Malware Analysis Report

2024-11-13 19:10

Sample ID 231111-17m6hsce75
Target bcfd682524b454946fa45b49d035c67e2dda3b84db3f3bed0fb40c2b81934a4e
SHA256 bcfd682524b454946fa45b49d035c67e2dda3b84db3f3bed0fb40c2b81934a4e
Tags
glupteba mystic redline smokeloader stealc zgrat taiga up3 backdoor google dropper evasion infostealer loader persistence phishing rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

bcfd682524b454946fa45b49d035c67e2dda3b84db3f3bed0fb40c2b81934a4e

Threat Level: Known bad

The file bcfd682524b454946fa45b49d035c67e2dda3b84db3f3bed0fb40c2b81934a4e was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline smokeloader stealc zgrat taiga up3 backdoor google dropper evasion infostealer loader persistence phishing rat stealer trojan

Detected google phishing page

Glupteba payload

Detect ZGRat V1

Detect Mystic stealer payload

SmokeLoader

RedLine payload

ZGRat

Mystic

RedLine

Stealc

Glupteba

Modifies Windows Firewall

Downloads MZ/PE file

Stops running service(s)

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Launches sc.exe

Drops file in Windows directory

Program crash

Unsigned PE

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Delays execution with timeout.exe

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 22:17

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 22:17

Reported

2023-11-11 22:20

Platform

win10-20231020-en

Max time kernel

5s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\bcfd682524b454946fa45b49d035c67e2dda3b84db3f3bed0fb40c2b81934a4e.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

Detected google phishing page

phishing google

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

Stealc

stealer stealc

ZGRat

rat zgrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1LG48rW3.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\bcfd682524b454946fa45b49d035c67e2dda3b84db3f3bed0fb40c2b81934a4e.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MC4OZ90.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2120 set thread context of 3756 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ye40Pv.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ye40Pv.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ye40Pv.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{2088B619-7F05-4370-A066-A599EB4CD69C} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2508097367-364665605-1201309312-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 212ca0e4ec14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ye40Pv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ye40Pv.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4732 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\bcfd682524b454946fa45b49d035c67e2dda3b84db3f3bed0fb40c2b81934a4e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MC4OZ90.exe
PID 4732 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\bcfd682524b454946fa45b49d035c67e2dda3b84db3f3bed0fb40c2b81934a4e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MC4OZ90.exe
PID 4732 wrote to memory of 1396 N/A C:\Users\Admin\AppData\Local\Temp\bcfd682524b454946fa45b49d035c67e2dda3b84db3f3bed0fb40c2b81934a4e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MC4OZ90.exe
PID 1396 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MC4OZ90.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe
PID 1396 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MC4OZ90.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe
PID 1396 wrote to memory of 2752 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MC4OZ90.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe
PID 2752 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe
PID 2752 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe
PID 2752 wrote to memory of 4444 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe
PID 4444 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1LG48rW3.exe
PID 4444 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1LG48rW3.exe
PID 4444 wrote to memory of 2472 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1LG48rW3.exe
PID 4444 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe
PID 4444 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe
PID 4444 wrote to memory of 2120 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe
PID 2120 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2120 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2120 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2120 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2120 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2120 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2120 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2120 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2120 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2120 wrote to memory of 3756 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2752 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ye40Pv.exe
PID 2752 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ye40Pv.exe
PID 2752 wrote to memory of 1384 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ye40Pv.exe

Processes

C:\Users\Admin\AppData\Local\Temp\bcfd682524b454946fa45b49d035c67e2dda3b84db3f3bed0fb40c2b81934a4e.exe

"C:\Users\Admin\AppData\Local\Temp\bcfd682524b454946fa45b49d035c67e2dda3b84db3f3bed0fb40c2b81934a4e.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MC4OZ90.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MC4OZ90.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1LG48rW3.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1LG48rW3.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ye40Pv.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ye40Pv.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 568

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8co316xk.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8co316xk.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9uA1Jg5.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9uA1Jg5.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\E078.exe

C:\Users\Admin\AppData\Local\Temp\E078.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\835.exe

C:\Users\Admin\AppData\Local\Temp\835.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\C4D.exe

C:\Users\Admin\AppData\Local\Temp\C4D.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\forc.exe

"C:\Users\Admin\AppData\Local\Temp\forc.exe"

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\C4D.exe

C:\Users\Admin\AppData\Local\Temp\C4D.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\AppData\Local\Temp\forc.exe" & del "C:\ProgramData\*.dll"" & exit

C:\Windows\SysWOW64\timeout.exe

timeout /t 5

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\8110.exe

C:\Users\Admin\AppData\Local\Temp\8110.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\F43E.exe

C:\Users\Admin\AppData\Local\Temp\F43E.exe

C:\Users\Admin\AppData\Local\Temp\F74C.exe

C:\Users\Admin\AppData\Local\Temp\F74C.exe

C:\Users\Admin\AppData\Local\Temp\F98F.exe

C:\Users\Admin\AppData\Local\Temp\F98F.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 756

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Users\Admin\AppData\Roaming\isttdsw

C:\Users\Admin\AppData\Roaming\isttdsw

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 136.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 8.8.8.8:53 facebook.com udp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 157.240.5.35:443 facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 fbsbx.com udp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 107.23.147.12:443 www.epicgames.com tcp
US 107.23.147.12:443 www.epicgames.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 12.147.23.107.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 136.128.125.74.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 174.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 8.8.8.8:53 212.143.182.52.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 18.239.62.218:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 218.62.239.18.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
US 172.67.209.38:80 killredls.pw tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 214.168.217.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 t.paypal.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 c.paypal.com udp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 8.8.8.8:53 www.recaptcha.net udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
NL 142.250.179.163:443 www.recaptcha.net tcp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 151.101.1.35:443 c6.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.219.90:443 newassets.hcaptcha.com tcp
US 104.19.219.90:443 newassets.hcaptcha.com tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.19.218.90:443 api.hcaptcha.com tcp
US 104.19.218.90:443 api.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.182.143.212:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
NL 194.169.175.118:80 194.169.175.118 tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 194.49.94.80:42359 tcp
US 8.8.8.8:53 80.94.49.194.in-addr.arpa udp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
FI 77.91.68.247:80 tcp
FI 77.91.68.247:80 77.91.68.247 tcp
US 8.8.8.8:53 247.68.91.77.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 11.73.50.20.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 41.18.21.104.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
RU 5.42.92.51:19057 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
US 104.21.18.41:80 bluepablo.fun tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 194.49.94.72:80 194.49.94.72 tcp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
US 8.8.8.8:53 72.94.49.194.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 194.49.94.11:80 194.49.94.11 tcp
US 8.8.8.8:53 11.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 api.ip.sb udp
US 104.26.13.31:443 api.ip.sb tcp
US 8.8.8.8:53 31.13.26.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MC4OZ90.exe

MD5 6eb4bbc4f4b5fe51235d9d3966c354a6
SHA1 44366e427062abcbe61e0588ab06016f3d252d67
SHA256 72bc095ea4b964ddcc30f291810f9b8f158350d2a217d10b5a62193bb74b9d6c
SHA512 04b2a067eda7dcd4c8d5adcc396f7151ee89fe6cef3a9de0513ae4a455ca088a3eccdfda3a7ddd5c1e03b6bb237f5560632a0151fcaf2694824b2a990b1a90fe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\MC4OZ90.exe

MD5 6eb4bbc4f4b5fe51235d9d3966c354a6
SHA1 44366e427062abcbe61e0588ab06016f3d252d67
SHA256 72bc095ea4b964ddcc30f291810f9b8f158350d2a217d10b5a62193bb74b9d6c
SHA512 04b2a067eda7dcd4c8d5adcc396f7151ee89fe6cef3a9de0513ae4a455ca088a3eccdfda3a7ddd5c1e03b6bb237f5560632a0151fcaf2694824b2a990b1a90fe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe

MD5 577c31dc203def1eb1d52377675a28ee
SHA1 a6a2a4c1e4ddf685f59b326cd3ba70ec4359f804
SHA256 02f3737a9d54b00654667344f27b7bc87a072acd191f29ce7e381384c8d1004e
SHA512 f6788e30d3b239286cafc17c6650806e71f6c2902c5fc4cee1a0d56d4fe51fe19b2ce3df71be141925310339648f59c2b4d2c6d2543548e2c517ee8fce0a9a72

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lM5uX08.exe

MD5 577c31dc203def1eb1d52377675a28ee
SHA1 a6a2a4c1e4ddf685f59b326cd3ba70ec4359f804
SHA256 02f3737a9d54b00654667344f27b7bc87a072acd191f29ce7e381384c8d1004e
SHA512 f6788e30d3b239286cafc17c6650806e71f6c2902c5fc4cee1a0d56d4fe51fe19b2ce3df71be141925310339648f59c2b4d2c6d2543548e2c517ee8fce0a9a72

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe

MD5 317dd9af21472943566415d0a369b288
SHA1 2ed718f4d6c11d90c071a4b01a65c6bc4070fe4d
SHA256 8ef147415203fabbccfa3f175d4063a143bded280e461f4fa789a14a7222d98a
SHA512 219d2f8874af6d267b5097c0ad83ca1e91d4d21108089608c955f209a177f5560c077593a59c55e7706d45c2b945325743486081d10d998d903c5baa60da9805

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Px2jA96.exe

MD5 317dd9af21472943566415d0a369b288
SHA1 2ed718f4d6c11d90c071a4b01a65c6bc4070fe4d
SHA256 8ef147415203fabbccfa3f175d4063a143bded280e461f4fa789a14a7222d98a
SHA512 219d2f8874af6d267b5097c0ad83ca1e91d4d21108089608c955f209a177f5560c077593a59c55e7706d45c2b945325743486081d10d998d903c5baa60da9805

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1LG48rW3.exe

MD5 3c1f7c565c48b25446820109d0285e8c
SHA1 f9956300467ff1f63f6852df1588b0620d652a3e
SHA256 543ffaedaf4623da3fa407e6cc1c795a4a82f0fef47e207ada67d79dc4ba1f66
SHA512 b2e7f9a6f19640171209ed32086c8fadfe9ee7a013106593e1f6f679b42e5b66522013d0497da6f8cd3b540a59b790b0226610a0811b601e5fc5c6a67fe5204c

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1LG48rW3.exe

MD5 3c1f7c565c48b25446820109d0285e8c
SHA1 f9956300467ff1f63f6852df1588b0620d652a3e
SHA256 543ffaedaf4623da3fa407e6cc1c795a4a82f0fef47e207ada67d79dc4ba1f66
SHA512 b2e7f9a6f19640171209ed32086c8fadfe9ee7a013106593e1f6f679b42e5b66522013d0497da6f8cd3b540a59b790b0226610a0811b601e5fc5c6a67fe5204c

memory/2240-28-0x0000012A56320000-0x0000012A56330000-memory.dmp

memory/2240-44-0x0000012A56C00000-0x0000012A56C10000-memory.dmp

memory/2240-63-0x0000012A56620000-0x0000012A56622000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe

MD5 3da0f61768ff4502aa1c9a76c21c54c0
SHA1 ab25b5ee8d2bb659d3ced84bab79c0da67dc5435
SHA256 377091c3622ff6f7f5aa790b4ec6c65cc38cf3f4e17b58c22343e86d470826c9
SHA512 1a94dcdb84a3e9bf8a6987b39f7b6936a99c867b7f134e3f61fa1f5df0a88ebb0e1ddb95b052b2a22bdd70f5e66880f35cfab3d0f43a84deece55dbbe5b21503

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2XD4607.exe

MD5 3da0f61768ff4502aa1c9a76c21c54c0
SHA1 ab25b5ee8d2bb659d3ced84bab79c0da67dc5435
SHA256 377091c3622ff6f7f5aa790b4ec6c65cc38cf3f4e17b58c22343e86d470826c9
SHA512 1a94dcdb84a3e9bf8a6987b39f7b6936a99c867b7f134e3f61fa1f5df0a88ebb0e1ddb95b052b2a22bdd70f5e66880f35cfab3d0f43a84deece55dbbe5b21503

memory/3756-74-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3756-77-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3756-78-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3756-80-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ye40Pv.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

memory/1384-84-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ye40Pv.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 202c6d08618821679870b09397b327d4
SHA1 95825d16b996f7ecd314ac66d68a7e166eb79b1e
SHA256 6cf0733f28bcebd3e25d33cc117773633a70241665ef8774fa42201161091bb9
SHA512 2eec22005e9d9fd31374ee153b4adb3b47cdac1c08fae3a28b127fbcb2060b708392fa4e9326a80126c3633392dcd6f048d067787d6e2d792d08a3c745c01318

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 0a64101cc5fd37de5bbfbe0d67ba35e5
SHA1 d7f1858d38a06a6825846174c45161b897493363
SHA256 eb419ef05bc229bc4001928033a819f2cf544c69c7ce7a2396dbbc72291f484a
SHA512 e078f1077962de535e9733a58d0d7131f531e4c7b33c7fca7203f7fbb156edfe6528725182c183060a44dc048156441baa5e245a61b8e204395b00b504ed669a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a0d7db113721514e3083cd8f526a96ad
SHA1 243171fdc2e43a6abb9f937d52103a1f4bac98b4
SHA256 aa9e0ee653d26fd765c388b717ad20450d067542c7b1125edbd78667851d324e
SHA512 76190e4895a2dda0ed23ecba3d0e9122f82e1e823715488f4576203aeac456534ca4a8722d8bac5470039e83d89a4e9e0c741ad8519ef17efb1fa436329113a3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 93549dd8c77beca03877472b790dab61
SHA1 d8dd85d34097830fa1a409fb2f07bb68d0204e78
SHA256 92355a51e5488987ff4afb9e6e62baab0404000871e7d83d25cff8a8155af31a
SHA512 c0fc25e09c6100f131d3f91274777db1fb51597d745309380b691a7f5e4a00744f772c6276605629cf70b8d6fc4f6d81175f2fa133dbe56dc9f2cab924070ab2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 df26803bd741cd8337ebbee4c99100c7
SHA1 0c773c5482f47ed25356739cfae0e0d1f1655d73
SHA256 fd20571a9005f781b6452d345b8ea3e90c9cc88156795a3521cc16fae542355e
SHA512 6648aa7a8c307467e3174b50928aa19aa133f42a87b6332ef02aad85fe1b48b848145daba50ef220eb075699268547eb7a731874cdb197d89cd229f4cc962886

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JVSJJ9CU.cookie

MD5 8d743b2fbe63072c54cd86a0682d318c
SHA1 a721359bfe156d0f4e40491dc10fb90681feada9
SHA256 f815dd7749001b246c35260f4d5c3ef0916cc47fcbfd202e0aa58f8c86845dac
SHA512 cd66958f9909701a16c6fd48621d5a588c122b6a1792d14ec9ff34aad007b9d54ddcaf69015da244a7309a332a58b8a74a010c6cf945153aa772965f9b832dc3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CJTRT8IY.cookie

MD5 91a9014470c1d08aa1041b35eba11712
SHA1 5acfe0d231c7e09a6d752c5c56543ada8437eb7e
SHA256 6b3816c09c4643266eac2a829c0cf2ec4c289c573a0de89b094351db92da9c52
SHA512 59619c60c8ce297d4d14d62e87543235bae2afc5dbb6fc217967ed678312d3e05b760484eef3d95c962c182e30cd19667836c2b2c858914ee41fac9c25abe8ca

memory/764-144-0x00000273575A0000-0x00000273575C0000-memory.dmp

memory/1296-284-0x00000238C09E0000-0x00000238C0A00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 0a56788ced5522021b59aeae52913cbc
SHA1 f6d80b42488301a950567dd934eb8b3aee20fb58
SHA256 9d252758b8f01ce1dd8da872c8180475f483b8b32e0b7d3206b7fc2fc197e26b
SHA512 67d41311945035c0936dec9ca2a5c8e5d84673dae75e2092025947d4d85e5d904143beb8f3a0576313bab30e439469bcf76c16d87109d832356a2983a83c922c

memory/3540-337-0x00000168C8040000-0x00000168C8042000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 11ba0db3410080c9b54ccfd81adafe8e
SHA1 1f1b2376d655f7839bb556ba0a2fed4f609debc6
SHA256 de12b842f78161afac0e12ab19fca1a99e6e44a9b2b2abb42c2c98e0c7edd213
SHA512 cb29203cffce20bb71b3268bcc404a3ba6dc3c3fcbf40f3b4591bb993dec099373ca8818e78cc4b29795f3d451a0560bfb1b704855dbd9601ab5bf383494f663

memory/3540-344-0x00000168C8340000-0x00000168C8342000-memory.dmp

memory/3540-346-0x00000168C8360000-0x00000168C8362000-memory.dmp

memory/3540-348-0x00000168C8380000-0x00000168C8382000-memory.dmp

memory/3540-350-0x00000168C8440000-0x00000168C8442000-memory.dmp

memory/3540-353-0x00000168C8460000-0x00000168C8462000-memory.dmp

memory/3344-356-0x00000000022D0000-0x00000000022E6000-memory.dmp

memory/1384-357-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8co316xk.exe

MD5 bf0c80722f01ea3bdaf8e5f5fc2d90ff
SHA1 c1d6af02b1a6e3a93ada99bb3932b627547929ac
SHA256 3e5781f31a5d91becac193cbfc08b926060a85391f1021ef5d35387b860b1e50
SHA512 5a508f821b256cb15901363a4092c141e841b9e9e8d2be02d10b562f0e2b93e62aaa3f5deb3c203472ae101257d09f42564a9a266b840efc55cb32dffbcf41b1

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8co316xk.exe

MD5 bf0c80722f01ea3bdaf8e5f5fc2d90ff
SHA1 c1d6af02b1a6e3a93ada99bb3932b627547929ac
SHA256 3e5781f31a5d91becac193cbfc08b926060a85391f1021ef5d35387b860b1e50
SHA512 5a508f821b256cb15901363a4092c141e841b9e9e8d2be02d10b562f0e2b93e62aaa3f5deb3c203472ae101257d09f42564a9a266b840efc55cb32dffbcf41b1

memory/5456-371-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9uA1Jg5.exe

MD5 1b6781d3909f522d548cd9d491b87c78
SHA1 eef4eb3a72dc195ead90914e0246b96382e86459
SHA256 e39f42970081aaeb28f1314685e1df85d71e472f4e98c713230fc8f3eb91ce36
SHA512 58801d7ba86f8647e7a49e84db427e357ddc4c57389248193cb8cbe69c0c760c0d2f60f659881ac783050396b74fd95d576a1368da328dbf4b14b8463b05d2ec

memory/5456-381-0x0000000072E60000-0x000000007354E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9uA1Jg5.exe

MD5 1b6781d3909f522d548cd9d491b87c78
SHA1 eef4eb3a72dc195ead90914e0246b96382e86459
SHA256 e39f42970081aaeb28f1314685e1df85d71e472f4e98c713230fc8f3eb91ce36
SHA512 58801d7ba86f8647e7a49e84db427e357ddc4c57389248193cb8cbe69c0c760c0d2f60f659881ac783050396b74fd95d576a1368da328dbf4b14b8463b05d2ec

memory/5940-397-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5940-393-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5456-400-0x000000000B540000-0x000000000B5D2000-memory.dmp

memory/5940-398-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5940-402-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5456-394-0x000000000B990000-0x000000000BE8E000-memory.dmp

memory/5456-438-0x000000000B5F0000-0x000000000B5FA000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\39X5OKWY.cookie

MD5 d99e3b598a95e66f2df4a8657ae27af1
SHA1 0b99df4cbbceea8fa8c72959a63b682f50f51da7
SHA256 7c9b5926059423ba8daf7e7ce1f86aefc56e80bb1faf8f18dc313affb4997b6b
SHA512 b0212b371a640cc53cae78e536fbe0dd1d1753a169bf284ce843732471430101336801ff87b00fb4393ad6c5db9c79eff91e2ec46a6db2d4a33c8f9174060ced

memory/5456-459-0x000000000C4A0000-0x000000000CAA6000-memory.dmp

memory/5456-461-0x000000000BE90000-0x000000000BF9A000-memory.dmp

memory/5456-462-0x000000000B7C0000-0x000000000B7D2000-memory.dmp

memory/5456-466-0x000000000B7E0000-0x000000000B81E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MGUJ3RJN\buttons[2].css

MD5 b91ff88510ff1d496714c07ea3f1ea20
SHA1 9c4b0ad541328d67a8cde137df3875d824891e41
SHA256 0be99fd30134de50d457729cebd0e08342777af747caf503108178cb4c375085
SHA512 e82438186bfc3e9ca690af8e099aafbfbc71c9310f9d1c8cb87ffa9e7f0f11f33982c63a2dac95c9b83fef1aaa59178b73212fc76e895d13a1ffbbe3c1adfa4c

memory/5456-468-0x000000000B820000-0x000000000B86B000-memory.dmp

memory/2240-472-0x0000012A5E230000-0x0000012A5E231000-memory.dmp

memory/2240-474-0x0000012A5E240000-0x0000012A5E241000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PJD4JNMW\shared_global[1].css

MD5 cfe7fa6a2ad194f507186543399b1e39
SHA1 48668b5c4656127dbd62b8b16aa763029128a90c
SHA256 723131aba2cf0edd34a29d63af1d7b4ff515b9a3a3e164b2493026132dd37909
SHA512 5c85bb6404d5be1871b0b2e2d2c9053716354acd69c7acca73d8ce8bf8f21645ae11f788f78ef624444016cb722ecbd6213e771bda36717725f2b60f53688c6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UPO02SQ8\favicon[1].ico

MD5 630d203cdeba06df4c0e289c8c8094f6
SHA1 eee14e8a36b0512c12ba26c0516b4553618dea36
SHA256 bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
SHA512 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

memory/1296-500-0x00000238C2140000-0x00000238C2160000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\03AG08XF\shared_responsive[1].css

MD5 2ab2918d06c27cd874de4857d3558626
SHA1 363be3b96ec2d4430f6d578168c68286cb54b465
SHA256 4afb3e37bfdd549cc16ef5321faf3f0a3bf6e84c79fc4408bc6f157280636453
SHA512 3af59e0b16ef9d39c2f1c5ccdbd5c9ea35bd78571fde1b5bf01e51a675d5554e03225a2d7c04ed67e22569e9f43b16788105a0bf591ebba28ef917c961cc59e2

memory/4032-531-0x0000012A99820000-0x0000012A99840000-memory.dmp

memory/4032-532-0x0000012A89100000-0x0000012A89200000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3BUYXJ8U.cookie

MD5 8aab7dae0c1d3ea784a64ccfef238100
SHA1 5226de6ba54decbc2d0f581dd24500cf732c7da4
SHA256 b7ded4b26fdf78ae4c85b5db1236902559f6d4ba860efd0385d846612c131063
SHA512 d381fb163d432aff8fac58ef3ad6120b9986fd09e00d97220544c8bc6bb39bf3e9686554ea56b5c583dd666784f65db94659dab6ba74cb69116d56c8b3ecf09b

memory/4032-586-0x0000012A997E0000-0x0000012A99800000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PJD4JNMW\tooltip[2].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

memory/1296-596-0x00000238C2800000-0x00000238C2900000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PJD4JNMW\shared_global[1].js

MD5 f94199f679db999550a5771140bfad4b
SHA1 10e3647f07ef0b90e64e1863dd8e45976ba160c0
SHA256 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548
SHA512 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

memory/1500-610-0x000002A89A5D0000-0x000002A89A5F0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\03AG08XF\shared_responsive_adapter[2].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 df26803bd741cd8337ebbee4c99100c7
SHA1 0c773c5482f47ed25356739cfae0e0d1f1655d73
SHA256 fd20571a9005f781b6452d345b8ea3e90c9cc88156795a3521cc16fae542355e
SHA512 6648aa7a8c307467e3174b50928aa19aa133f42a87b6332ef02aad85fe1b48b848145daba50ef220eb075699268547eb7a731874cdb197d89cd229f4cc962886

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 139a6adec934a03f89faf4fd3bf5dd4a
SHA1 7fd06098a95c770b3cbe8eb401488254be0d6b19
SHA256 cf0d2f2567e4c839ba902ddcce3e9cc8dc038642b706fd9b3bfd863e11294b49
SHA512 987d3e3b1d8c051c989795dfa974974e10a5c1f0d40dabb9130e3bd5fc86ef06800e1f224693c683318f7a7dec94640ded1325087a82f9abd0cb8a52f8fcb79e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3F4P01Y1\www.epicgames[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\f6px6wc\imagestore.dat

MD5 6c2b59888515371b2caa35661c22176d
SHA1 3c50f90aeedf6f9de4be5cf4ad33db5b88ba6b7e
SHA256 34c1170917d1658c2c1ac36f4bc316faab356c4d33c5c9e10feea819b4bb119f
SHA512 e6f76505013772cf8c8501a27f72d39dcdca3d298be0db24a943b1cbe1142558f03e63b54ccc34aa53740ac902351d94426e4d08ce0954491074aaf840c05bf9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\IOR04NZ7.cookie

MD5 5be0f9cc4eef2d9bbf9743abf092b954
SHA1 dc4bf4c7f229b29d01dfac1e9d170be8b39c6bfe
SHA256 c75126393094df7c838c45addd7964bbd04117987a46b0fa5c1276da79e5b549
SHA512 83c23757dd1bc3ae62cfbbff30d8a145dd443d00e942cd58380a81e3e980906cc15afa0a7b653217d491c84f52b3736f41c05047f73dc844c8a7cb3400fa920d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UPO02SQ8\favicon[2].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Z4Z3MBCD\B8BxsscfVBr[1].ico

MD5 e508eca3eafcc1fc2d7f19bafb29e06b
SHA1 a62fc3c2a027870d99aedc241e7d5babba9a891f
SHA256 e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a
SHA512 49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4YCY0C56.cookie

MD5 3f57cfca510b32bbfe76a143a13e47d9
SHA1 a5d8b4400cc5b5e7ea0dd87fd082e4040e6dd762
SHA256 527f8c359757f49e28a5b796f85f06be867b2628742a68b02476086c056ffa99
SHA512 773ba8a392923fb14ad7cb96b16259d6423a9f1209040394e2215c4e56026b0d3bb33f393d820c6ef0153c433d91d2a503f1955873cd372204e4080c92a06fa4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

MD5 42543f480eb00f895387212a369b1075
SHA1 aa04603bbd708a4727befd7b8f354f23d5953f4a
SHA256 f0872218ff6e9878a0d0772d60c56638f7c5932a717598e239494f597561b95d
SHA512 197c197044c0446c0e7e21aeae8daad060ad24f2f879b6227e4b90449b73968a41cb7f724387c11345bf11758c5194dc6b6a889367873bc2c915f391c856744d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

MD5 e34cb9ef28517928995a821a59785c5f
SHA1 95d2cba5fb9a4d0fab4c65aceaa48eeadf46a5aa
SHA256 d407e29082d58933dfcdd515b9f8afc8a908137419028ec77bf23dbbc253afae
SHA512 f89ee57465ee216e49144c8a87a2f66496df306c65a4605a9bb0f96dffd317462d2ab3747b5028ef6cff194a70a8b645af6a72cabbeb5495eacacc5604e9da91

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GGXFH2WC\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3F4P01Y1\www.epicgames[1].xml

MD5 57d722defca6be1030d947f805c1ee7a
SHA1 a46070d7f5c34de4790d91795802ffef4bbc8e4a
SHA256 acb84c2567f08aac8684ad40e88c8d7548b164e0428bcc4c80cf61edb550945f
SHA512 cbbad5c1dcb49d348b3a3de4c70864d0bba32fbfbddde729a72a12061ad49a0364128af11c896d41e4b0c6717ae3239dec9547ddf938ada11f8a850624313a98

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\822XCUE4.cookie

MD5 5751c3b7cee7e533b56fa923c078753a
SHA1 aae761ff713baa06689f48595c81dd5b7aa1afd0
SHA256 d7bc778436c691857d2bbe0f4ffa2ccd8c6c7c123eb3482a38b18e608d57d985
SHA512 6e25334f5d3cb23f654c314468b35ccd0e30cf835c3b78539928ace34ac7a7ee39838500084b0eee009e7e535eff83925135a6838de28b8ea3a6a0c9c314cc61

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\IVN1U6OE.cookie

MD5 77d4648068472324b1d11fa4596a9494
SHA1 7ddacf4c756ad75346a3bcbd3f4c1d52b489569e
SHA256 d2a3f842afe092a5cdf7f4e0b65bff3b1459f75cbf25dbd56dc0b423cbd5375c
SHA512 aa13b7d126890a821045d853807db61642aab8a807150d355b5b80cfc206b27c6e8a5033d832c6a19e157c46501bdd83420a29009921b75a0f1d79778ea24bba

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\UPO02SQ8\epic-favicon-96x96[1].png

MD5 c94a0e93b5daa0eec052b89000774086
SHA1 cb4acc8cfedd95353aa8defde0a82b100ab27f72
SHA256 3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775
SHA512 f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VQST9VQ9.cookie

MD5 a3f594935198bbd471b15042bc6ae1ce
SHA1 215441bda7d69d5dfc130df3e2a95bec81603626
SHA256 f9b73ff34b58dfc44a3f7dfef9a27a6008e4bc40f5f07904e92945da70863e31
SHA512 516e5c4d5fbbb84b94b6cb7e34fb9eec099db0650cf5945a3f8a95f9a92ec77926ddf5d01de22f78f6be123ba723d845002ed8607cebb5916bf43f3c40dc73c2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\03AG08XF\chunk~f036ce556[1].css

MD5 19a9c503e4f9eabd0eafd6773ab082c0
SHA1 d9b0ca3905ab9a0f9ea976d32a00abb7935d9913
SHA256 7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a
SHA512 0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9OANVIPP.cookie

MD5 059adc96fbfcc13486103a85edc46912
SHA1 0a6e4712f98b543fad819953e7241d78d0587b00
SHA256 a28c23e0df93bfc0990e587fe07d148d7e9cffcfcf2ed64bba49d452a0063b63
SHA512 4235ad1f7b4df7e7714b05bdd6767c1eef20d6db5f1428c5c7aa9f90ee41d7838333c6196fb16ba890e7961fe77e900c97ae2722d7a2262125dee855c9d8a5e9

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PJD4JNMW\recaptcha__en[1].js

MD5 fbeedf13eeb71cbe02bc458db14b7539
SHA1 38ce3a321b003e0c89f8b2e00972caa26485a6e0
SHA256 09ed391c987b3b27df5080114e00377ff1a748793cb417a809b33f22d737fe55
SHA512 124b9f53a53ef596a54c6c04ab3be2b25d33d1ce915978ec03da8f9f294db91d41ee9091b722e462722f51f9d9455ce480e1a0cb57c2f3248c7a3a9e3b9dac58

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZRTB2BOO.cookie

MD5 9c5099b51874c119df5aae97f1ad82cf
SHA1 4e21dc1fef97d862286e88513d7966ac500773c7
SHA256 928962a654dcdac8dd655548c6aaa5522ee1962ae88947b76ffd27dd60fb3686
SHA512 8a8ef2bcd5e8b85116adf2a85b532c83e5332fb85d29c202e8df54af0c16ebe4c99ed80eec47e90cafaac127a39d75b1c4e9585bf12a0ced7c39ce2664d89469

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\37RLKY0C.cookie

MD5 7770ec052c8ed106317f8d21fe6ce607
SHA1 de5f5d9e0435dd188b991bf226ac0ea0c12e91f0
SHA256 e013f347a63dc15b6d5e93f62e8f416d80bf08269dec5fa351d52135836c4f9f
SHA512 aabb30c104e3b2afbac65edb9f13e65751e1148043acd5cd667125f62d717696c8f5b5b98dbef2e9c7df817fe5d466792092bbde4c0798d49c69a8231726cf3a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PJD4JNMW\hcaptcha[1].js

MD5 c2a59891981a9fd9c791bbff1344df52
SHA1 1bd69409a50107057b5340656d1ecd6f5726841f
SHA256 6beec8b04234097105f5d7a88af9c27552b27021446c9dbe029d908d1ff8599f
SHA512 f9d556e0f7e95e603881c5196cc2aa736eb24ed62086d09d36a9e1d6b4fec9f4c1dfb125a66bec301f57230a4242108c7c255e6aa3c6f08a3a0d75e0cf288afe

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OATN076X.cookie

MD5 55aee6c3302bca2392b5b022c9d2f010
SHA1 d176bde35f9c09c5a31f435410d0abc77d47701a
SHA256 5fa5fed98fcd5ccdf1e3280d980c88c41fe7ca436bbbc5335fc54749a789209f
SHA512 a0b4b25a8946933846b7189db571e80bc072707560bdc5ae70b3376a5daec78b1c660d5b292815d2eb9472a77245cd333e101dfc7c47c5dee9d7ca1be233a92b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OWCJ83CY.cookie

MD5 972557b47a8a30741d9640dd7fbca86e
SHA1 15508b5806cfec8d99e432db1f402d2fc39e1689
SHA256 5e8eb7263407f9da069578aef32527e52bb1c288baae1b67a002f8a5df65da57
SHA512 ee4c4daca16fbefba870add2f61b9ae596398371f08b94531c225df6d4f5d5574c54caf22400cd53f719bb8141465c1768133711ab49809546162c584523e9fc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QD9MSM4Q.cookie

MD5 5ee4a94961340ba4b554239ef806d8a3
SHA1 df90afb3d7922cedef652a23c01b10cca1d93c27
SHA256 a7d7da09082a5cf95ee45ad20ae51616eced1bbeddae613bbaf1aadb5db100fe
SHA512 32d8e15612d651542676b84606dceed6d2ed972768e84a5c1de9dd5d9592dc3514f025d8cd723f7983b96321345c8d4e8e61c1750ccfe4fefe852eaa641464e3

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SU6W8964\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\249RPV9Z.cookie

MD5 cb7a8bff200a2e40dca44d0ab391d51e
SHA1 6fbd8d9bd1f6aab020dfb23e203835317288dfc6
SHA256 26db35c08ced17a87cc626292103cf57b1c2a3d0f7a5718c9f4b8269ddeb7a81
SHA512 889509dd2a76c6d782bed660d4fd81199efcd79860838b12eab5599c7deb2b3559a1528c8f54bda91a89b9b2b33164f4091b012deedef68157aef765f25daa26

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2ESPAZDI.cookie

MD5 9363d7283c3b0ddb556899354449d912
SHA1 18e883c06d8989affe392fc765ff690032a33933
SHA256 61809011b3ea3bb7dd7083d7acef2dd4e7375beb1241602ffe36283fd84c61d5
SHA512 24d065143895c4898018ce2f2c466319ffbe638f1c7b01b368a69a7c4fb49cf6af669dafbe9dcbae0268f4e84a2ef71b723caa5f2f85a43eaaba891e276fb3e8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MGUJ3RJN\m=_b,_tp[1].js

MD5 bb99196a40ef3e0f4a22d14f94763a4c
SHA1 740a293152549a0a4b4720625ea7d25ac900f159
SHA256 28e8a65ccc3cd8656831f57b38e965f68a304ebecd3642981733a4b2aad06636
SHA512 fdddc0752eff7c25afdc62f7ce699bc3718346c1d87f2cac604b5320f6671f036edc989e6c67859d97d0ed5fc17fbae65076605f77814f537c8537842ebf6915

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3F4P01Y1\www.recaptcha[1].xml

MD5 ae11ad2669397cb2d2d57cdf78a92cd3
SHA1 a8f53e651aa27c2acfa715e862d69734c33dee72
SHA256 c458970898c1b607a1196790ca4b95ef1707bb6334f0a577d8cbfd31c1664008
SHA512 e87e3920bab8dccdf5382cd910597e8acf21570a4aa32406077e35c330c5f4a0b4f22e3cc0ce070dec9bf729b076e54892e70146befdd697236b30d650badc18

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

MD5 ba3d7074866d3e720f90789bc60b02ab
SHA1 50276b2e72a411ac8587a7113657f1b3e7a02bef
SHA256 e353e197b88e44c0841a510d8239058a357d6d35a14f3ead7e7a5f189e9cb4fc
SHA512 bd0c6816dc2d0de098604cc7873715ff856149f47583098e9d081b2d02a219047579f4249bc99b0ab403b4b61217497e0402600ea737c50366c6b434dbfbeebd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

MD5 756f432b2c25b9c3f322474fa0abc205
SHA1 dfda09844490ead031c2318fc4487dd350ed3057
SHA256 35e8a99e0e4bf30d3bd73ed852197fc5b268860115dee5bb98fb185de566daea
SHA512 5ebcde14aa7c29a540debe562500669ad62d8513018acb8e158349e54a4ec7f9a1fe94690443d45d87bff06bb960d6e304d15afeb3cbc11fd94da8d0dee8fd81

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MGUJ3RJN\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\03AG08XF\scheduler[1].js

MD5 3403b0079dbb23f9aaad3b6a53b88c95
SHA1 dc8ca7a7c709359b272f4e999765ac4eddf633b3
SHA256 f48cc70897719cf69b692870f2a85e45ecf0601fd672afcd569495faa54f6e48
SHA512 1b7f23639fd56c602a4027f1dd53185e83e3b1fa575dc29310c0590dd196dc59864407495b8cc9df23430a0f2709403d0aa6ec6d234cce09f89c485add45b40e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MGUJ3RJN\network[1].js

MD5 d954c2a0b6bd533031dab62df4424de3
SHA1 605df5c6bdc3b27964695b403b51bccf24654b10
SHA256 075b233f5b75cfa6308eacc965e83f4d11c6c1061c56d225d2322d3937a5a46b
SHA512 4cbe104db33830405bb629bf0ddceee03e263baeb49afbfb188b941b3431e3f66391f7a4f5008674de718b5f8af60d4c5ee80cfe0671c345908f247b0cfaa127

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MGUJ3RJN\spf[1].js

MD5 892335937cf6ef5c8041270d8065d3cd
SHA1 aa6b73ca5a785fa34a04cb46b245e1302a22ddd3
SHA256 4d6a0c59700ff223c5613498f31d94491724fb29c4740aeb45bd5b23ef08cffa
SHA512 b760d2a1c26d6198e84bb6d226c21a501097ee16a1b535703787aaef101021c8269ae28c0b94d5c94e0590bf50edaff4a54af853109fce10b629fa81df04d5b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMFAW50O\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMFAW50O\www-tampering[1].js

MD5 d0a5a9e10eb7c7538c4abf5b82fda158
SHA1 133efd3e7bb86cfb8fa08e6943c4e276e674e3a6
SHA256 a82008d261c47c8ca436773fe8d418c5e32f48fe25a30885656353461e84bbbc
SHA512 a50f80003b377dbc6a22ef6b1d6ad1843ef805d94bafb1fcab8e67c3781ae671027a89c06bf279f3fd81508e18257740165a4fea3b1a7082b38ec0dc3d122c2f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MGUJ3RJN\webcomponents-ce-sd[1].js

MD5 58b49536b02d705342669f683877a1c7
SHA1 1dab2e925ab42232c343c2cd193125b5f9c142fa
SHA256 dea31a0a884a91f8f34710a646d832bc0edc9fc151ffd9811f89c47a3f4a6d7c
SHA512 c7a70bdefd02b89732e12605ad6322d651ffa554e959dc2c731d817f7bf3e6722b2c5d479eb84bd61b6ee174669440a5fa6ac4083a173b6cf5b30d14388483d4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMFAW50O\web-animations-next-lite.min[1].js

MD5 cb9360b813c598bdde51e35d8e5081ea
SHA1 d2949a20b3e1bc3e113bd31ccac99a81d5fa353d
SHA256 e0cbfda7bfd7be1dcb66bbb507a74111fc4b2becbc742cd879751c3b4cbfa2f0
SHA512 a51e7374994b6c4adc116bc9dea60e174032f7759c0a4ff8eef0ce1a053054660d205c9bb05224ae67a64e2b232719ef82339a9cad44138b612006975578783c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\03AG08XF\desktop_polymer_css_polymer_serving_disabled[1].js

MD5 c5f7a6b8f08c25ee673c9b73ce51249d
SHA1 9a97323a8733cae3f6f6d9ac4e158e6d01133916
SHA256 4d67427a0c349986f83055c64b17c89847543a003c54dff18b2704625417a1e0
SHA512 4643d44b3295fa1a2723b57212ddf938c26fa15cc3ca759be60c4182b1959c5d7a0df614b4c6ab419b78524312277630b12a528da6698d038b6931155250fa78

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMFAW50O\rs=AGKMywEfXGDvhU0fuylcqyTdvtelWk4BrA[1].css

MD5 7e867744b135de2f1198c0992239e13b
SHA1 0e9cf25a9fb8e65fe4eacb4b85cb9e61e03cf16f
SHA256 bc730ba2cb39047efdd61ba2e5b285f0f186f46d0541676cf366a1f65349cbc2
SHA512 ec27a603d574cafa0d0cfa3ebf2fc99671ea9e3288a00375c34d3fced024d78e1bd9ca9d3b68d317f53a31095ce6864b7f6470a9633204720700850e2454f39d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PJD4JNMW\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PJD4JNMW\www-main-desktop-home-page-skeleton[1].css

MD5 770c13f8de9cc301b737936237e62f6d
SHA1 46638c62c9a772f5a006cc8e7c916398c55abcc5
SHA256 ec532fc053f1048f74abcf4c53590b0802f5a0bbddcdc03f10598e93e38d2ab6
SHA512 15f9d4e08c8bc22669da83441f6e137db313e4a3267b9104d0cc5509cbb45c5765a1a7080a3327f1f6627ddeb7e0cf524bd990c77687cb21a2e9d0b7887d4b6d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\03AG08XF\css2[1].css

MD5 16b81ad771834a03ae4f316c2c82a3d7
SHA1 6d37de9e0da73733c48b14f745e3a1ccbc3f3604
SHA256 1c8b1cfe467de6b668fb6dce6c61bed5ef23e3f7b3f40216f4264bd766751fb9
SHA512 9c3c27ba99afb8f0b82bac257513838b1652cfe81f12cca1b34c08cc53d3f1ebd9a942788ada007f1f9f80d9b305a8b6ad8e94b79a30f1d7c594a2395cf468a2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QARPUPML.cookie

MD5 562b75e222894cc1a9e532f62e3854d2
SHA1 f4ed85c0675a7c5d46ecee1e1d6594774c9a4a8c
SHA256 6799e7c13dbbf3a250d9d94e91c5732326ce9665ff2708ada595ee6ef804a46c
SHA512 067471844f4193efb125a90174134b2dc848de2dc03ce792b96236f978ae03ef0ae297da4d287af4464e9f8f340f6b9df7f5745a38bafd7dcf55fd9806885a7b

memory/6564-3120-0x0000000000400000-0x000000000046F000-memory.dmp

memory/6564-3125-0x0000000000540000-0x000000000059A000-memory.dmp

memory/6564-3126-0x0000000072E60000-0x000000007354E000-memory.dmp

memory/5456-3127-0x0000000072E60000-0x000000007354E000-memory.dmp

memory/6564-3128-0x0000000007600000-0x0000000007610000-memory.dmp

memory/6564-3132-0x0000000007FB0000-0x0000000008016000-memory.dmp

memory/6564-3207-0x00000000089D0000-0x0000000008A20000-memory.dmp

memory/6564-3208-0x0000000008A30000-0x0000000008AA6000-memory.dmp

memory/6564-3223-0x0000000008AE0000-0x0000000008CA2000-memory.dmp

memory/6564-3224-0x0000000008CB0000-0x00000000091DC000-memory.dmp

memory/6564-3225-0x0000000009280000-0x000000000929E000-memory.dmp

memory/6564-3236-0x0000000072E60000-0x000000007354E000-memory.dmp

memory/6984-3259-0x0000000000CF0000-0x000000000198C000-memory.dmp

memory/6984-3258-0x0000000072E60000-0x000000007354E000-memory.dmp

memory/5892-3264-0x000001EFD7910000-0x000001EFD79FE000-memory.dmp

memory/5892-3267-0x00007FFD42510000-0x00007FFD42EFC000-memory.dmp

memory/5892-3271-0x000001EFF1E80000-0x000001EFF1F60000-memory.dmp

memory/5892-3270-0x000001EFD7DA0000-0x000001EFD7DB0000-memory.dmp

memory/5892-3273-0x000001EFF1FD0000-0x000001EFF20B0000-memory.dmp

memory/5892-3277-0x000001EFF20B0000-0x000001EFF2178000-memory.dmp

memory/5892-3279-0x000001EFF2280000-0x000001EFF2348000-memory.dmp

memory/5892-3284-0x000001EFF2350000-0x000001EFF239C000-memory.dmp

memory/6484-3287-0x00000000013E0000-0x000000000160D000-memory.dmp

memory/6152-3289-0x0000000000D00000-0x0000000000D01000-memory.dmp

memory/6984-3291-0x0000000072E60000-0x000000007354E000-memory.dmp

memory/6400-3294-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/6400-3295-0x00007FFD42510000-0x00007FFD42EFC000-memory.dmp

memory/6400-3297-0x0000020E575B0000-0x0000020E575C0000-memory.dmp

memory/5892-3296-0x00007FFD42510000-0x00007FFD42EFC000-memory.dmp

memory/6400-3298-0x0000020E3EA00000-0x0000020E3EAE4000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Z4Z3MBCD\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

memory/2208-3343-0x0000000000820000-0x0000000000829000-memory.dmp

memory/2208-3341-0x0000000000880000-0x0000000000980000-memory.dmp

memory/6828-3349-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5620-3367-0x0000000002A50000-0x0000000002E4A000-memory.dmp

memory/5620-3371-0x0000000002E50000-0x000000000373B000-memory.dmp

memory/5620-3378-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/6828-3544-0x0000000000400000-0x0000000000409000-memory.dmp

C:\ProgramData\mozglue.dll

MD5 c8fd9be83bc728cc04beffafc2907fe9
SHA1 95ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256 ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512 fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

memory/6484-3717-0x00000000013E0000-0x000000000160D000-memory.dmp

memory/2992-3852-0x0000000004580000-0x00000000045B6000-memory.dmp

memory/2992-3850-0x0000000072E60000-0x000000007354E000-memory.dmp

memory/2992-3853-0x0000000006D30000-0x0000000006D40000-memory.dmp

memory/2992-3857-0x0000000007370000-0x0000000007998000-memory.dmp

memory/6400-3860-0x00007FFD42510000-0x00007FFD42EFC000-memory.dmp

memory/2992-3863-0x0000000006D30000-0x0000000006D40000-memory.dmp

memory/6152-3861-0x0000000000D00000-0x0000000000D01000-memory.dmp

memory/2992-3871-0x0000000006FE0000-0x0000000007002000-memory.dmp

memory/2992-3881-0x00000000071F0000-0x0000000007256000-memory.dmp

memory/2992-3888-0x00000000079A0000-0x0000000007CF0000-memory.dmp

memory/2992-3914-0x0000000007D80000-0x0000000007D9C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_l4v2vozb.lax.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF9EA777C6281243F1.TMP

MD5 91ad16dd6d55bb277c579e8b9746d609
SHA1 8ace349d2257a98efdc0ba6e3f7b413b95e63b5e
SHA256 97cb45d352b381a65e775502189a0e3eab767ea4bf09193f033c1f0f7dce2057
SHA512 016fce337ec23c444eceb5b527a6a66e6e7ccb326b8a51f056ca34c61e5de3f94725725bf5dc848c5411b7317a130f2d3cf9132474fdd90ab07c0bd10d88e4f6

memory/2992-3969-0x0000000008E10000-0x0000000008E4C000-memory.dmp

memory/2992-4096-0x0000000009D20000-0x0000000009D53000-memory.dmp

memory/2992-4099-0x000000006D100000-0x000000006D14B000-memory.dmp

memory/2992-4101-0x000000006C160000-0x000000006C4B0000-memory.dmp

C:\Users\Admin\AppData\Roaming\isttdsw

MD5 6f38e2c344007fa6c5a609f3baa82894
SHA1 9296d861ae076ebddac76b490c2e56fcd0d63c6d
SHA256 fb1b0639a3bdd51f914bf71948d88555e1bbb9de0937f8fa94e7aa38a8d6ab9f
SHA512 5432ab0139ee88a7b509d60ed39d3b69f7c38fe94613b3d72cc4480112d95b2cbf7652438801e7e7956aca73d6ebc870851814bec0082f4d77737a024990e059

C:\Users\Admin\AppData\Local\Temp\tmp2277.tmp

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\tmp22AB.tmp

MD5 908cc2dad5eb4412aaa2a85beb5f6341
SHA1 a5f1b88092d219e71e8969d01ee2a3ae669a5600
SHA256 210fc747617b64d2430897b4c11cd5dc81bc3a991d7c622b90918ce4d112baa4
SHA512 38729498bd42d999c38dc769cc79057917a933080d608574460fe7ba7c9409db4e01979044151bc0922b1a9816398e25b7be59976bd318b1202b5d13fcf03cd9

C:\Users\Admin\AppData\Local\Temp\tmp22D7.tmp

MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA512 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77