16050baaf39976a33ac9f854d5efdb32
SHA1 94725020efa7d3ee8faed2b7dffc5a4106363b5e
SHA256 039e6b3df1d67341fb8e4a3815f0d1bb3292a2040334ceb9cfc4a8d6abf2fb55
SHA512 cf0d54f0368ffbc6908216fd2573df8f5fe4c34ac08e17301b8734b3fabc674672a7f456707f632f82f44b36812dad8a0cf81a51d5cea21ea7f0e18500298375

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\Q1Z1cF6gZCkTBd0Gx8Q7LjbPAlQ.br[1].js

MD5 7a0dd3b8ac06a6b4a01953955606ed27
SHA1 af6453882542d8bd119a768c025af1c94bf7b3ca
SHA256 f1b3acd8757d2c9db87cb851eebf25909c0355483520475c2ed1f29bb36e062a
SHA512 e5cc3aa206c4a62e746ea9743ae92fd5efb4d46f12c9f51ba04eefffc58e04fc8b085eb0fbeca42290a8ecd3d8c07b40ad80f80db3cf3309d098022f948865c2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\zlfm-hC70pZAs62UVTTl3KShKOE.br[1].js

MD5 8c8b189422c448709ea6bd43ee898afb
SHA1 a4d6a99231d951f37d951bd8356d9d17664bf447
SHA256 567506d6f20f55859e137fcbd98f9e1a678c0d51192ff186e16fd99d6d301cff
SHA512 6faa73d59082065426769a27081cbedcd22146ef948afdd9a86801f205b2dddc63e03ac5d555ef0af23ef05901ebffe7e8aadd82260ef505cb89d99e572fdf4a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\6mZmj1db42G_jniFgdT7MCvBgyA.br[1].js

MD5 2ab12bf4a9e00a1f96849ebb31e03d48
SHA1 7214619173c4ec069be1ff00dd61092fd2981af0
SHA256 f8b5acf4da28e0617f1c81093192d044bd5a6cc2a2e0c77677f859adcf3430ac
SHA512 7d5aae775be1e482eada1f453bea2c52a62c552fa94949e6a6081f322e679e916b1276bb59ff28cf7c86d21727bcc329ecb03e5d77ca93204e0cd2694faa72bd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\yZjAz6-B4hIBhJ6D3nAyY_Ebn44.br[1].js

MD5 2df9793cf020a37c88178be84311427a
SHA1 29cfe86239722d4f4af07c494d676092896a8600
SHA256 a69d257eee41e843881d548d2e4ee5a0727b889ab22bffdaa8ed1074e802bcc6
SHA512 e9a35ec1e466feb3e273fb991a3282ba1c45fd0eacea956e9821914cc4261377684b062bde888ebf5767bbc055db191dc14e00af8037b5607449c06e5d2dd082

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\UftfQbYuKvGGEUHPU3QGHYd90Z8.br[1].js

MD5 8d078e26c28e9c85885f8a362cb80db9
SHA1 f486b2745e4637d881422d38c7780c041618168a
SHA256 0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461
SHA512 b808a972cd44e6bda01ac1f8d904d5a281f33b9238b8caab03decb6adb6b494b19dd9bb35e3d1ea3ca914ff4957155f6d2cb5a9b3a00c2195f80f52804ffb244

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\JigriHckblqcu1XwKpT4wumVS2k.br[1].js

MD5 602cb27ca7ee88bd54c98b10e44cd175
SHA1 485e4620f433c02678be98df706b9880dd26ab74
SHA256 f1c39ee3528b8f6bb887150c10152cd3bbf849c4b305da9be3d4a92614e2f3f8
SHA512 b27a3b7737ce984e6ad448f68b31074f8a98c6ca5d66f3165d1dec650097077da9c80ef3045758c591a1cf0dda74fa4ba8039426d312f50f082d2a0f8e7de21a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\NfTD8Ovh04Y_Ni14YxqYB8R_2_Q.br[1].js

MD5 f1cf1909716ce3da53172898bb780024
SHA1 d8d34904e511b1c9aae1565ba10ccd045c940333
SHA256 9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01
SHA512 8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\15iq_2Gk3PVTxAcFogKUl92mHRo.br[1].js

MD5 799a693e726a90d0a8b65139d1920b9f
SHA1 1460c7eb897ed7bc781eacbbbd7409efd299c1b1
SHA256 efa598809605adb80c372f0f9282785783c801f8509e25bedaac360b0c148a79
SHA512 c617392f61f11e5a33fc9ea9ff39807ce2e02f95b0663316146384ca0e8b9e24c9b142c36dd29b7eb85d5a593c1c25e972aa26d794dc2fee1c1304add01fe93e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\y1tiMssL1_ZRGIkBjxDYmR2kX8o.br[1].js

MD5 e3c4a4463b9c8d7dd23e2bc4a7605f2b
SHA1 d149907e36943abb1a4f1e1889a3e70e9348707b
SHA256 cfb7fa1c682c6eee2b763b37e002022463cd6435434a16f6335f33fb98f994a6
SHA512 3a4e38e4c631d8e845edbc01c986f73b0368f8049beea7a3e8a34bdd5864c34103a48b19749c11b5bcc71fdaa672ef6c42e305e1cc6b37abea934766f3deb068

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\ydDuUFvQrnTEDpvE14Ya7abrPGk.br[1].js

MD5 d807dbbb6ee3a78027dc7075e0b593ff
SHA1 27109cd41f6b1f2084c81b5d375ea811e51ac567
SHA256 0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7
SHA512 e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\ID-70CBAEOXh6Nwxga-CxgpUq4k.br[1].js

MD5 fd88c51edb7fcfe4f8d0aa2763cebe4a
SHA1 18891af14c4c483baa6cb35c985c6debab2d9c8a
SHA256 51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699
SHA512 ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\eKvcHdnNwo1WcxoSioV4ztnfZk8.br[1].js

MD5 fb797698ef041dd693aee90fb9c13c7e
SHA1 394194f8dd058927314d41e065961b476084f724
SHA256 795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da
SHA512 e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\uiannz55FdT0j3p9jGwegfI5aIY.br[1].js

MD5 45345f7e8380393ca0c539ae4cfe32bd
SHA1 292d5f4b184b3ff7178489c01249f37f5ca395a7
SHA256 3a40a1ff034448d68d92a75ababa09ba5f2b71d130f5f6bdf160dcf8851529a9
SHA512 2bfd00bf303ad5a1e8413b5ee6a162167605511fefb8df61a8f40f80382f5520df690a53b1058365f1d81562b2668376886d0f829517a642fcd87412801fe987

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\AsdMf7D6KLdP5SQOeuSIZtV8-sA.br[1].js

MD5 43b58b6b14b60581457ef8a405721626
SHA1 fa9da729b92847cc05ad81625b5667f299b75c08
SHA256 cef3b449403a4725a3866768f730e13f1bddec067cc67f306f023de2815a2789
SHA512 4c22ec83b8a81e0716c4ea9c643cfb4c4f9256447a114b7b0e05c0b38bc073f4a0538e2a385e963b3e2634ef34f66050ac2c36801772a345670409be8fd2e829

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\8w26ODmd1hk4C30WJtfkdBYFSfE.br[1].js

MD5 072d0f8c7fdb7655402fb9c592d66e18
SHA1 2e013e24ef2443215c6b184e9dfe180b7e562848
SHA256 4cd4cc3d07bbacdecb7331bf78fc5353b4b2664b6c81c1c0237136123d8e704a
SHA512 44cecee114212d2901dd13f9200771c708ef6e89b9bdcb75edf898a1e39833aafa4c7f8ebfc2f613d46eeea35222a1dfee3671a1b42679a94beaec099164f009

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

MD5 e4a6497c402dcdf41b5f7d0827824059
SHA1 16ef58b296d9251c6ac5fe3df1b8e71236d6f9b1
SHA256 98fc52bea0ac5a888ed498fe0cc68a85945c1579ac8f692bd6c059feca2342c5
SHA512 8892e41a174111b6913460c0124fd6d9b9c8b6d3cf44d5979d1d3fe0198bca245983d70f7ff94b0a49d4af309201509e2d30c60474ba07360880da8c8c41652a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

MD5 4a0c1c0983afa53c98de873ff7701fa4
SHA1 bef6ae9212497c265dd98fa918f8f640074e7655
SHA256 07f8b052e5b429a3bd249001f0d6fa4916a9788d3d42879d57845d928fd7db72
SHA512 4cbaf6ebe0e14718f493a0a3f2da6172839dd8ee3609c8f17e82bde070e578a90f177de06f9aa9a8b884294d2884aac652be907c954f353f8fe3071367624a6c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5QL2I3FQ\favicon[1].ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\th[2].png

MD5 63343141c64682bd3e0f711730475354
SHA1 a2a7298e8f58a74292885bae9a3f44c76c7aa945
SHA256 f90e661a7731c97e3478027d07afd8c86e461c5f379932e15efad17d0e96d402
SHA512 17f7f14b0c929164283d5fd7bc829d907b923bb12a7b9d6124a6aac64eb79aaa47163583acca91fc71047bb7bb707d649407801c8762d8942a44531da9559edf

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\4UY2jq3mEKk7NI4y4J9sHqyctKk[1].js

MD5 9672a1df6f912de8c216915605eb242d
SHA1 e146368eade610a93b348e32e09f6c1eac9cb4a9
SHA256 89b5525e3432acfa36b46f3a88451fcf34c940fe38d8afcedd71e67b73713da0
SHA512 22d39c7937ab4d38569b6373cfc42135735356a5789ffceb8d585202f11fce72483eb21d1b28c392913e5a43b28dd0c335d239bc0e970a635c50d145bd3a8d7d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OK5IKKYF\img-2[1].png

MD5 041ee34f7d8f0c49f5c6670057dcecd1
SHA1 ff00f78e7a823111ba685736e19e2db8d280517c
SHA256 afbb32c83fa61f012d2c10d039d42c80eaf53e6f576e0b9081f4a5e34591fd4b
SHA512 c5423f9649f8aa0f73116d5dc0d1884f63a726b67bca749934bbbaef017a09bb479e90ae01f7f31ea019bae244c62285f224d23168401a6661c28ddd8da14b78

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\RQZTDO7E\www.galaxyswapperv2[1].xml

MD5 1ac31d6e8812ab6c3a376c4cbd7637bf
SHA1 283bf9d87679e89a40b878b7a8e58c6b8bc60b9f
SHA256 1bbde903e6282107c62caa2595fc02d2919985333ad5472f356617e839258133
SHA512 b0093b145001910f02619d8d927d10d2b84bc0439ffc188821e3f34887ee29f6a76510b844852a5326a805c9b716eb68c609b9e4fe9605bcf24c99e7d3b561e8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\kqnrehq\imagestore.dat

MD5 0c0868aa6be64c76cdcaf55e7517101f
SHA1 c0b2c81bc445fbe7af99881f8b4090bf77483714
SHA256 a20da06cf973089b47d5a1fc7a4396c5b1ff0ebd69bf21426cd6f46a66eeceb0
SHA512 4deb8aeda0e585881fb733fdcdbcfcfcb0292ec148b3a00bede600eec1207e6cbebfdd7c3ebdacd1a41147102ba4c510208b4ff9d03d0612c6c090db22cf65b7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\s[1].htm

MD5 49374f48facfbf9c81a4bb748c81904c
SHA1 5061ec16c35ae24f987d58229a3182fe7762d281
SHA256 d9dfbf6fd747a0790194536e4ccf60df8d7a211c4187e334282d7b308701549a
SHA512 62e96ef2d26d35f27a98a252624ec39d14b299b5a99d459e67c9f862f1923a80d429a87459597c2ae1882888b67eff1adef8b4723aab68ea9622c46ed095fc80

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\s[1].htm

MD5 5e51b8069ab944a4480e4860bc727949
SHA1 682c7690b11309b0ea7de84c8aef8e002a728a07
SHA256 e98361b17d1e5c506724a778c3c05cd8df139ebc134e4d9579ebeb9140755f42
SHA512 08eed0f964cdfb61723ef00006dd014a56aca8a4cd8a0c1b27c48b961cf883fadf00e04512b2e80414790a969da3f4068f02c1f070ed4aa024c067fbe0e39f08

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e0f28388d327a7d439119dbfe905e208
SHA1 cd75a984d6b6995f7250ac6165c98f2e16e2e362
SHA256 bd610370f46e5f68405c4e594bef965c2c554be784c0238be05d5d40972c2f83
SHA512 8bd485774a3f8aa927af5e650bcaf6926a7a2d08683cea65ec0c33406f2ab5bd7581248ea6448a7dd8102e6fc2d11def65654db6aa3a2311c9f722bfb02ee7ae

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 aa08ec878b05196c518d4db7d55e371b
SHA1 349148372278a8cb178f3ecd9fc827797db9ed91
SHA256 7a1ba6bbe0ce1e04178103a593cf3dfd6db1c1acbac1e028544c0848c030df22
SHA512 c2ec69ee95370317b02a79758a80f43c59d896efd3f432916b3d6c9a2af39d528347dd9358950a8100115a3967a8a0d2bdd0c14e121b63798618b8dc5103b201

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 d023ff75ec4a95c9f009bd0d8e6199e7
SHA1 96aec6e50ba86d4d4542e7c38f0d28d7737ddc07
SHA256 75c3ccbd664cffd50fb178ab17179cb33e1a636b237e0342c9c7db705f012588
SHA512 0dddbb1d36abcc732c3c499fc2673e8fb7708e701da08e740d15e900a932608ba52c4d4806ce771d40c677ddb152ab968d9777228f8036797246d8db33ccf985

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 f7359d4d2c87370617136002becd2200
SHA1 84ddb3c3e66ef75e79e65160d9c37e6ac1fe4024
SHA256 cabde2a7af6406ac683c40dabe37c5b0cb9ef0878a7e3512437cee2769a689ed
SHA512 e7523ad1497ee40da072abe125db6cc736a0e1cad70bc1f2b9005ea0c94f6c46273ddada7db753528e6dcdee584ba445c06b570dbdbb5fa4637c5cb236f8e232

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_798B036C05F381321FD6C3F00885C62F

MD5 a1ad8a03adc4ff44ed4fd44c1d966232
SHA1 a9492ec2e7e6a2a28c40dc8d1b0fc2f339b05452
SHA256 c3eaba4282e1236f7975e61129bb5f3f11f5c77272ee8fb22b0819b6fe8ed6ef
SHA512 4e3808ad5d65b002b6025b48e068356356ae2a050767331962e576fd35312b88efd7e8a4241dec9f02abc3b4c034ec7c9898c7408369f3073f29bb72f79d9913

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_798B036C05F381321FD6C3F00885C62F

MD5 94d478ad020d9459afce435df9ee839d
SHA1 113576712b69290694c2e69a5fba88b9c3d75522
SHA256 7eb9d2fdf2a0762ada4bacc2e1d825df9eb83e65566ee2ecf4f5eb9c2dfe7e72
SHA512 1ed584fb7f43970964216eedf90f116a67cb3f380c00443379256895a1732a4dc6c75d38e5c4dc8e4a15306eb908cd5e1c0809f4fc2ca36c9587359129820887

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756

MD5 2e16ec017e22842d451071c77402f52c
SHA1 b8fd507375c35e5084a80260b4eceb71270670a6
SHA256 0c8e7f14d056f6e1ce08e3752c0e0500e27d7317d25104f87e9e84b22f802c6d
SHA512 d088613099503480f7b86f9735eac29f6927efd58d854e7b318edd57843917e18d6c05ebb0cc0d8b3c33493366e9b0012249a59ba407092c5ef7c7f7aa811316

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756

MD5 4f55d9e6baf97e7707272b267c4f9a35
SHA1 72bd05b15331be78b51b4da51da53c728393fd9a
SHA256 c757983d2ec14eaafd03ec2f7f7e8480602007d77d23bf1986c47371b9e19eff
SHA512 1b0b3d0136f8435bf9d485b39b0eccfee9bdc8929d092576d509f59a546ffbeb84d77e076d7566e4dd7eb929ad1203433a47e175458916a5b8061efc68ec7330