Analysis Overview
SHA256
8c19ca3a8b76d47b29de2776def65388f894c77360ebb159168088ab458a3458
Threat Level: Shows suspicious behavior
The file MEMZ-Destructive.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Writes to the Master Boot Record (MBR)
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious behavior: LoadsDriver
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-11 15:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-11 15:37
Reported
2024-06-11 15:43
Platform
win10-20240404-en
Max time kernel
220s
Max time network
322s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\INF\netrasa.PNF | \??\c:\windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\INF\netsstpa.PNF | \??\c:\windows\system32\svchost.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\SysWOW64\Taskmgr.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5f7b269a15bcda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0d4b957e15bcda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1d572bc415bcda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 90b49a8815bcda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packag = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe"
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3bc
C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| SE | 92.123.135.83:443 | assets.msn.com | tcp |
| SE | 92.123.135.83:443 | assets.msn.com | tcp |
| SE | 92.123.135.83:443 | assets.msn.com | tcp |
| SE | 92.123.135.83:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 83.135.123.92.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | 174.117.168.52.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 43.56.20.217.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 80.14.97.104.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.228:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | www.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
Files
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |
memory/1812-23-0x00000211FEF20000-0x00000211FEF30000-memory.dmp
memory/1812-7-0x00000211FEE20000-0x00000211FEE30000-memory.dmp
memory/1812-42-0x00000211FE080000-0x00000211FE082000-memory.dmp
memory/2344-52-0x0000020E89280000-0x0000020E89380000-memory.dmp
memory/404-59-0x000001AED46A0000-0x000001AED46A2000-memory.dmp
memory/404-61-0x000001AED46C0000-0x000001AED46C2000-memory.dmp
memory/404-67-0x000001AEE5500000-0x000001AEE5502000-memory.dmp
memory/404-71-0x000001AEE5540000-0x000001AEE5542000-memory.dmp
memory/404-69-0x000001AEE5520000-0x000001AEE5522000-memory.dmp
memory/404-63-0x000001AED4C20000-0x000001AED4D20000-memory.dmp
memory/404-56-0x000001AED4670000-0x000001AED4672000-memory.dmp
memory/1812-74-0x0000021185F80000-0x0000021185F81000-memory.dmp
memory/1812-73-0x0000021185F70000-0x0000021185F71000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q8D7OW8Y\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
memory/404-93-0x000001AEE5610000-0x000001AEE56A1000-memory.dmp
memory/4984-115-0x0000021859800000-0x0000021859900000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
memory/404-129-0x000001AEE5610000-0x000001AEE56A1000-memory.dmp
memory/1812-140-0x00000211862E0000-0x00000211862E2000-memory.dmp
memory/1812-143-0x00000211862E0000-0x00000211862E1000-memory.dmp
memory/1812-147-0x00000211FDFE0000-0x00000211FDFE1000-memory.dmp
memory/4984-151-0x0000021869A00000-0x0000021869A91000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
| MD5 | afc0ea80ee5488adf55dfd9d71137b2e |
| SHA1 | dbd0217e67fc82c11cf49f82a08c1e1ab6f82309 |
| SHA256 | bac06d6b0754fe3c541d9ac538de22e0c2f12026751b237c4e0cf0db05f2c68e |
| SHA512 | d24da5c9e3589e84acfa7bf75c042f9c30b02674f794eafccefebfc53d1e337d1c15a79607a987951274ebe1f08ce240276b04a39cb8a6930a9850544f94a5e3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
| MD5 | 615d0f052a26da704cc5f4ce736cbf06 |
| SHA1 | 26152a2625cca167821be70c6fc4f1a4d6b8882d |
| SHA256 | 2fe75883016844c9315691151c8d4876dab9cb8a3744e90398861606ccd6e8da |
| SHA512 | 21c75dc986a5b41239302bd37e47f449289a4471d91ec64d23edc978acf271c46ce461654e6147e4ed3d1ab571cbef219b3a6d019655c830ab70f0294cee26f7 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | 58c1644786fb17461760a2c73f1ff87c |
| SHA1 | fb6d4d15b181552dd034bdf6067532a7527d7204 |
| SHA256 | a0d6416e86558a7494e29678da853e4d590a7334688384c0b61b3d1c19b3f5db |
| SHA512 | 0b4c266a1b2a4d37f9e010e890a03c6a8232b2244a49a11088d1303c8351e99358c70da563b47bf1ad1c97bff3e43bbdca33b804689aa037e7a8caea2e91258a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
| MD5 | b53561676f1323576e6db4f6d2819589 |
| SHA1 | bcbdd0228920b9ba12ad1de5dbf44545365c56ee |
| SHA256 | da3d3fffeca5d32fa8ed627a5a49c14fd2262b9166cba8791931e62d3d6abbd1 |
| SHA512 | 3fc9631e46970cbb7c4ebca67a7992d5caba3849da18782f7cd103e0bd80adf64762d5506264c1e8c94c171d071fa3e8449fe7b7c598e81ccee5121a89b666bf |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{4E7085DB-FFBF-40EF-8FFC-8D615D1E1E77}.dat
| MD5 | 77a42762b6ea84d52657127c16107d02 |
| SHA1 | 735b8422c62775a9efedb0007c3ab059791d1d9b |
| SHA256 | 852b9222fd8544e850cb88a70109664c8a6aa31c3c77d03718010e0f776f72c0 |
| SHA512 | 03fd4d56c5406603062b5deb662057ee8cad870f90d185da0ebf615bfcff226c972f2054162d592ba489c1268f67803ad2197090cbdb77074f8086a52045935c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{88539BCE-0ED6-4414-BBB6-55BB731E4486}.dat
| MD5 | e72f30eb8f2c6e5724ba16207848861e |
| SHA1 | 69a28a59023755d7da97ad373343807278f1bf5a |
| SHA256 | 490a36ffe56c104c705e5bf8c67315512bfdac0d58fd8d27749da728479e8928 |
| SHA512 | 214ea214828d7af69e6c0f06dd545cfaa65a1df87fac7e206aabd0748d568aeb0edcb8567cfb98a689f107f32fda2acf644abfcf10f8b41ab5cb2e062ee433bf |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{4283AADB-8DAF-47A5-B9B5-29A97CCAF370}.dat
| MD5 | 035eb086297d2983e4a4e0681800ef3d |
| SHA1 | db077f38137ac54dc88707b36e799b72fbecc7dc |
| SHA256 | 4ad90f09cecc88caf0afe5b5c95ddcad63300534c90bbfe321776514e2cb8a86 |
| SHA512 | 7eadb4ee47bb1611b8a78d7fb015f48ef946b781bf7b624a0067789d6e336ffbe43709dc87f96a256d720a5ae04ba7cf20014b6131d24ceca0669fae6fb2530b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{0CEBD6B3-AB9E-42B4-B618-382A3BB32F53}.dat
| MD5 | 45571fc1c8bcdd29f2d9ab1e1c3d824d |
| SHA1 | 6dfcbc412523b7c897fa4b1026aa6ea98531d6be |
| SHA256 | a2a5b7afdd3ec37049fdd42555814a3ae51adb46172b30aa698b294dbbb7c60c |
| SHA512 | 5a28d106e6806b94e324440db0c4d7699fd4b20f87e07ee4c0d9c36fcaff49b6fee8c4e21cdad2aca6bad0090829ef6d3d1ad285e588ddb20fcb95199a265455 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R2YS6MYK\api[1].js
| MD5 | 6a6cc2ad49dfce92ee26a4c0763bdbc1 |
| SHA1 | 52eaf8c26612f7707a0b2010df2c799427f260cf |
| SHA256 | 7225ee91bc032b3b900e8c200b3316ce6a8c0fb9d4b4db962d2dc91d0e044fec |
| SHA512 | beed34e45b4b82859d18bca264767b1d1d3f49ca6570c1c724252581e1e6af92e9e2c25613114f9ae13a8d0e44810736fabebddeb3fefb0a776086516532ce83 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\a07fpb4\imagestore.dat
| MD5 | 7d42c854b2e43c07a4cababd0b3ce402 |
| SHA1 | fe1d4bbb7ddd0a410a0ba7266f1388e05dc32f91 |
| SHA256 | ab418ea06992b5c4bcd5f9b8a8e89d508de1216cfe1998cfaa0bfd93bc27e327 |
| SHA512 | 7e40c9581220caeb2aed748a66b34c217cee35c1134dad37dabda50c5e10ba186fcd8f8a4da6668046408499cb8cea1b091650b80f2366495fc4fdbbf7e9e446 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | 837922a3aef2726e8274fd56034fa4a3 |
| SHA1 | d8da55042c6766da2a83374d8f1bcfad9a4b7288 |
| SHA256 | 86dcf75b1bc623705bcb2cbcf5e24d5a67d993660c4153becd0478008ae46f7a |
| SHA512 | 944668386a36856b556804ed7c83cfc930c5c26a180bcb47b8944247ab4190ead7bbf5dadfd0ff8a4cd7a5443ee5f04f0d7c232e1eebf77cfd43765bc113034d |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
| MD5 | aadd802f073f23f34a46d328d186d863 |
| SHA1 | b12d0f6264924de5970a3dcfd56107b94236c1b0 |
| SHA256 | cd33ec39d4d1546fed50af2cbee93f6ccfa17763bee4cc4ce8fb08cc105a3c05 |
| SHA512 | 641cc7739f39f93ad84fb31b2d52191d6f345ea42bd300d70f4e7aa80243bdede7b2a7cc9f6a8bb5727d074602eb4d5ab2f80558d6b06500c6ab3a8bb514fd0e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 36b3fa055ced843bb5f47b56ab921162 |
| SHA1 | acba81abffef7d50090c6798e39ce39ef492f136 |
| SHA256 | 1e7b0ee8708a827bb9de89f2b13960bfb8bfa889c1b13781b6d8f8fa20a0cb84 |
| SHA512 | c760e5b58bb21a531beb2bcb894a3faa9a206d550ce5b6f65c99b6f4fe87c282ddaa209640da1ceed0ffd43cab3e8b4723ed1ec008e0a0069e381e16e7499933 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | b927c7c559e4a51db96c2630a34290f6 |
| SHA1 | 46e47501bea080164f4cc7a611b275d6b5bc89a5 |
| SHA256 | b21114895d50872bba3eaf5e452ef24bdda30d2f232c12ee9b2b167d64a33187 |
| SHA512 | 9166716955422ff0d2c7dc2fc3cce8a5a73aac8486e9e037d950e0f648eb2eb93dc8416635b53da86820b0587552e79f780facc0655a6c5d13beb5298a4a1bc5 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 55d13419ef7e00979888e1f36e85667c |
| SHA1 | 9213fd7f1bfe3399f11d8ce56516c9ecfaef50c3 |
| SHA256 | 99a431ec4372e147cbb89b186806b63791ccac196e7c21362affa2da3dea5883 |
| SHA512 | 4cfbbde7606ea5d8c56ab0a540ef2c4c84d3feabf5b694d41838f00cde9fddac90cac1a2d095f53ca597288a48adbf080f1196fe4c179e5b86be7b6ba4968da5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | 9dd677e0e903b380549326733489bf84 |
| SHA1 | 46c733c9a26ae0819fa48df5680a1be339af0ac7 |
| SHA256 | 1a22843b8b37f03b74b1db8e223fc22070672149b4c6f73fdb2ccd514204a93e |
| SHA512 | 442dd7954613a263ed3b31aee62513a4f889dd9d13dcb08a94fdea57ef13db3de4f904dc3eded9ef72c94496bb814e0a663bcca1528e2f5dccb7107e7eaaa298 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF97BC5DB8B7008798.TMP
| MD5 | a93c62647fb5168bae83c8e99a714882 |
| SHA1 | efcb270fd1d3d7cd1c87922e67ec9fa4f0b0ddb3 |
| SHA256 | 24951bd9472b140de27b0f525feebf57298f8110fade4971503df911675078d5 |
| SHA512 | 141920b8fdeeb2afb7176b5ae4e8749f1a7cba3daf9657f3936c233ff3a3ef125f69784e7c799c89eadd4108c778a659ed9b433101cfd09b8a63fbf0168bd30f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
| MD5 | 2e5ad69bd4dc1fbae8d6a91e3cb2ddef |
| SHA1 | 239f7b0e554517e5c5c9d78e8544f4d2fd6183f4 |
| SHA256 | f4b52162d0a143250c2734559d7d8771c88e899f7a49d5198ed68645ea92c8ca |
| SHA512 | 7fb01766e3357eb63e5ed936629a6cf80304f7f9cb53c7f517df532b5ff5d01ff7607e955733dd6139bdf524424bbc8c71bf246e10bb5477fe9de99c0b63de3f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
| MD5 | 9980e520522d12458c04a22665106dab |
| SHA1 | 88a662729862bf3064625fcd1b24dde397c63041 |
| SHA256 | 41de1c438faafad76d457d2d6bba760884a9c8f70b6a5bc470b8484501099474 |
| SHA512 | 70a2e4da8fb14c901c0927ed0b856ad8f49870f38c0bebb4d48f84e69b5facc11f70ef35c0cb305d8a30f8d9e6fba9ee6a12f563b99b2b4a7948a1f3dea63340 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
| MD5 | 8b3dcfb31bf52f010a4393225c1be59d |
| SHA1 | 6f3c7d1a8768803f7241049fa77d703d6e21d589 |
| SHA256 | c1cda6c89e46e1503b5b4de517d991d882b8f86b10f6d97b75ab573f3c485fe9 |
| SHA512 | b06a9a0c7d68f87ed3e281370a7f344146620cde9ce45f593c0a8a7fc57d015bc06ded8fa4836459c3f6c94015b9b04507cb2124168af71b8e9d13d0fc214f6e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | 7049e6b1608d32dfffab8e1598470be5 |
| SHA1 | 724952837e969611f5b0f5df00ca98b40d108915 |
| SHA256 | a85c8209ed29c4ea7c4c98182596cc3e37606d692aa90852ff15bacd55a96721 |
| SHA512 | ecb64782a93739548cc16f4f0a24b45a60dec196106eff3b9edddd3bcea6adfc19e49d6b04dfc32bfd1cac0845c7db290a48142c654830d02a97efbabe55d2aa |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{145627AC-336F-412D-8AC4-679A50A2AD98}.dat
| MD5 | 017012b7c95aeee330de5807b36a8be9 |
| SHA1 | 08b9973599b49cd7dd6807ccb0b398da2e276bd8 |
| SHA256 | 043f28bf5db892c0f7da5d7beaddaea4c2df762fdfa4ec09a7010a15ad5d33b7 |
| SHA512 | d53d86402cb1dba489dd939b436f273c02811647944bf319053fb82b166b99b705fb13cb0ac04b707e455ba8877425d3d2a8ce04eee2c8c6bc832dba300d94ec |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{28CC570E-59A8-4ADF-982C-080395A977BC}.dat
| MD5 | 93094365c85242bb4fb6910e54d869d3 |
| SHA1 | 7378a4ed0b91bce263db342c4c837d921855e491 |
| SHA256 | a673e2416e8a96de8ae53508652ed5da7fccee63fc8948be8071f7aff71c9b98 |
| SHA512 | 5a328a125f5effa63cf492bf8256956601941e42ecd0134e04d61ce31b50e67cc74d1ca4643c7ee0f82f0fc93944d1146c2ea47a56acbb2b1462ec18d1b136d8 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\a07fpb4\imagestore.dat
| MD5 | 32978ed02132686000d55450e68a601b |
| SHA1 | 7a0e745e6123a06feb2c2cb7c11344dfe7c67fd8 |
| SHA256 | b55ffce1748b77afcd5abd26b7086ca63717190bdc37f9ce1bf855a377df3e26 |
| SHA512 | b66bb5856d4212ea1d51ef29c3e8b2015af0e0a288c0bfc46bb693191ce2fde56d4c3a09ae6b55b7b8fa5081aa4a6c148359ba7b5eb89c828f563bf01df40e5c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Y6SHWJX\recaptcha__en[1].js
| MD5 | ddcffefac58f205ea194e1612e7c22a7 |
| SHA1 | 4db6276eccafc0030490f970824b55dc327bfebd |
| SHA256 | 5f12968474e2995c485a2c256a9819dde04e78b6a13aacadfba935ed7970234a |
| SHA512 | 4b8561f2bbc596382e9c22515354b94df9613844a2c6b6736dd7c1f6c51305e235c58160d8e5b3d6f5fa289dc55f6fd675332e4a13d07fd35282d61e227adc13 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786
| MD5 | cde50ccfbda63e3f99950cea7fa3cdf8 |
| SHA1 | fee49cf15b17db0186aed46421f2e70807ec0495 |
| SHA256 | bdd0f99f88229608ffcba168ffd06ce15985dfd8caec2ce71bb11a3e0b98fa15 |
| SHA512 | ab31cc051e3ea73de39a673dec52e79a78660da486d36d3483ba3fa232a0abc466337899d6fc2f62027bb2370d2a656ab585ed4020b6e514082aa5a2c134a181 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786
| MD5 | b567f9efc2abf3fbd4e25857ca82e03a |
| SHA1 | 59484f3f042d96f4a69b11582f08f6ea4e10a899 |
| SHA256 | ab74b00cac8beb7a2e6f4742d1dff9f50cc5812a3dc2d4632bf21e038cb21bba |
| SHA512 | 538c6ee95421d129927d4def6eb4a812435aac76a8dd50a3046575b81e22eeb928bd4897af47e7cbdc0b6663800656245788ce2b49ff9e70f736200a8869cc9a |
C:\Windows\INF\netrasa.PNF
| MD5 | 80648b43d233468718d717d10187b68d |
| SHA1 | a1736e8f0e408ce705722ce097d1adb24ebffc45 |
| SHA256 | 8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380 |
| SHA512 | eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.pri
| MD5 | b8da5aac926bbaec818b15f56bb5d7f6 |
| SHA1 | 2b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5 |
| SHA256 | 5be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086 |
| SHA512 | c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.pri
| MD5 | 30ec43ce86e297c1ee42df6209f5b18f |
| SHA1 | fe0a5ea6566502081cb23b2f0e91a3ab166aeed6 |
| SHA256 | 8ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4 |
| SHA512 | 19e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | cc8399cbc2094df7c89567ea14bae8c1 |
| SHA1 | c139dc17311689b7eb3b7c748d15a49826cda561 |
| SHA256 | be4d84dcafdba31c19719d741e669278d4c6be9ec6cbdac77f13f227c8932ddb |
| SHA512 | ecd2c9e11ca31201447e955536e62b55a23a93979f03882a5c9729796db8d0770507dd8b1d2c61f10f60005cf3342ffd9a6b1901b9114b195a093a628937781e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
| MD5 | 5de3abe3ba7556a8df0c5a1a664c7275 |
| SHA1 | 8e3667ef79c8cad1682d9add43a24bc0cc273c6b |
| SHA256 | 06d7315b73396ccfa9eb0edaaa7da6b41436672541e84a86b8ca4d0409c907b2 |
| SHA512 | 63da9d4eccf923ba80a27fb0cd12c79d4033e2cd0fdb0a09b66d304c76c50731f8d9d56f19c21a7946afda9e5318f5f1137e74ef6dc46eb8023ddf56b9813c3b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
| MD5 | 5644bd31887b0777dc18e8422b66a7d6 |
| SHA1 | 60fadb943a45e5f3e344b0c5969a79b1b3c54e3a |
| SHA256 | b42462c760b785b2a576100508e4f1e06e9bb04509f66f625a50a8e3a6ecbb98 |
| SHA512 | 67da39d989728041c0cbcb0bc30cbfcc83f37e30e69abe23e45df7d458a886b523567663346f850f2d1266dd2a4d8df185549b037c2dcbc340d476997c0c982b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
| MD5 | 871eabc5eda4eba04b3101c6179a8785 |
| SHA1 | 1bb31cb9369ff566a34d0fcd85bba57d1e92c3d8 |
| SHA256 | 90fc329c1d3bd3513c80516cab0a628d8d9de47c5d9b8b2dd28a7ed4cee9e638 |
| SHA512 | 34feba7f2e6b2dbe9424df40898422c8209df283ac61cf25e06495d378068028087451dbdd2cb38701e563cde1470eeb219aba6043d9e6bcdb8e33863385be8c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{C1BEC32D-DBD0-4ECE-AFB5-6B490CD7F8EB}.dat
| MD5 | 5fcb944cf0f81b7ca0feb13187d8afd5 |
| SHA1 | 0a60077cad20884956a4b3093cbbcd938c39f39b |
| SHA256 | 04f64705017d2414822348aa53830ac3b5d750bd40a7361f6800e5576c3d8d96 |
| SHA512 | d7e1df7f265ff3ffc630474a388790a7a3ae8ae0a5cf2d018006c797e79a22f4a1cc8005c026aa738c78b3fda4a0fb48cf8f019dd9a3b30575fa2530f0001855 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{83A2D468-5C1F-4257-A68E-8FFD6CF6FE9D}.dat
| MD5 | d4b1b6173fe8be1abfc076d8f57a45c5 |
| SHA1 | 9f19ed213b410c45293d8dc67cf7dd2e5b5351e7 |
| SHA256 | 3b25befe556efd33c4b9b1570fe5d98c132ce787eb16f02ed09cb8d7da98757f |
| SHA512 | d117c97733ba8330469628a29bff642d16b8f2181f2ceb36d6c7194fb661903434b8814f55e5049b28ed9b068df2df5e5c0219608cdce6f991901e3925657b0e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\a07fpb4\imagestore.dat
| MD5 | 54b34cb82f6213503ad0fa3c9b079f98 |
| SHA1 | 163700f3d9ccca69632565612697c06df21b61e3 |
| SHA256 | cfbbbda21cfc772739970ed5ce128e34ec7141695da2ff4defac77dbe025bc32 |
| SHA512 | c77a6bb65d9df0557fa6cc4d86d32737bd817cc6ce6aa4b664c7ee986e3a9c7595c06ebfeab54685034da8e6591b09461b1fc940e906c3fd913358555880789d |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
| MD5 | 55a5567422d48db42a0554316a87bee1 |
| SHA1 | a1c259ffd5a822616088181640ae3a5b64ef9c69 |
| SHA256 | 7e660f30a538de301d508738847b36f7954af6aab9857b7067b8979975d60586 |
| SHA512 | bf226fd9fb0591def2470400dd4c746c43fb03ec1054a285b05d5bee359ab2e34ebf095e5c5f3651f9e93b6938a190ef7b6527a1e54840492590f9da98310140 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
| MD5 | c9e111dce97fdc0245cfce7c63000a0b |
| SHA1 | 2949bac6fde5e67057c37265b538e388fbc79a20 |
| SHA256 | 58d85c29c07effb2c71180544e0e3bb3f896b8fb6f6f7aacb746a83686fa2f81 |
| SHA512 | 44d8ee73e96bdd927682708a59ce8da4e79d2bc365f68c9c471d96b9a9a50419e88f25009f0d9b8059a84ef77780cf676128e064b46255202af0a38cb64b9780 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | f18de85982d539d358fe1ccf3174155f |
| SHA1 | d58c265bd724c9de0e9e23d7e798ccf2e75fe2dd |
| SHA256 | f35131e2c85595f60f3cb14facc0eb5837db721e8eb2ade8b80d517a4ae1ba44 |
| SHA512 | 2cc5b302a4189bfed08fed5a0970cbdebbadc0db9edb232e84af792aaee3a751247a280ae7efaa45270ab3c5aadee29562deee6056977decda98cb2533038eb0 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
| MD5 | c26c5c57c1b9ee7570a32e1dc8d09838 |
| SHA1 | 16e99a39e6827ec41925e01e5139a68ddc1a5b84 |
| SHA256 | 378b61218c73c1e6525f986d1de2e777729709724178e49c31780b8e8c88b821 |
| SHA512 | 6d862ba6c9815c000d4dcc4ad7cbb36f0f389f9d1849e68a3b8738761e93e9998c9a49d3c14947c7e8df7a56c4f115ac53c8541f466e9a7613b732ed73bbb98e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{AC8BF516-45FA-462B-844A-7EF90920A038}.dat
| MD5 | dc9ad70f9da1f52fb971e3331e6bb4b8 |
| SHA1 | ffe44f864fb162f74f68ef32c3ee3a49533b7ba2 |
| SHA256 | 8fdbb8e7e68f055f371acfde8d989e46725de4fedfd8dac4b508fd29172d1263 |
| SHA512 | a144ec119f45e60315a596b20407bd2b74df880bfbd1cfcdee1cfb69bad2c436d2cdd363a22d093aaf06273fde170c1bd3d1a541e2ede9efad2527b123c98fda |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{3D9FEF3F-6490-49D2-8AB1-31D1CA8633C9}.dat
| MD5 | e193c707df31be655961509f0350389c |
| SHA1 | d67b6d6c53f8a01233ba8cbe58cbee15c4ae68e0 |
| SHA256 | fda07f628c6c5e6b7d70eeec67629f540b63449e14efa462f5b99cdd9affa2bc |
| SHA512 | 0e62c0392d0422025cc90d5ce7c05bdf87b52f6cc8e4d105934f2547ac4b700439fded9ef9adaea705b924463bfcf083fbe0f303bd11856a1984884a6d773149 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\a07fpb4\imagestore.dat
| MD5 | c29cb33b54f8aaa7837e1be01fe33f04 |
| SHA1 | 0f6a625ef178c2b5e13f690fce6cf93e55da786f |
| SHA256 | 99937f119887ae4e26baf1b60a38273df43642f691d17972aac237ca8f81a930 |
| SHA512 | 7b9c3bb26e3cea7b3bee7a31dc160c74a1feb5d25fc398be1ec6fe10d8aba188587ca5a63e987cafa7331d3b9f79b86ce5eb85aa374ad60b2ac032af08aecef2 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
| MD5 | 92e80c86f12cb23cc080f035aca48846 |
| SHA1 | d84cd7876488aa718df5da9e702f906b8c8c9b44 |
| SHA256 | bb77ad8b4314d110ac6354af720acaba296948dd1a8144082891fb7ad76ad9af |
| SHA512 | 7064d1bc26ea9b9e7f447a2ee9c2b4bcef3ee678d1241f1234fe7e40098f2900a38fe54778514f61f004f0575cdb4c1bf3b99cd89e5832d5ae96f03657cd9dc1 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
| MD5 | 78577d5c072fe285ec746795cd6703c9 |
| SHA1 | b4ad3f6bd3ef9443421fc535d63b4b0b81cf810c |
| SHA256 | cc588d26012a834ffc14c1e4512eeb11b32d3c3b8561b95004966ccef705b8c4 |
| SHA512 | 8d4b65025a06768185c005348660808212304f18a7eff7e6c749dadc8d5c121aef4ee85788de6c6804277bc32d18df851d8cfb778e6e12486bdca3592b0b4920 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
| MD5 | 287ab67315a4234cf3fe5a34b13c75a2 |
| SHA1 | 4041e376c1ca4e54ecc072a3e6aaf0fc65ebe1b9 |
| SHA256 | 04de9809e91c84b6b5dd9a0432f1ea51dfb4e7ec0d61fbcdaa164d36ab019b42 |
| SHA512 | bd5381f7a31ab433190b025da4741751ad9b0dd303f036d22b3b07754f4aa404762d20a98f8b1c327f0741f4eed61e0d5137b59a581ea31c760a21d05d85d989 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
| MD5 | e6472d4f059d42958db6bc0256f65d24 |
| SHA1 | b3386a9eb056e4cf84e012ad787927347f56a2b4 |
| SHA256 | 93034fb7e1a7c26ad03cba33cfa8ef2942713e9ad5a8dfa9dda64cf9b100b7e0 |
| SHA512 | 722ac94d3ee8689a94c3156abca2d66cbeb1e292a8c75ebeea23f251f57fa7ab6b73b609450ac298619421c4d615d757ff01ac1a42278af3bbc46d0e81213ddb |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{3A82738E-1288-428D-A8BB-09C433E0400A}.dat
| MD5 | c224b3a9d1c698d4ced944413f29890f |
| SHA1 | e67f085b47a505abea898af0309a6620b8fa4a6d |
| SHA256 | 3617d1abe224999ce1776bd37e95c8e775a21397a661164e631d223d8903e337 |
| SHA512 | a74f77b393f107d29eb6733f577f38438bc40ccb002b94016ffce05eb1b298acf57524b80d601f55787b083f2e0ececdab1e71c6ba3ec745e527ad25c321d4cf |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{C35E4B3C-6A26-49B1-B2B0-8826CC10C2B2}.dat
| MD5 | 4a465e6b0ae0cf0a58381257b564e6aa |
| SHA1 | 1adb1a5f1e19c130a1177b7df7c13f70ff486c48 |
| SHA256 | 76a6d3769f68df3bd148c903d7da0bdea225d51d9b0181f64f2a3a7539c66767 |
| SHA512 | adaf98a7776b2a9f127636a04c56aa85f2ce3018c19d439201a1ddca66af96aa7a091b6af01340856e5fe5fab5434fb5f03a210f9ffd4a1d5889f25bec32c699 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\a07fpb4\imagestore.dat
| MD5 | 61ad21c8b7f4fc4eea5078b3bfea98c6 |
| SHA1 | df14451dbcee79c98253015dea0d8218171ff918 |
| SHA256 | fa2c12d0aa0feb190695c83b6273d0ead37093803986375b0612039e2d0ff283 |
| SHA512 | 73f15e426cf781a3fe6e7c3946c5481be8cfb6a3019cd617b35a94483d63b16c645362c78d70d3ec1fcd441c5387a26988f37a077dd575a65842f3cdf4ae6d55 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IY3ZUSF4\styles__ltr[1].css
| MD5 | 5208f5e6c617977a89cf80522b53a899 |
| SHA1 | 6869036a2ed590aaeeeeab433be01967549a44d0 |
| SHA256 | 487d9c5def62bc08f6c5d65273f9aaece71f070134169a6a6bc365055be5a92d |
| SHA512 | bdd95d8b4c260959c1010a724f8251b88ed62f4eb4f435bde7f85923c67f20fe9c038257bb59a5bb6107abdf0d053f75761211870ca537e1a28d73093f07198b |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Y6SHWJX\KFOmCnqEu92Fr1Mu7mxKOzY[1].woff2
| MD5 | 57993e705ff6f15e722f5f90de8836f8 |
| SHA1 | 3fecc33bac640b63272c9a8dffd3df12f996730b |
| SHA256 | 836f58544471e0fb0699cb9ddd0fd0138877733a98b4e029fca1c996d4fb038d |
| SHA512 | 31f92fb495a1a20ab5131493ab8a74449aabf5221e2901915f2cc917a0878bb5a3cbc29ab12324ffe2f0bc7562a142158268c3f07c7dca3e02a22a9ade41721e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Y6SHWJX\KFOmCnqEu92Fr1Mu5mxKOzY[1].woff2
| MD5 | efe937997e08e15b056a3643e2734636 |
| SHA1 | d02decbf472a0928b054cc8e4b13684539a913db |
| SHA256 | 53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361 |
| SHA512 | 721c903e06f00840140ed5eec06329221a2731efc483e025043675b1f070b03a544f8eb153b63cd981494379a9e975f014b57c286596b6f988cee1aaf04a8c65 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVS0P5KA\KFOmCnqEu92Fr1Mu7WxKOzY[1].woff2
| MD5 | a835084624425dacc5e188c6973c1594 |
| SHA1 | 1bef196929bffcabdc834c0deefda104eb7a3318 |
| SHA256 | 0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740 |
| SHA512 | 38f2764c76a545349e8096d4608000d9412c87cc0cb659cf0cf7d15a82333dd339025a4353b9bd8590014502abceb32ca712108a522ca60cbf1940d4e4f6b98a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Y6SHWJX\KFOmCnqEu92Fr1Mu4mxK[1].woff2
| MD5 | 5d4aeb4e5f5ef754e307d7ffaef688bd |
| SHA1 | 06db651cdf354c64a7383ea9c77024ef4fb4cef8 |
| SHA256 | 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc |
| SHA512 | 7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Y6SHWJX\KFOlCnqEu92Fr1MmEU9fABc4EsA[1].woff2
| MD5 | df648143c248d3fe9ef881866e5dea56 |
| SHA1 | 770cae7a298ecfe5cf5db8fe68205cdf9d535a47 |
| SHA256 | 6a3f2c2a5db6e4710e44df0db3caec5eb817e53989374e9eac68057d64b7f6d2 |
| SHA512 | 6ff33a884f4233e092ee11e2ad7ef34d36fb2b61418b18214c28aa8b9bf5b13ceccfa531e7039b4b7585d143ee2460563e3052364a7dc8d70b07b72ec37b0b66 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R2YS6MYK\KFOlCnqEu92Fr1MmEU9fBxc4EsA[1].woff2
| MD5 | 207d2af0a0d9716e1f61cadf347accc5 |
| SHA1 | 0f64b5a6cc91c575cb77289e6386d8f872a594ca |
| SHA256 | 416d72c8cee51c1d6c6a1cab525b2e3b4144f2f457026669ddad34b70dabd485 |
| SHA512 | da8b03ee3029126b0c7c001d7ef2a7ff8e6078b2df2ec38973864a9c0fd8deb5ecef021c12a56a24a3fd84f38f4d14ea995df127dc34f0b7eec8e6e3fc8d1bbd |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IY3ZUSF4\KFOlCnqEu92Fr1MmEU9fCBc4EsA[1].woff2
| MD5 | 52e881a8e8286f6b6a0f98d5f675bb93 |
| SHA1 | 9c9c4bc1444500b298dfea00d7d2de9ab459a1ad |
| SHA256 | 5e5321bb08de884e4ad6585b8233a7477fa590c012e303ea6f0af616a6e93ffb |
| SHA512 | 45c07a5e511948c328f327e2ef4c3787ac0173c72c51a7e43e3efd3e47dd332539af15f3972ef1cc023972940f839fffe151aefaa04f499ae1faceaab6f1014f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R2YS6MYK\KFOlCnqEu92Fr1MmEU9fCRc4EsA[1].woff2
| MD5 | 79c7e3f902d990d3b5e74e43feb5f623 |
| SHA1 | 44aae0f53f6fc0f1730acbfdf4159684911b8626 |
| SHA256 | 2236e56f735d25696957657f099459d73303b9501cc39bbd059c20849c5bedff |
| SHA512 | 3a25882c7f3f90a7aa89ecab74a4be2fddfb304f65627b590340be44807c5c5e3826df63808c7cd06daa3420a94090249321a1e035b1cd223a15010c510518df |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVS0P5KA\KFOmCnqEu92Fr1Mu7GxKOzY[1].woff2
| MD5 | 15d8ede0a816bc7a9838207747c6620c |
| SHA1 | f6e2e75f1277c66e282553ae6a22661e51f472b8 |
| SHA256 | dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d |
| SHA512 | 39c75f8e0939275a69f8d30e7f91d7ca06af19240567fb50e441a0d2594b73b6a390d11033afb63d68c86c89f4e4bf39b3aca131b30f640d21101dc414e42c97 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R2YS6MYK\KFOmCnqEu92Fr1Mu4WxKOzY[1].woff2
| MD5 | 7aa7eb76a9f66f0223c8197752bb6bc5 |
| SHA1 | ac56d5def920433c7850ddbbdd99d218d25afd2b |
| SHA256 | 9ca415df2c57b1f26947351c66ccfaf99d2f8f01b4b8de019a3ae6f3a9c780c7 |
| SHA512 | e9a513741cb90305fbe08cfd9f7416f192291c261a7843876293e04a874ab9b914c3a4d2ed771a9d6484df1c365308c9e4c35cd978b183acf5de6b96ac14480d |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVS0P5KA\KFOmCnqEu92Fr1Mu72xKOzY[1].woff2
| MD5 | e3836d1191745d29137bfe16e4e4a2c2 |
| SHA1 | 4dc8845d97df9cb627d9e6fdd49be1ef9eb9a69c |
| SHA256 | 98eec6c6fa4dcd4825e48eff334451979afc23cd085aea2d45b04dc1259079dd |
| SHA512 | 9e9ec420cf75bf47a21e59a822e01dc89dcf97eec3cc117c54ce51923c9a6f2c462355db1bc20cdf665ef4a5b40ffcfa9c8cee05bb5e112c380038bfef29c397 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q7BUKSPQ\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |