Analysis Overview
SHA256
87d6a5343b80cf6fb434dca7f7efe2be542974d83756bdb7774750d8f0d5dbbf
Threat Level: Likely malicious
The file Galaxy Swapper v2.exe was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
.NET Reactor proctector
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Adds Run key to start application
Checks installed software on the system
Enumerates connected drives
Drops file in Windows directory
Drops file in Program Files directory
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Modifies registry class
NTFS ADS
Uses Volume Shadow Copy service COM API
Modifies data under HKEY_USERS
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy WMI provider
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-04 02:06
Signatures
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-04 02:06
Reported
2024-06-04 02:09
Platform
win10-20240404-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4} = "\"C:\\ProgramData\\Package Cache\\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}\\windowsdesktop-runtime-7.0.20-win-x64.exe\" /burn.runonce" | C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\Accessibility.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\mscorlib.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\System.CodeDom.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\cs\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Numerics.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\pt-BR\PresentationCore.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\tr\UIAutomationClientSideProviders.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ja\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\PresentationFramework.Aero2.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\PresentationNative_cor3.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hant\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\pt-BR\UIAutomationClientSideProviders.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ru\System.Windows.Forms.Primitives.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hans\System.Windows.Controls.Ribbon.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\Microsoft.NETCore.App.deps.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Text.RegularExpressions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hans\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ja\UIAutomationProvider.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\fr\System.Windows.Forms.Primitives.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ru\UIAutomationProvider.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Configuration.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\it\PresentationUI.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\zh-Hant\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ja\System.Windows.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\pl\WindowsFormsIntegration.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Drawing.Primitives.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Numerics.Vectors.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Xml.XDocument.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Threading.Tasks.Dataflow.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Security.Cryptography.X509Certificates.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Runtime.Serialization.Json.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\System.Windows.Input.Manipulations.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\Microsoft.NETCore.App.runtimeconfig.json | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Threading.Tasks.Parallel.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\de\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ko\PresentationCore.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ko\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ko\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\tr\WindowsBase.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\Microsoft.Win32.Registry.AccessControl.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\hostpolicy.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Transactions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Data.DataSetExtensions.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\PresentationFramework-SystemXml.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\PresentationFramework.Classic.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\es\ReachFramework.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ko\System.Windows.Input.Manipulations.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\tr\System.Windows.Forms.Primitives.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\es\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\de\System.Windows.Forms.Design.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Diagnostics.Tracing.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.ComponentModel.Annotations.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Net.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\.version | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\UIAutomationClient.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\clrjit.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.Net.Mail.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\cs\System.Windows.Forms.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\ja\UIAutomationTypes.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.20\System.IO.Compression.Brotli.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\pt-BR\System.Xaml.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\System.Windows.Controls.Ribbon.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\cs\System.Windows.Controls.Ribbon.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.20\pt-BR\System.Windows.Forms.Primitives.resources.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4CE2.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4EE7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI58DC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI3BEC.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI43DE.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4650.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI476A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e58358b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{EE5EB03B-D65C-4991-848E-2C6E024326DB} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{221BB52A-B763-4C9D-AA62-4B0B6C9AAD62} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e583586.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e58358c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e583590.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4B6A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e583591.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e583591.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\Installer\e583582.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e583582.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e58358c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{B0FC828F-678C-4868-9B5B-99639758E6F3} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI37E4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e583587.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4924.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4A1F.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Installer\e583587.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI47BB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{72C29BED-666F-4E5E-BC49-DF44C890742E} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e583595.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1b | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1c | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1D | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1A\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1B | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1C | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1d | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e | C:\Windows\system32\msiexec.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "64" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}\ = "{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}" | C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F828CF0BC8768684B9B5993679856E3F\Version = "944782160" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4E3F426DBD05F2A509C6867B91443826 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{362ea044-f96f-45c7-b59f-0dbe5ca98ff4}\DisplayName = "Microsoft Windows Desktop Runtime - 7.0.20 (x64)" | C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.80.15184_x64 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{0FD148E5-4BE9-4934-A390-D8E98F0880 = "\\\\?\\Volume{38FC5F00-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\windowsdesktop-runtime-7.0.20-win-x64.exe" | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\dotnet_runtime_56.80.15184_x64 | C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B30BE5EEC56D199448E8C2E6203462BD\Version = "944782160" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B30BE5EEC56D199448E8C2E6203462BD\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.80.15245_x64\DisplayName = "Microsoft Windows Desktop Runtime - 7.0.20 (x64)" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A25BB122367BD9C4AA26B4B0C6A9DA26\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System | C:\Windows\system32\browser_broker.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\B30BE5EEC56D199448E8C2E6203462BD\Provider | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.80.15245_x64\Version = "56.80.15245" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{4A151598-5CD8-4E7F-8B6B-5BB529F2BD = "8320" | C:\Windows\system32\browser_broker.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{4A151598-5CD8-4E7F-8B6B-5BB529F2BD = d2895b1f24b6da01 | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\microsoft.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A25BB122367BD9C4AA26B4B0C6A9DA26\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{4A151598-5CD8-4E7F-8B6B-5BB529F2BD = "\\\\?\\Volume{38FC5F00-0000-0000-0000-D01200000000}\\Users\\Admin\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\TempState\\Downloads\\s.htm" | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.galaxyswapperv2.com\ = "159" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\DEB92C27F666E5E4CB94FD448C0947E2\SourceList\PackageName = "windowsdesktop-runtime-7.0.20-win-x64.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A25BB122367BD9C4AA26B4B0C6A9DA26\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "122" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\galaxyswapperv2.com\Total = "104" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B30BE5EEC56D199448E8C2E6203462BD\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f902fc1624b6da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F828CF0BC8768684B9B5993679856E3F\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\Version = "56.80.15184" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F828CF0BC8768684B9B5993679856E3F | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "122" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe.nkj1kjh.partial:Zone.Identifier | C:\Windows\system32\browser_broker.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\s.htm.scojuwz.partial:Zone.Identifier | C:\Windows\system32\browser_broker.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe
"C:\Users\Admin\AppData\Local\Temp\Galaxy Swapper v2.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe
"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe"
C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe
"C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\windowsdesktop-runtime-7.0.20-win-x64.exe" -burn.filehandle.attached=548 -burn.filehandle.self=544
C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe
"C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.be\windowsdesktop-runtime-7.0.20-win-x64.exe" -q -burn.elevated BurnPipe.{2F474FE3-6357-4739-87BF-9C4673DC4FE4} {71EFFF6E-3800-47E2-9567-7DAB1CD0B882} 4488
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding B6D278D22F3724B58EBD4F42B9F26CBF
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A7F8DCD77FBA1B08C709D7AF6CBE4705
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 81F36068A27B08EB2FAC3330E83410F5
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 8C9EF19D85B84642C09A80F1577941A7
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x200
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | aka.ms | udp |
| GB | 2.16.234.57:443 | aka.ms | tcp |
| GB | 2.16.234.57:443 | aka.ms | tcp |
| US | 8.8.8.8:53 | dotnet.microsoft.com | udp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 13.107.246.64:443 | dotnet.microsoft.com | tcp |
| US | 8.8.8.8:53 | 57.234.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| BE | 23.55.97.181:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 181.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.251.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.6:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.6:443 | browser.events.data.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| FR | 68.232.34.200:443 | download.visualstudio.microsoft.com | tcp |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | westus2-0.in.applicationinsights.azure.com | udp |
| US | 20.9.155.148:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 20.9.155.148:443 | westus2-0.in.applicationinsights.azure.com | tcp |
| US | 8.8.8.8:53 | 148.155.9.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 8.8.8.8:53 | browser.events.data.msn.com | udp |
| SE | 92.123.135.79:443 | assets.msn.com | tcp |
| SE | 92.123.135.79:443 | assets.msn.com | tcp |
| SE | 92.123.135.79:443 | assets.msn.com | tcp |
| SE | 92.123.135.79:443 | assets.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 204.79.197.203:443 | www.msn.com | tcp |
| US | 8.8.8.8:53 | 79.135.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| NL | 23.62.61.129:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 129.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.14:443 | login.microsoftonline.com | tcp |
| NL | 20.190.160.14:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| NL | 23.62.61.97:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| NL | 23.62.61.129:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | www.galaxyswapperv2.com | udp |
| US | 172.67.72.193:443 | www.galaxyswapperv2.com | tcp |
| US | 172.67.72.193:443 | www.galaxyswapperv2.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.72.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d3eub2e21dc6h0.cloudfront.net | udp |
| US | 8.8.8.8:53 | img.icons8.com | udp |
| US | 8.8.8.8:53 | drv.tw | udp |
| GB | 108.156.50.103:443 | d3eub2e21dc6h0.cloudfront.net | tcp |
| GB | 108.156.50.103:443 | d3eub2e21dc6h0.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| GB | 89.187.167.3:443 | img.icons8.com | tcp |
| GB | 89.187.167.3:443 | img.icons8.com | tcp |
| GB | 89.187.167.3:443 | img.icons8.com | tcp |
| GB | 89.187.167.3:443 | img.icons8.com | tcp |
| US | 47.252.11.143:443 | drv.tw | tcp |
| US | 47.252.11.143:443 | drv.tw | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.167.187.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.178.204.143.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.50.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.11.252.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.216.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pogothere.xyz | udp |
| US | 8.8.8.8:53 | opositeasysemblyjus.info | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 172.67.72.193:443 | www.galaxyswapperv2.com | tcp |
| US | 172.67.72.193:443 | www.galaxyswapperv2.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| NL | 142.250.27.84:443 | accounts.google.com | tcp |
| US | 172.67.220.203:443 | pogothere.xyz | tcp |
| US | 172.67.220.203:443 | pogothere.xyz | tcp |
| US | 172.67.220.203:443 | pogothere.xyz | tcp |
| US | 172.67.220.203:443 | pogothere.xyz | tcp |
| US | 104.21.20.39:443 | opositeasysemblyjus.info | tcp |
| US | 104.21.20.39:443 | opositeasysemblyjus.info | tcp |
| US | 8.8.8.8:53 | 177.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.220.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.20.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | galaxyswapperv2.com | udp |
| US | 104.26.14.156:443 | galaxyswapperv2.com | tcp |
| US | 104.26.14.156:443 | galaxyswapperv2.com | tcp |
| US | 104.26.14.156:443 | galaxyswapperv2.com | tcp |
| US | 104.26.14.156:443 | galaxyswapperv2.com | tcp |
| US | 8.8.8.8:53 | 156.14.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | lootlinks.co | udp |
| US | 104.21.60.73:443 | lootlinks.co | tcp |
| US | 104.21.60.73:443 | lootlinks.co | tcp |
| US | 8.8.8.8:53 | 73.60.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | unpkg.com | udp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.249.203:443 | unpkg.com | tcp |
| US | 104.17.249.203:443 | unpkg.com | tcp |
| US | 8.8.8.8:53 | 229.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.249.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.204.248.87.in-addr.arpa | udp |
Files
memory/2200-16-0x000001952C420000-0x000001952C430000-memory.dmp
memory/2200-0-0x000001952C320000-0x000001952C330000-memory.dmp
memory/2200-35-0x0000019529730000-0x0000019529732000-memory.dmp
memory/1692-45-0x000001C7FD800000-0x000001C7FD900000-memory.dmp
memory/1692-44-0x000001C7FD800000-0x000001C7FD900000-memory.dmp
memory/1692-43-0x000001C7FD800000-0x000001C7FD900000-memory.dmp
memory/2140-58-0x00000297B3210000-0x00000297B3212000-memory.dmp
memory/2140-63-0x00000297B3650000-0x00000297B3652000-memory.dmp
memory/2140-61-0x00000297B3240000-0x00000297B3242000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C2Z0XFW0\dotnet.microsoft[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
memory/2140-172-0x00000297C98C0000-0x00000297C98C2000-memory.dmp
memory/2140-170-0x00000297C98A0000-0x00000297C98A2000-memory.dmp
memory/2140-168-0x00000297C9890000-0x00000297C9892000-memory.dmp
memory/2140-166-0x00000297C9870000-0x00000297C9872000-memory.dmp
memory/2140-164-0x00000297C9850000-0x00000297C9852000-memory.dmp
memory/2140-162-0x00000297C9810000-0x00000297C9812000-memory.dmp
memory/2140-205-0x00000297CAB20000-0x00000297CAC20000-memory.dmp
memory/2140-242-0x00000297C4B70000-0x00000297C4C70000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C2Z0XFW0\dotnet.microsoft[1].xml
| MD5 | a2512893dde9403c8e3662a1ce1129f7 |
| SHA1 | 53ff36db2c4852ca5270ec64a1b08e171c55c934 |
| SHA256 | f4e81e13361ad7ec1a1b8c50ba65d15f27ed229bd8da4ed6148dfbe36a068127 |
| SHA512 | 7c59156784204fde93fa80d0776f7cc3edfa64cadbc4796f7ba9986d4cbbf5be6f7226f60c7aba1dd2b5adb66efb798d80c8e93d2a3bc5ba0d58aba70b35e592 |
memory/2140-276-0x00000297CAA00000-0x00000297CAA20000-memory.dmp
memory/2140-277-0x00000297CAA00000-0x00000297CAA20000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\windowsdesktop-runtime-7.0.20-win-x64[1].exe
| MD5 | f95b07e77624be09213c3402f0912792 |
| SHA1 | ff040484be69ee1742deca0a1b127024025213df |
| SHA256 | 6fc91217f9396ccb9fbad9feb6328a6f12e305705775a528a4f011d17bb5cb62 |
| SHA512 | 4e829a689c8bef50a3173cc04cedc327f9f6a7304b6e384147f5c1ca438e8e1747586fd7ab0ba248bbc347b6223bc9aab01e58795fc5cdb15bbbb8fa92b85876 |
memory/2140-349-0x00000297B3260000-0x00000297B3262000-memory.dmp
memory/2140-356-0x00000297CA650000-0x00000297CA670000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V28C7N3J\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Windows\Temp\{FC1B8767-1DFF-415F-B0E5-B4C9ABB37320}\.cr\windowsdesktop-runtime-7.0.20-win-x64.exe
| MD5 | 3655d3156717ba40cfb9e1496d5b20db |
| SHA1 | ae23b6b7b047cecc69d8b097326a11ad3f4fd716 |
| SHA256 | eb4b8a3b8d088dbbe0169f5a2598fee4589486474d902c504965e2126900c189 |
| SHA512 | 0211f9fe9672f56bcd20f242f9450d4c51bd4d7ddcafbfd502106751d83fa958780c0037737f103554844ae81af3ecb43f489bf1c09d65077e93fbec7ef5ad1d |
\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.ba\wixstdba.dll
| MD5 | f68f43f809840328f4e993a54b0d5e62 |
| SHA1 | 01da48ce6c81df4835b4c2eca7e1d447be893d39 |
| SHA256 | e921f69b9fb4b5ad4691809d06896c5f1d655ab75e0ce94a372319c243c56d4e |
| SHA512 | a7a799ecf1784fb5e8cd7191bf78b510ff5b07db07363388d7b32ed21f4fddc09e34d1160113395f728c0f4e57d13768a0350dbdb207d9224337d2153dc791e1 |
C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\.ba\bg.png
| MD5 | 9eb0320dfbf2bd541e6a55c01ddc9f20 |
| SHA1 | eb282a66d29594346531b1ff886d455e1dcd6d99 |
| SHA256 | 9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79 |
| SHA512 | 9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d |
C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\dotnet_runtime_7.0.20_win_x64.msi
| MD5 | dbb5cb3d7ddfd75d4f9df01aff0dbd2a |
| SHA1 | 3439b45e02ea5a682672df8e90bbb82595830173 |
| SHA256 | 5749e12a7e95b038ff65d3c7da439b8c8e2ab2e6cc0183a1cca91f7c74ffbf52 |
| SHA512 | 0404f0425ebee045f1990be11f21cfe6ad0a01f9f8467b8aff02b2253b015f914b62894879e295f2cc23d4a2213d549df54436b462ad4ea24402041b9598e3c6 |
C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\dotnet_hostfxr_7.0.20_win_x64.msi
| MD5 | d13eaa78c61f3e42dc2f074c0a1030a3 |
| SHA1 | fe1f8e2f4cc7180cfbd6be5cc4d1fcef8be3436d |
| SHA256 | 235e877472b2418e67862a9701a2f4f7060d039f4dc3680b42b7392608a4593f |
| SHA512 | 1261715d375c497cde320979bead6261d3f88e8b0737793febdfc051044a8a5276638e58c24657adcacf2f2a2f9741fd4e901c8b98a8d7afdabb080298ecfad8 |
C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\windowsdesktop_runtime_7.0.20_win_x64.msi
| MD5 | 61f2d7fb63eeaffcf8f73825c8c6cf41 |
| SHA1 | 3d7481dc7d1c6e803ac9825a753c8bf6b18a4923 |
| SHA256 | 7168a15851151d448addbc9625ae40521867bd7418a43b00a9a881ac1a549331 |
| SHA512 | 2fa7f974c767f7103ab9288c71eba6793f9d515bdded62d49d7007e396b03869444b920d523589c337659e75c2c123ba1cc62dc97bef4da250b15f2cee1ea398 |
C:\Windows\Temp\{7F72087B-FF89-44DB-B3C0-4C4080BFFF7E}\dotnet_host_7.0.20_win_x64.msi
| MD5 | 9f40e8a9da0e56bd2472d6f376c9c3c3 |
| SHA1 | 4b9e5385563cca4ed9af1701565745ec4e0fb13e |
| SHA256 | 223c31101de61725874708d0f33a67c05b24335f50f577ceeb970c14074be9ce |
| SHA512 | f4cb80af5f4deb184217dce977d1960e67ea5cc54e4e2c4024ad542b19d66afa6dc2b584e07c30b3a2242d201e563260dc1a2bfde155e96d9ef52fc0e3be3bac |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.20_(x64)_20240604020726_000_dotnet_runtime_7.0.20_win_x64.msi.log
| MD5 | a79cfd767438011443da0420a0e3ef42 |
| SHA1 | 40c37ca64e859f0e72dae5ed7e44f4729d96b4fe |
| SHA256 | 3e18c0f7a73737a89a15a94965f2a075411ea2b9eb8ab2f79b074f60ff4acc0e |
| SHA512 | 40f66545b9254f80aed8deaaf5dfb85142ebfcf5ebf97dae47b148bb18295c2dcca7742995e03088d92041a133dcb181b90f9cafd27618d7203c86862140f92c |
\Windows\Installer\MSI37E4.tmp
| MD5 | 60e8c139e673b9eb49dc83718278bc88 |
| SHA1 | 00a3a9cd6d3a9f52628ea09c2e645fe56ee7cd56 |
| SHA256 | b181b6b4d69a53143a97a306919ba1adbc0b036a48b6d1d41ae7a01e8ef286cb |
| SHA512 | ac7cb86dbf3b86f00da7b8a246a6c7ef65a6f1c8705ea07f9b90e494b6239fb9626b55ee872a9b7f16575a60c82e767af228b8f018d4d7b9f783efaccca2b103 |
C:\Config.Msi\e583585.rbs
| MD5 | 84dc7d21ef7d7c513e9acda4b7516b00 |
| SHA1 | e5b77dd6c9654bdddb4b2dc1dc168e3a7ddc7949 |
| SHA256 | 52b48ab8831c66cc351c9b145a19395e4e8c1cd9d6c1fcce7075730b1a50c78b |
| SHA512 | d392265a1a2b85c1c8a84f6806ff75ef1539be2e48e333fc9816141a4e5a061647ea07d611cc5e728c3ee6327ad00767341cadea50d5a89dcaad604aed73da92 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.20_(x64)_20240604020726_001_dotnet_hostfxr_7.0.20_win_x64.msi.log
| MD5 | cd1a91a138e9d07f8fd3fcef13c2d00a |
| SHA1 | 00fa574c2ff5dbaf9c5acb6561c24d49b74b8fe5 |
| SHA256 | 66e182450bb6e43c4492226b4ec4123fd5400362824379c792e1f3a2fdc6c991 |
| SHA512 | fb1fbbdb34da9fac71824a9e67e54f03a335b93819b40112adbf07a0bcea2bfec5cfcce6ee7369a9010aeb342011722f5f93d1e4cd6c9ad632c50ee3760e790f |
C:\Config.Msi\e58358a.rbs
| MD5 | 2fbdda1b0920f324b24d64c378beade0 |
| SHA1 | a110ea23604a900e709874ff99cfa139c61895dd |
| SHA256 | dc872683b4d5b8cce64036544d3bc57145f5784b671b909ae53895ab81f0c3d0 |
| SHA512 | b27e1337c2a5ac5e5b44f31dacab84e59d93ac21567142dbd7240c333530253a225e4167613aca6a8fd577c7f8f488c43ad1758ee816f4fd07bb925f67be64e0 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.20_(x64)_20240604020726_002_dotnet_host_7.0.20_win_x64.msi.log
| MD5 | bbc9f7faeb1dc7da941cbbd15816da03 |
| SHA1 | dea51cd085dc7e4b1af60376f20887d266b5a2ec |
| SHA256 | 3a01b1acd50e69cff34e18de437ee9f898d027f2d70eef3c9f308f9c1c18a833 |
| SHA512 | a1d9c0c35e6cd7d243ac527cf125f5b8b692e620def3aa98715fbd6fdb501ad760f8079f91ddbb080cc71a0fd52a24b07d493d5d16237c2dc7ce6eef8f551512 |
C:\Program Files\dotnet\LICENSE.txt
| MD5 | 31c5a77b3c57c8c2e82b9541b00bcd5a |
| SHA1 | 153d4bc14e3a2c1485006f1752e797ca8684d06d |
| SHA256 | 7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d |
| SHA512 | ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6 |
C:\Program Files\dotnet\ThirdPartyNotices.txt
| MD5 | 5c13a5ea8c8cc3474240981d0ffa88ff |
| SHA1 | 1d8d3ce27d9dc3d9fb4fa4b06c20137d25879d80 |
| SHA256 | 4f9bb3901879bafae3a17c6c4009ee5c15384a06fc234bed78937969079c77da |
| SHA512 | 32ea79ff5194d8a18e75f277aed5610b4955db15b0abbcc2664cf07f372bebfc57eb665ad078dc3da3ce5ee0d8856140c2a1bc7032b578dd103d43998d682d88 |
C:\Config.Msi\e58358f.rbs
| MD5 | e81adea66cab9302cbeb4ef3012fa7ba |
| SHA1 | b25b844a0bcf1649403541929b38d9c36d8c2b77 |
| SHA256 | 9bcd43240854c93e508effb4a31e7670b93d6cf1a73aa705262c1d577724f6cd |
| SHA512 | 55414c1740bd371698cef9bb3217a776b7cdd16e1ba3606bb0af5519bd83f00e87a1f4b9d12843c10c4cc976b6c7764682053c2ff6ac1cb83d85d3e9b6211234 |
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.20_(x64)_20240604020726_003_windowsdesktop_runtime_7.0.20_win_x64.msi.log
| MD5 | 90beb893af474b952dbaa02ba53fc014 |
| SHA1 | 579d16ab467c6132a68bbfb1de4c7848c0c2676d |
| SHA256 | 4dade1d487ecf7683cb0e02f2e5418fa7d929a9a3c4c8ec00abf2afb74289da8 |
| SHA512 | 1073375ea47e6b32393b79b7603f5af13f53f3fc082b210d9f689a9a874acceb16c4647a29d202143dd9ccd9c93c7c2c45c6413563e908858a5a0686166662fe |
C:\Config.Msi\e583594.rbs
| MD5 | e1c4b7c2a29cfc668be3682425476927 |
| SHA1 | 6bf1db396a9dbb2cce7192b493f51c5d49047c3d |
| SHA256 | df665a035a20b820af10ce8a94e052edfda014cb2eeb07b374209fa853d939bd |
| SHA512 | 2667baa8bee9cba4d120b34c250075a6e5a07d1874071a5dac3d35d9752696252bff497fa728c49ef97ec7ddc882f11a768c6e3124d6b69b24812679de7f3984 |
memory/4748-1121-0x0000021EE4B40000-0x0000021EE4B60000-memory.dmp
memory/4748-1128-0x0000021EE4B20000-0x0000021EE4B40000-memory.dmp
memory/4748-1135-0x0000021EE4F00000-0x0000021EE5000000-memory.dmp
memory/4748-1148-0x0000021EE5800000-0x0000021EE5820000-memory.dmp
memory/4748-1153-0x0000021EE58E0000-0x0000021EE5900000-memory.dmp
memory/2200-1183-0x0000019534BE0000-0x0000019534BE1000-memory.dmp
memory/2200-1184-0x0000019534BF0000-0x0000019534BF1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1SX7W4I3\favicon[1].ico
| MD5 | 84cc977d0eb148166481b01d8418e375 |
| SHA1 | 00e2461bcd67d7ba511db230415000aefbd30d2d |
| SHA256 | bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c |
| SHA512 | f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3 |
memory/4748-1208-0x0000021EE6C00000-0x0000021EE6D00000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\XK92ZZYV\www.bing[1].xml
| MD5 | bdc9f9626b299eece9293c8aa1d0e1a9 |
| SHA1 | 59d70be594197708f3dc3ed819e25bc4385e2af0 |
| SHA256 | a0454499d983cbe279992a7908c9fd2ac710f63fd470ad78c5c0b592f738c86d |
| SHA512 | ed1dc60c23234b6a74331f5c9440625a7decff95483ffd3a56b61ab89e83dcf8f032c4daca58381fadd847f8fc2ca45b6d623b5f2c0ba783efffb0a67001620f |
memory/4748-1251-0x0000021EF7000000-0x0000021EF7020000-memory.dmp
memory/4748-1256-0x0000021EF72B0000-0x0000021EF72D0000-memory.dmp
memory/4748-1289-0x0000021EF7310000-0x0000021EF7330000-memory.dmp
memory/4748-1389-0x0000021EF7310000-0x0000021EF7330000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5QL2I3FQ\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
memory/4748-1431-0x0000021EF7610000-0x0000021EF7630000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\o7B3FK6ymEOn7sBfZSmifVTwxPk[1].css
| MD5 | 77373397a17bd1987dfca2e68d022ecf |
| SHA1 | 1294758879506eff3a54aac8d2b59df17b831978 |
| SHA256 | a319af2e953e7afda681b85a62f629a5c37344af47d2fcd23ab45e1d99497f13 |
| SHA512 | a177f5c25182c62211891786a8f78b2a1caec078c512fc39600809c22b41477c1e8b7a3cf90c88bbbe6869ea5411dd1343cad9a23c6ce1502c439a6d1779ea1b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1SX7W4I3\favicon-trans-bg-blue-mg[1].ico
| MD5 | 30967b1b52cb6df18a8af8fcc04f83c9 |
| SHA1 | aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588 |
| SHA256 | 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e |
| SHA512 | 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js
| MD5 | cfcd208495d565ef66e7dff9f98764da |
| SHA1 | b6589fc6ab0dc82cf12099d1c2d40ab994e8410c |
| SHA256 | 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9 |
| SHA512 | 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\4TQ6xhX_0XDFyLdFRS-kPhFXirA.br[1].js
| MD5 | fbf143b664d512d1fa7aeeeba787129c |
| SHA1 | f827b539ae2992d7667162dc619cc967985166d9 |
| SHA256 | e162ccd10a34933d736008eb0bc6b880c4e783cf81f944bca7311bf5f3cd4aff |
| SHA512 | 109ec6433329f001c9239c3298a10e414522f21be2a3d7b8a9eb0b0767322eaad1fdf8f5b11edb1f42882b4e75ae71bef7fe786716407c8efad4feacb3dcf348 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js
| MD5 | 56afa9b2c4ead188d1dd95650816419b |
| SHA1 | c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6 |
| SHA256 | e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b |
| SHA512 | d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js
| MD5 | 9085e17b6172d9fc7b7373762c3d6e74 |
| SHA1 | dab3ca26ec7a8426f034113afa2123edfaa32a76 |
| SHA256 | 586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d |
| SHA512 | b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | e7ed3dfdfc81ed8e5a7156e46a067388 |
| SHA1 | 7f3c13860a43dc2ba075379341eee9fa4bc70079 |
| SHA256 | 41e05814fbfd259731f667d36ddcc1aeaa0bd59546a514ea03a90f681004b6d7 |
| SHA512 | 14d4d01a6fc15476d91a30a8d0698bef051c6b435eaa038216d696036b5c861ad2207695d885e5e8fd5fbe2738756845612082926785a25389067c79ce040465 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
| MD5 | d45ecd41e7ee97871e4f0934a9c37333 |
| SHA1 | 5c774b323e6c563ffab79160debde90b24e9c1a4 |
| SHA256 | 3c32b814ae6efedfedfbe912022287f3af62d8ebf60862bd1bfa6b4842049b71 |
| SHA512 | 6c86798be2b80695933102df67e5d4449306b34ded5eb766a46019639204cf43a4f32ee50a91a39241b1e24b39ee1cea87a861c811bfcc63e4e29b039b47b9ca |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\wAMGEgzu6dXMQl4NYW_4fU74uOk.br[1].js
| MD5 | a3e0197c131eff764a5345df9069cd2b |
| SHA1 | 3c1ef5902793950ff3b64c736ec4d30761f6581a |
| SHA256 | 6f57a14caab2c7e1e4b57892cae18ada7a23db917f76c1f58df27dda020dbf60 |
| SHA512 | 381bc523710396db6200230040f560ce52015722a978386719b0c8a2b17d8196362d2f3a5e172855e96ff513a6e85b7d99a1f5acb82edecf4ced9cbc7d4e0796 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\lLk8XmbdNzzlnPRzVzDhaF9yjqw.br[1].js
| MD5 | 3ff8eecb7a6996c1056bbe9d4dde50b4 |
| SHA1 | fdc4d52301d187042d0a2f136ceef2c005dcbb8b |
| SHA256 | 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163 |
| SHA512 | 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\K3hC1_cQXGFr6cxRJVWYpzZJaAM.br[1].js
| MD5 | 02b0b245d09dc56bbe4f1a9f1425ac35 |
| SHA1 | 868259c7dc5175a9cc1e2ec835f3d9b4bd3f5673 |
| SHA256 | 62991181637343332d7b105a605ab69d70d1256092355cfc4359bee7bdbfb9c6 |
| SHA512 | cbb43000a142807ff1bb3bfac715cef1240233117c728f357c824ce65b06be493df2306c7b03598817f09b02e9e36ec52314f88467679c5bef3ee1504a10c7e6 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\9xGNA8UskvA9WHF58zbLOHZ5HvI.br[1].js
| MD5 | d6741608ba48e400a406aca7f3464765 |
| SHA1 | 8961ca85ad82bb701436ffc64642833cfbaff303 |
| SHA256 | b1db1d8c0e5316d2c8a14e778b7220ac75adae5333a6d58ba7fd07f4e6eaa83c |
| SHA512 | e85360dbbb0881792b86dcaf56789434152ed69e00a99202b880f19d551b8c78eeff38a5836024f5d61dbc36818a39a921957f13fbf592baafd06acb1aed244b |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\V_fBQ_iVmAgE_Ta_T-6BNXc0ZY4.br[1].js
| MD5 | f5712e664873fde8ee9044f693cd2db7 |
| SHA1 | 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4 |
| SHA256 | 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2 |
| SHA512 | ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\8CgcSSLayxEVUBf0swP_bQGMId8.br[1].js
| MD5 | a5363c37b617d36dfd6d25bfb89ca56b |
| SHA1 | 31682afce628850b8cb31faa8e9c4c5ec9ebb957 |
| SHA256 | 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f |
| SHA512 | e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\_2I169N92jVtSc_VEsV0nma5sRY.br[1].js
| MD5 | 3104955279e1bbbdb4ae5a0e077c5a74 |
| SHA1 | ba10a722fff1877c3379dee7b5f028d467ffd6cf |
| SHA256 | a0a1cee602080757fbadb2d23ead2bbb8b0726b82fdb2ed654da4403f1e78ef1 |
| SHA512 | 6937ed6194e4842ff5b4878b0d680e02caf3185baf65edc131260b56a87968b5d6c80f236c1de1a059d8158bc93b80b831fe679f38fc06dfb7c3413d1d5355aa |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\n21aGRCN5EKHB3qObygw029dyNU.br[1].js
| MD5 | cb027ba6eb6dd3f033c02183b9423995 |
| SHA1 | 368e7121931587d29d988e1b8cb0fda785e5d18b |
| SHA256 | 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f |
| SHA512 | 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\Gyuq2bqitqDJM0BeAkbKXGlQXNw.br[1].js
| MD5 | a969230a51dba5ab5adf5877bcc28cfa |
| SHA1 | 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265 |
| SHA256 | 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f |
| SHA512 | f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\gKwIRAF4fg7noG1zyeUz8x3Jdhc.br[1].js
| MD5 | 47442e8d5838baaa640a856f98e40dc6 |
| SHA1 | 54c60cad77926723975b92d09fe79d7beff58d99 |
| SHA256 | 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e |
| SHA512 | 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\9cuwOQ_qE7qTGKohzrf_gIjTlPI.br[1].js
| MD5 | fabb77c7ae3fd2271f5909155fb490e5 |
| SHA1 | cde0b1304b558b6de7503d559c92014644736f88 |
| SHA256 | e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c |
| SHA512 | cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\Gw7eETSwe7GHmKwW1lRqGPQJXRo.br[1].js
| MD5 | 17cdab99027114dbcbd9d573c5b7a8a9 |
| SHA1 | 42d65caae34eba7a051342b24972665e61fa6ae2 |
| SHA256 | 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de |
| SHA512 | 1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\psgXZvzYJMEW2ydikIk493Va1d4.br[1].js
| MD5 | f4da106e481b3e221792289864c2d02a |
| SHA1 | d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994 |
| SHA256 | 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9 |
| SHA512 | 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\IPjqENt_x1c56fZCsFxov2V2J84.br[1].js
| MD5 | 9a4dafa34f902b78a300ccc2ab2aebf2 |
| SHA1 | 5ed0d7565b595330bae9463ab5b9e2cdbfdb03c4 |
| SHA256 | ba98a6ebc3a03098ca54973213e26f0bf9d1e7e335cdfc262346fb491c3cad69 |
| SHA512 | 1a8b4fce1c0e585bfcf8f11e0192fb04a80dbde7035a9c8fc426cd6383d6902bd77222331372ea33aa50d92b7cc7965656b11f480085af70267b3fd8355ebfd4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\K_V1CARn2Q2lTs5njJKUvUkHyi4.br[1].js
| MD5 | 6c2c6db3832d53062d303cdff5e2bd30 |
| SHA1 | b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d |
| SHA256 | 06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70 |
| SHA512 | bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\1rUTIFRcUHTZUBaDs_0q8KvUlR0.br[1].js
| MD5 | c63e610f6bfb2687ee044cee7d3e16c7 |
| SHA1 | b78022432ac754cc41335341a8e07f2676bad789 |
| SHA256 | c150d5e192ece8d69ba8029d87ecbc66674013b8418264cc86f0abcb0da0a38b |
| SHA512 | 11029009d8d0885d16a4b546816cc0f22f51ffd035fdd87d58eaf432017947460a1a78a543c0eb3875af49342a240ea606aced23654bc190ba6a4b7101e13a3a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\3US3nNU_RgsSNFm9Bzw6xgeuOHk.br[1].js
| MD5 | d42baf2a964c88aaa1bb892e1b26d09c |
| SHA1 | 8ac849ca0c84500a824fcfd688b6f965b8accc4c |
| SHA256 | e3a15dab8cc5adbd2cfa1a162bf06583da6fb7be3831323d819cd881bfb0672c |
| SHA512 | 634bb1c984c9d74876051937240295a5ed5dc6404379decafbc4df074aefda5246ec33be84d2b21e0099c7bdd406e9cae6ebdf0ff01ddec3806b89dc50810c12 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\zXHaGKCOTtmQ_Ueik3R6GTcUz-8.br[1].js
| MD5 | fe1f9add646fe3c4eb695f76b6eccdfc |
| SHA1 | caf4f7fd1142398e9a9386bce595afb66fd41c77 |
| SHA256 | 2d790381800ec6ddb18f82658ff2515866a1e3e470b926d46dd8b46ffffa7403 |
| SHA512 | 1f621757daa2864d4d258c6a69a60490df224ef5dd86a230f8d410e50ac1423a9e0dcb44225c17be2dd14826c54e545626b991cc7741055ba96d1d95d638a24f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\5L3iD467J3iJWEPwIjxlK0MMDpY.br[1].js
| MD5 | 2ef3074238b080b648e9a10429d67405 |
| SHA1 | 15d57873ff98195c57e34fc778accc41c21172e7 |
| SHA256 | e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da |
| SHA512 | c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GPBNNLW5\nt6a1ZR520utsLoZmSYgwxdOPgI[1].js
| MD5 | 0c2672dc05a52fbfb8e3bc70271619c2 |
| SHA1 | 9ede9ad59479db4badb0ba19992620c3174e3e02 |
| SHA256 | 54722cf65ab74a85441a039480691610df079e6dd3316c452667efe4a94ffd39 |
| SHA512 | dd2b3e4438a9deaa6b306cbc0a50a035d9fe19c6180bc49d2a9d8cdbb2e25d9c6c8c5265c640ac362dc353169727f8c26503e11a8a061a2517a303f61d0ccd3c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\910ptS3pcIDQ7a5acMaHuQliuN0.br[1].js
| MD5 | 8898a2f705976d9be01f35a493f9a98f |
| SHA1 | bc69bec33a98575d55fefae8883c8bb636061007 |
| SHA256 | 5f30270aa2dc8a094d790e1e4a62b17c7d76a20b449d9b69af797a55fada9108 |
| SHA512 | c8575df93fbd1f65a285d484257adfe12733e47a6524a18d5910d33562eefd1d9da7197d16c7a3cad3bc5ad89546ff0fefe90e5c96e7850ecec9708c90334349 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\mOy7YpeLJ3c40BBAFNUI6SmOUTY.br[1].js
| MD5 | 16050baaf39976a33ac9f854d5efdb32 |
| SHA1 | 94725020efa7d3ee8faed2b7dffc5a4106363b5e |
| SHA256 | 039e6b3df1d67341fb8e4a3815f0d1bb3292a2040334ceb9cfc4a8d6abf2fb55 |
| SHA512 | cf0d54f0368ffbc6908216fd2573df8f5fe4c34ac08e17301b8734b3fabc674672a7f456707f632f82f44b36812dad8a0cf81a51d5cea21ea7f0e18500298375 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\Q1Z1cF6gZCkTBd0Gx8Q7LjbPAlQ.br[1].js
| MD5 | 7a0dd3b8ac06a6b4a01953955606ed27 |
| SHA1 | af6453882542d8bd119a768c025af1c94bf7b3ca |
| SHA256 | f1b3acd8757d2c9db87cb851eebf25909c0355483520475c2ed1f29bb36e062a |
| SHA512 | e5cc3aa206c4a62e746ea9743ae92fd5efb4d46f12c9f51ba04eefffc58e04fc8b085eb0fbeca42290a8ecd3d8c07b40ad80f80db3cf3309d098022f948865c2 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\zlfm-hC70pZAs62UVTTl3KShKOE.br[1].js
| MD5 | 8c8b189422c448709ea6bd43ee898afb |
| SHA1 | a4d6a99231d951f37d951bd8356d9d17664bf447 |
| SHA256 | 567506d6f20f55859e137fcbd98f9e1a678c0d51192ff186e16fd99d6d301cff |
| SHA512 | 6faa73d59082065426769a27081cbedcd22146ef948afdd9a86801f205b2dddc63e03ac5d555ef0af23ef05901ebffe7e8aadd82260ef505cb89d99e572fdf4a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\6mZmj1db42G_jniFgdT7MCvBgyA.br[1].js
| MD5 | 2ab12bf4a9e00a1f96849ebb31e03d48 |
| SHA1 | 7214619173c4ec069be1ff00dd61092fd2981af0 |
| SHA256 | f8b5acf4da28e0617f1c81093192d044bd5a6cc2a2e0c77677f859adcf3430ac |
| SHA512 | 7d5aae775be1e482eada1f453bea2c52a62c552fa94949e6a6081f322e679e916b1276bb59ff28cf7c86d21727bcc329ecb03e5d77ca93204e0cd2694faa72bd |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\yZjAz6-B4hIBhJ6D3nAyY_Ebn44.br[1].js
| MD5 | 2df9793cf020a37c88178be84311427a |
| SHA1 | 29cfe86239722d4f4af07c494d676092896a8600 |
| SHA256 | a69d257eee41e843881d548d2e4ee5a0727b889ab22bffdaa8ed1074e802bcc6 |
| SHA512 | e9a35ec1e466feb3e273fb991a3282ba1c45fd0eacea956e9821914cc4261377684b062bde888ebf5767bbc055db191dc14e00af8037b5607449c06e5d2dd082 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\UftfQbYuKvGGEUHPU3QGHYd90Z8.br[1].js
| MD5 | 8d078e26c28e9c85885f8a362cb80db9 |
| SHA1 | f486b2745e4637d881422d38c7780c041618168a |
| SHA256 | 0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461 |
| SHA512 | b808a972cd44e6bda01ac1f8d904d5a281f33b9238b8caab03decb6adb6b494b19dd9bb35e3d1ea3ca914ff4957155f6d2cb5a9b3a00c2195f80f52804ffb244 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\JigriHckblqcu1XwKpT4wumVS2k.br[1].js
| MD5 | 602cb27ca7ee88bd54c98b10e44cd175 |
| SHA1 | 485e4620f433c02678be98df706b9880dd26ab74 |
| SHA256 | f1c39ee3528b8f6bb887150c10152cd3bbf849c4b305da9be3d4a92614e2f3f8 |
| SHA512 | b27a3b7737ce984e6ad448f68b31074f8a98c6ca5d66f3165d1dec650097077da9c80ef3045758c591a1cf0dda74fa4ba8039426d312f50f082d2a0f8e7de21a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\NfTD8Ovh04Y_Ni14YxqYB8R_2_Q.br[1].js
| MD5 | f1cf1909716ce3da53172898bb780024 |
| SHA1 | d8d34904e511b1c9aae1565ba10ccd045c940333 |
| SHA256 | 9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01 |
| SHA512 | 8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\15iq_2Gk3PVTxAcFogKUl92mHRo.br[1].js
| MD5 | 799a693e726a90d0a8b65139d1920b9f |
| SHA1 | 1460c7eb897ed7bc781eacbbbd7409efd299c1b1 |
| SHA256 | efa598809605adb80c372f0f9282785783c801f8509e25bedaac360b0c148a79 |
| SHA512 | c617392f61f11e5a33fc9ea9ff39807ce2e02f95b0663316146384ca0e8b9e24c9b142c36dd29b7eb85d5a593c1c25e972aa26d794dc2fee1c1304add01fe93e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\y1tiMssL1_ZRGIkBjxDYmR2kX8o.br[1].js
| MD5 | e3c4a4463b9c8d7dd23e2bc4a7605f2b |
| SHA1 | d149907e36943abb1a4f1e1889a3e70e9348707b |
| SHA256 | cfb7fa1c682c6eee2b763b37e002022463cd6435434a16f6335f33fb98f994a6 |
| SHA512 | 3a4e38e4c631d8e845edbc01c986f73b0368f8049beea7a3e8a34bdd5864c34103a48b19749c11b5bcc71fdaa672ef6c42e305e1cc6b37abea934766f3deb068 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\ydDuUFvQrnTEDpvE14Ya7abrPGk.br[1].js
| MD5 | d807dbbb6ee3a78027dc7075e0b593ff |
| SHA1 | 27109cd41f6b1f2084c81b5d375ea811e51ac567 |
| SHA256 | 0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7 |
| SHA512 | e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\ID-70CBAEOXh6Nwxga-CxgpUq4k.br[1].js
| MD5 | fd88c51edb7fcfe4f8d0aa2763cebe4a |
| SHA1 | 18891af14c4c483baa6cb35c985c6debab2d9c8a |
| SHA256 | 51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699 |
| SHA512 | ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\eKvcHdnNwo1WcxoSioV4ztnfZk8.br[1].js
| MD5 | fb797698ef041dd693aee90fb9c13c7e |
| SHA1 | 394194f8dd058927314d41e065961b476084f724 |
| SHA256 | 795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da |
| SHA512 | e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\uiannz55FdT0j3p9jGwegfI5aIY.br[1].js
| MD5 | 45345f7e8380393ca0c539ae4cfe32bd |
| SHA1 | 292d5f4b184b3ff7178489c01249f37f5ca395a7 |
| SHA256 | 3a40a1ff034448d68d92a75ababa09ba5f2b71d130f5f6bdf160dcf8851529a9 |
| SHA512 | 2bfd00bf303ad5a1e8413b5ee6a162167605511fefb8df61a8f40f80382f5520df690a53b1058365f1d81562b2668376886d0f829517a642fcd87412801fe987 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\AsdMf7D6KLdP5SQOeuSIZtV8-sA.br[1].js
| MD5 | 43b58b6b14b60581457ef8a405721626 |
| SHA1 | fa9da729b92847cc05ad81625b5667f299b75c08 |
| SHA256 | cef3b449403a4725a3866768f730e13f1bddec067cc67f306f023de2815a2789 |
| SHA512 | 4c22ec83b8a81e0716c4ea9c643cfb4c4f9256447a114b7b0e05c0b38bc073f4a0538e2a385e963b3e2634ef34f66050ac2c36801772a345670409be8fd2e829 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\8w26ODmd1hk4C30WJtfkdBYFSfE.br[1].js
| MD5 | 072d0f8c7fdb7655402fb9c592d66e18 |
| SHA1 | 2e013e24ef2443215c6b184e9dfe180b7e562848 |
| SHA256 | 4cd4cc3d07bbacdecb7331bf78fc5353b4b2664b6c81c1c0237136123d8e704a |
| SHA512 | 44cecee114212d2901dd13f9200771c708ef6e89b9bdcb75edf898a1e39833aafa4c7f8ebfc2f613d46eeea35222a1dfee3671a1b42679a94beaec099164f009 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
| MD5 | e4a6497c402dcdf41b5f7d0827824059 |
| SHA1 | 16ef58b296d9251c6ac5fe3df1b8e71236d6f9b1 |
| SHA256 | 98fc52bea0ac5a888ed498fe0cc68a85945c1579ac8f692bd6c059feca2342c5 |
| SHA512 | 8892e41a174111b6913460c0124fd6d9b9c8b6d3cf44d5979d1d3fe0198bca245983d70f7ff94b0a49d4af309201509e2d30c60474ba07360880da8c8c41652a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A
| MD5 | 4a0c1c0983afa53c98de873ff7701fa4 |
| SHA1 | bef6ae9212497c265dd98fa918f8f640074e7655 |
| SHA256 | 07f8b052e5b429a3bd249001f0d6fa4916a9788d3d42879d57845d928fd7db72 |
| SHA512 | 4cbaf6ebe0e14718f493a0a3f2da6172839dd8ee3609c8f17e82bde070e578a90f177de06f9aa9a8b884294d2884aac652be907c954f353f8fe3071367624a6c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5QL2I3FQ\favicon[1].ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EH2SKH3X\th[2].png
| MD5 | 63343141c64682bd3e0f711730475354 |
| SHA1 | a2a7298e8f58a74292885bae9a3f44c76c7aa945 |
| SHA256 | f90e661a7731c97e3478027d07afd8c86e461c5f379932e15efad17d0e96d402 |
| SHA512 | 17f7f14b0c929164283d5fd7bc829d907b923bb12a7b9d6124a6aac64eb79aaa47163583acca91fc71047bb7bb707d649407801c8762d8942a44531da9559edf |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7Q09HAO3\4UY2jq3mEKk7NI4y4J9sHqyctKk[1].js
| MD5 | 9672a1df6f912de8c216915605eb242d |
| SHA1 | e146368eade610a93b348e32e09f6c1eac9cb4a9 |
| SHA256 | 89b5525e3432acfa36b46f3a88451fcf34c940fe38d8afcedd71e67b73713da0 |
| SHA512 | 22d39c7937ab4d38569b6373cfc42135735356a5789ffceb8d585202f11fce72483eb21d1b28c392913e5a43b28dd0c335d239bc0e970a635c50d145bd3a8d7d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OK5IKKYF\img-2[1].png
| MD5 | 041ee34f7d8f0c49f5c6670057dcecd1 |
| SHA1 | ff00f78e7a823111ba685736e19e2db8d280517c |
| SHA256 | afbb32c83fa61f012d2c10d039d42c80eaf53e6f576e0b9081f4a5e34591fd4b |
| SHA512 | c5423f9649f8aa0f73116d5dc0d1884f63a726b67bca749934bbbaef017a09bb479e90ae01f7f31ea019bae244c62285f224d23168401a6661c28ddd8da14b78 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\RQZTDO7E\www.galaxyswapperv2[1].xml
| MD5 | 1ac31d6e8812ab6c3a376c4cbd7637bf |
| SHA1 | 283bf9d87679e89a40b878b7a8e58c6b8bc60b9f |
| SHA256 | 1bbde903e6282107c62caa2595fc02d2919985333ad5472f356617e839258133 |
| SHA512 | b0093b145001910f02619d8d927d10d2b84bc0439ffc188821e3f34887ee29f6a76510b844852a5326a805c9b716eb68c609b9e4fe9605bcf24c99e7d3b561e8 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\kqnrehq\imagestore.dat
| MD5 | 0c0868aa6be64c76cdcaf55e7517101f |
| SHA1 | c0b2c81bc445fbe7af99881f8b4090bf77483714 |
| SHA256 | a20da06cf973089b47d5a1fc7a4396c5b1ff0ebd69bf21426cd6f46a66eeceb0 |
| SHA512 | 4deb8aeda0e585881fb733fdcdbcfcfcb0292ec148b3a00bede600eec1207e6cbebfdd7c3ebdacd1a41147102ba4c510208b4ff9d03d0612c6c090db22cf65b7 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\s[1].htm
| MD5 | 49374f48facfbf9c81a4bb748c81904c |
| SHA1 | 5061ec16c35ae24f987d58229a3182fe7762d281 |
| SHA256 | d9dfbf6fd747a0790194536e4ccf60df8d7a211c4187e334282d7b308701549a |
| SHA512 | 62e96ef2d26d35f27a98a252624ec39d14b299b5a99d459e67c9f862f1923a80d429a87459597c2ae1882888b67eff1adef8b4723aab68ea9622c46ed095fc80 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2H8Q1SG2\s[1].htm
| MD5 | 5e51b8069ab944a4480e4860bc727949 |
| SHA1 | 682c7690b11309b0ea7de84c8aef8e002a728a07 |
| SHA256 | e98361b17d1e5c506724a778c3c05cd8df139ebc134e4d9579ebeb9140755f42 |
| SHA512 | 08eed0f964cdfb61723ef00006dd014a56aca8a4cd8a0c1b27c48b961cf883fadf00e04512b2e80414790a969da3f4068f02c1f070ed4aa024c067fbe0e39f08 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | e0f28388d327a7d439119dbfe905e208 |
| SHA1 | cd75a984d6b6995f7250ac6165c98f2e16e2e362 |
| SHA256 | bd610370f46e5f68405c4e594bef965c2c554be784c0238be05d5d40972c2f83 |
| SHA512 | 8bd485774a3f8aa927af5e650bcaf6926a7a2d08683cea65ec0c33406f2ab5bd7581248ea6448a7dd8102e6fc2d11def65654db6aa3a2311c9f722bfb02ee7ae |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | aa08ec878b05196c518d4db7d55e371b |
| SHA1 | 349148372278a8cb178f3ecd9fc827797db9ed91 |
| SHA256 | 7a1ba6bbe0ce1e04178103a593cf3dfd6db1c1acbac1e028544c0848c030df22 |
| SHA512 | c2ec69ee95370317b02a79758a80f43c59d896efd3f432916b3d6c9a2af39d528347dd9358950a8100115a3967a8a0d2bdd0c14e121b63798618b8dc5103b201 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | 8202a1cd02e7d69597995cabbe881a12 |
| SHA1 | 8858d9d934b7aa9330ee73de6c476acf19929ff6 |
| SHA256 | 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5 |
| SHA512 | 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464
| MD5 | d023ff75ec4a95c9f009bd0d8e6199e7 |
| SHA1 | 96aec6e50ba86d4d4542e7c38f0d28d7737ddc07 |
| SHA256 | 75c3ccbd664cffd50fb178ab17179cb33e1a636b237e0342c9c7db705f012588 |
| SHA512 | 0dddbb1d36abcc732c3c499fc2673e8fb7708e701da08e740d15e900a932608ba52c4d4806ce771d40c677ddb152ab968d9777228f8036797246d8db33ccf985 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | f7359d4d2c87370617136002becd2200 |
| SHA1 | 84ddb3c3e66ef75e79e65160d9c37e6ac1fe4024 |
| SHA256 | cabde2a7af6406ac683c40dabe37c5b0cb9ef0878a7e3512437cee2769a689ed |
| SHA512 | e7523ad1497ee40da072abe125db6cc736a0e1cad70bc1f2b9005ea0c94f6c46273ddada7db753528e6dcdee584ba445c06b570dbdbb5fa4637c5cb236f8e232 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_798B036C05F381321FD6C3F00885C62F
| MD5 | a1ad8a03adc4ff44ed4fd44c1d966232 |
| SHA1 | a9492ec2e7e6a2a28c40dc8d1b0fc2f339b05452 |
| SHA256 | c3eaba4282e1236f7975e61129bb5f3f11f5c77272ee8fb22b0819b6fe8ed6ef |
| SHA512 | 4e3808ad5d65b002b6025b48e068356356ae2a050767331962e576fd35312b88efd7e8a4241dec9f02abc3b4c034ec7c9898c7408369f3073f29bb72f79d9913 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_798B036C05F381321FD6C3F00885C62F
| MD5 | 94d478ad020d9459afce435df9ee839d |
| SHA1 | 113576712b69290694c2e69a5fba88b9c3d75522 |
| SHA256 | 7eb9d2fdf2a0762ada4bacc2e1d825df9eb83e65566ee2ecf4f5eb9c2dfe7e72 |
| SHA512 | 1ed584fb7f43970964216eedf90f116a67cb3f380c00443379256895a1732a4dc6c75d38e5c4dc8e4a15306eb908cd5e1c0809f4fc2ca36c9587359129820887 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756
| MD5 | 2e16ec017e22842d451071c77402f52c |
| SHA1 | b8fd507375c35e5084a80260b4eceb71270670a6 |
| SHA256 | 0c8e7f14d056f6e1ce08e3752c0e0500e27d7317d25104f87e9e84b22f802c6d |
| SHA512 | d088613099503480f7b86f9735eac29f6927efd58d854e7b318edd57843917e18d6c05ebb0cc0d8b3c33493366e9b0012249a59ba407092c5ef7c7f7aa811316 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_D727CFA7BCFAF501CEA426110263B756
| MD5 | 4f55d9e6baf97e7707272b267c4f9a35 |
| SHA1 | 72bd05b15331be78b51b4da51da53c728393fd9a |
| SHA256 | c757983d2ec14eaafd03ec2f7f7e8480602007d77d23bf1986c47371b9e19eff |
| SHA512 | 1b0b3d0136f8435bf9d485b39b0eccfee9bdc8929d092576d509f59a546ffbeb84d77e076d7566e4dd7eb929ad1203433a47e175458916a5b8061efc68ec7330 |