Malware Analysis Report

2025-01-02 05:17

Sample ID 231111-c6h86sfe4s
Target b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688
SHA256 b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688
Tags
mystic redline taiga google paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688

Threat Level: Known bad

The file b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga google paypal infostealer persistence phishing spyware stealer

Detected google phishing page

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Program crash

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious behavior: MapViewOfSection

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 02:41

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 02:41

Reported

2023-11-11 02:44

Platform

win10-20231023-en

Max time kernel

172s

Max time network

201s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected google phishing page

phishing google

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.epicgames.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steamcommunity.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0e2162b94814da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steamcommunity.com\NumberOfSu = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\store.steampowered.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steampowered.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steamcommunity.com\NumberOfSu = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\epicgames.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steampowered.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000fcfde1d1ce94eb8b4edc57aec1e1a7e0843d699b42e6c0dafbb7d65fd1de6e11449689dbf5eb3fbcd076f9891d552b3e23aaf7d3d3cdeffc3179 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steamcommunity.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "34" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steamcommunity.com\NumberO = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.epicgames.com\ = "34" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{C0486A03-CBEC-4FAD-B052-88C20D6B0BAE} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4432 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe
PID 4432 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe
PID 4432 wrote to memory of 2924 N/A C:\Users\Admin\AppData\Local\Temp\b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe
PID 2924 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe
PID 2924 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe
PID 2924 wrote to memory of 4952 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe
PID 4952 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe
PID 4952 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe
PID 4952 wrote to memory of 856 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe
PID 4952 wrote to memory of 5504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe
PID 4952 wrote to memory of 5504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe
PID 4952 wrote to memory of 5504 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe
PID 5504 wrote to memory of 6072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 6072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 6072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 6072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 6072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 6072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 6072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 6072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 6072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 6072 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2924 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe
PID 2924 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe
PID 2924 wrote to memory of 2268 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe
PID 872 wrote to memory of 3880 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4344 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 3880 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 4344 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2268 wrote to memory of 6416 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2268 wrote to memory of 6416 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2268 wrote to memory of 6416 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2268 wrote to memory of 6416 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2268 wrote to memory of 6416 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2268 wrote to memory of 6416 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2268 wrote to memory of 6416 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2268 wrote to memory of 6416 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4432 wrote to memory of 6572 N/A C:\Users\Admin\AppData\Local\Temp\b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe
PID 4432 wrote to memory of 6572 N/A C:\Users\Admin\AppData\Local\Temp\b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe
PID 4432 wrote to memory of 6572 N/A C:\Users\Admin\AppData\Local\Temp\b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe
PID 872 wrote to memory of 2752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 2752 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 6572 wrote to memory of 6556 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6572 wrote to memory of 6556 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6572 wrote to memory of 6556 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6572 wrote to memory of 6556 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6572 wrote to memory of 6556 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6572 wrote to memory of 6556 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6572 wrote to memory of 6556 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6572 wrote to memory of 6556 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6572 wrote to memory of 6556 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 872 wrote to memory of 3960 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 3960 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 3960 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 3960 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 3960 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 3960 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 3960 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 3960 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 872 wrote to memory of 3960 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688.exe

"C:\Users\Admin\AppData\Local\Temp\b3f9f8eb7c4c681262629186793712eaba2aa605df56e39613453df17b275688.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 568

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 157.240.5.35:443 www.facebook.com tcp
US 157.240.5.35:443 www.facebook.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 254.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 54.152.70.17:443 www.epicgames.com tcp
US 54.152.70.17:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 17.70.152.54.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 186.15.239.18.in-addr.arpa udp
US 151.101.65.21:443 www.paypal.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 21.65.101.151.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 206.246.238.18.in-addr.arpa udp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 8.8.8.8:53 fbcdn.net udp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 157.240.5.35:443 fbcdn.net tcp
US 157.240.5.35:443 fbcdn.net tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
NL 142.250.179.150:443 i.ytimg.com tcp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 fbsbx.com udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 steamcommunity.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 54.152.70.17:443 www.epicgames.com tcp
US 54.152.70.17:443 www.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 c.paypal.com udp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 174.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 crl.rootg2.amazontrust.com udp
US 18.239.94.99:80 crl.rootg2.amazontrust.com tcp
US 8.8.8.8:53 99.94.239.18.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe

MD5 eaf815d100740af00133bc0c296cc403
SHA1 18eb803560297b1fa868cafc21b29d425fb24920
SHA256 fdc9c8d8313d390a1cb045d041084739fc2a53612b07c6b85abaaf344a6040ed
SHA512 190009095289a554f71023d5e773432278a7c3710e43d62a8a05316274502b22a121b06a67cf471dac5883da682663a06aac21de2b98ae2ac21b2841a2f285a3

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AF9Ug21.exe

MD5 eaf815d100740af00133bc0c296cc403
SHA1 18eb803560297b1fa868cafc21b29d425fb24920
SHA256 fdc9c8d8313d390a1cb045d041084739fc2a53612b07c6b85abaaf344a6040ed
SHA512 190009095289a554f71023d5e773432278a7c3710e43d62a8a05316274502b22a121b06a67cf471dac5883da682663a06aac21de2b98ae2ac21b2841a2f285a3

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe

MD5 ca4364081919bb70569c33b1d61177c6
SHA1 c781187c2c0a9904ecbb1c6a63a6670739e9b449
SHA256 70ef3f8dea8d836099bee99cf4a4ff60410906b489750764c0e9630a15aae454
SHA512 1c4d11c660b4dde620405382433603f4cb6f7242c66bcc869d8ef6fb83c124f6bc86d994bbeb53dd6efc7c6d96d4678e3d8ebba0f31bb280f55542cd0177eb95

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ol9kV33.exe

MD5 ca4364081919bb70569c33b1d61177c6
SHA1 c781187c2c0a9904ecbb1c6a63a6670739e9b449
SHA256 70ef3f8dea8d836099bee99cf4a4ff60410906b489750764c0e9630a15aae454
SHA512 1c4d11c660b4dde620405382433603f4cb6f7242c66bcc869d8ef6fb83c124f6bc86d994bbeb53dd6efc7c6d96d4678e3d8ebba0f31bb280f55542cd0177eb95

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe

MD5 660d763b50fe439694e03f66a6ed83fe
SHA1 8b3f119fb279c1ce2ad31e79fcb8adbd58bdf22b
SHA256 6d62484871ff7b97c8759e5b5426b56f677519193658477e67f23620bbd6ee53
SHA512 09268b19396887148d344979d897923399274c6e58b52ae2d699837075040281e7526591acadd9f6df45b1211da2ca1bfb4d1820e5b2e85e42998fd703003dda

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3xO372Hf.exe

MD5 660d763b50fe439694e03f66a6ed83fe
SHA1 8b3f119fb279c1ce2ad31e79fcb8adbd58bdf22b
SHA256 6d62484871ff7b97c8759e5b5426b56f677519193658477e67f23620bbd6ee53
SHA512 09268b19396887148d344979d897923399274c6e58b52ae2d699837075040281e7526591acadd9f6df45b1211da2ca1bfb4d1820e5b2e85e42998fd703003dda

memory/4812-21-0x0000011A32620000-0x0000011A32630000-memory.dmp

memory/4812-37-0x0000011A32C00000-0x0000011A32C10000-memory.dmp

memory/4812-56-0x0000011A317F0000-0x0000011A317F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 d13b3e8e47a07aa4b07d943221e8df8a
SHA1 2492deff146bd6120885331eeb597147c98008fa
SHA256 d92c66231bcd1297d480adb63fbdba74355299b2f58fe09427c35045920df611
SHA512 0e54296e827808de083ec327ac3096ac3f8920d81c837d831548cb1a80623dd2168484f2451caa5b0a945f20e6722dd047efcdfdaa311a5f0d53afc91dd0024d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 d13b3e8e47a07aa4b07d943221e8df8a
SHA1 2492deff146bd6120885331eeb597147c98008fa
SHA256 d92c66231bcd1297d480adb63fbdba74355299b2f58fe09427c35045920df611
SHA512 0e54296e827808de083ec327ac3096ac3f8920d81c837d831548cb1a80623dd2168484f2451caa5b0a945f20e6722dd047efcdfdaa311a5f0d53afc91dd0024d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe

MD5 25bf36a037236a4e894d580b2ca1635b
SHA1 3071fa2260a28c02ea1a7a3933a48f9fe857eb25
SHA256 584b85f7d5fd74b3b43e8938b156a8f31fec882f894772d18b4462f1e775ef2b
SHA512 b3b3cb1248cfc557d3d4a51dce35976e0b6e1b18346987ba2885cd3f5f0caf1455d209738cfe2c1123424e4dd287020b10be2c70f0c0dc86d1dbba243f7e09f4

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4re9Al3.exe

MD5 25bf36a037236a4e894d580b2ca1635b
SHA1 3071fa2260a28c02ea1a7a3933a48f9fe857eb25
SHA256 584b85f7d5fd74b3b43e8938b156a8f31fec882f894772d18b4462f1e775ef2b
SHA512 b3b3cb1248cfc557d3d4a51dce35976e0b6e1b18346987ba2885cd3f5f0caf1455d209738cfe2c1123424e4dd287020b10be2c70f0c0dc86d1dbba243f7e09f4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e5b6d288fc6bbb4d6eeb886750530f27
SHA1 9f3fa22a02835e3f723dbfc74c3a2b9e64a6087c
SHA256 66843d125ccdeb7bd20cbacc37d889765e0bef1c62fa4750ddca18080de7a314
SHA512 e246620c9d87d89b22d10028bf42a521e58a6241ddc79458df0c85997d61de5334998b7c1e6bd719d2f02d31b0eb8e87e6548957b16104372d1c28b245b11558

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a4c7d91884a85bdb10d3962b7edb6f31
SHA1 7ed4d4526f5d7876d704af420b18e2322f5cf21d
SHA256 537ea6e404e1a67c311061606067244fcbd8892632cefd438b5376bd9bbbd539
SHA512 c3517da44f2907924aff28bd1ca633c7c74ff1c373776546d8a2cfc24020fc9ffe177ba7a067eafb605eb9bda0e380195c3293ec3886a3c4cc116a85a2a0c444

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 60e0cfef6236b49aa1a48a8a007c2dcc
SHA1 b552560955579ab7a0d67c8f2a53f15dc9eee5c0
SHA256 8968e93b2ab201ed6781fb1ba21eccdfd64e9459534a136992dd2cca40c3c923
SHA512 21ec1a2c6fb9db1db247963821e60dd8942f64d7f803c09ed75818030c404b6f05056bc74a1a1b5f7c8932d4183b89f453955ea105ac0b2a0f94a5e5bb0bbbc3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 654dad1cdc34872c49e107dfd6e16284
SHA1 957c072b3ea697f23b12e6d11f67b5f6a7b64523
SHA256 1b612d0dd368698ee394c68882b64d99d654b60e6d6b9ab6f83744836e187de3
SHA512 fc4b196cfe1c0de8c56fc4dcf9f9409bf88429f05055cfe07437c2eca4ebfa07dcdafba22631cf0d329d199a21dce31d7af8940ea02caa274cf5baf7dfd26753

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 60e0cfef6236b49aa1a48a8a007c2dcc
SHA1 b552560955579ab7a0d67c8f2a53f15dc9eee5c0
SHA256 8968e93b2ab201ed6781fb1ba21eccdfd64e9459534a136992dd2cca40c3c923
SHA512 21ec1a2c6fb9db1db247963821e60dd8942f64d7f803c09ed75818030c404b6f05056bc74a1a1b5f7c8932d4183b89f453955ea105ac0b2a0f94a5e5bb0bbbc3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 60e0cfef6236b49aa1a48a8a007c2dcc
SHA1 b552560955579ab7a0d67c8f2a53f15dc9eee5c0
SHA256 8968e93b2ab201ed6781fb1ba21eccdfd64e9459534a136992dd2cca40c3c923
SHA512 21ec1a2c6fb9db1db247963821e60dd8942f64d7f803c09ed75818030c404b6f05056bc74a1a1b5f7c8932d4183b89f453955ea105ac0b2a0f94a5e5bb0bbbc3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 5313e9d659733d5295eeb41242f6c7a7
SHA1 56c5d9fee4938e073287b02f7d12d1abaac4bd67
SHA256 e8245cb46cd9dd1be9b6f166d0423b5bdbf29f935f7b3af27c9cbfc475fc16a1
SHA512 771e90d7db715bf00c9a1ebcca1c3e7b6916061d7f39a663306c9f2b97d73a5a76973dee190665aa8324512143362519c50640e41bd751b4096532ae4d48d8ba

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 3c1eb7ae9a457e3ed62f44f39ca64a3b
SHA1 4a3f6327e7a218b7d62241cee91a8d8581c6d9ae
SHA256 92b61e2128b3641adad56f7381262888466836e85c0cc9f96379d0c0885a8bb3
SHA512 35b123e21ad23b641bd9b3ac5291a50577c9ab67048c7170ac903418eb8f3e3dfd79dafe66254c45d3f755f20c96086dc1ba4dd98ca9c156973ff46e9aa4917d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 3c5c0bb6fbbd6308c89f6e2d16757674
SHA1 7c8015edff654ce6e2ac7b99753d0f052c65aafd
SHA256 b635a49558ec87bee2775f05d23779dd7764de58d347c37726c1de9d61952d71
SHA512 8931126fe5b0ce3a6ea0a3dc9345a2b6fccb6299b4dbce0edcf192a2a208aece3a6aebdca9a1032f6d82423609787403463d1219e2d8f4a637bbf1313571be60

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 a38146e3ba6238ddba000d0bd52f9ba9
SHA1 d53a63c1f77f86be7e316c1b80c42ad1f6243881
SHA256 75a5d8a5ac790a5077dc9d36cb70e77e6ac1badc4c8129fb116b01341bd7a911
SHA512 14effa841e2c23c4f8c84b4522e2d093264d9a1a238ecc98366c3cc9377c24c62db1d22ac1a89ce9941da86b6bee90da07579cbf97a598ddc615baa361e2022a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 a38146e3ba6238ddba000d0bd52f9ba9
SHA1 d53a63c1f77f86be7e316c1b80c42ad1f6243881
SHA256 75a5d8a5ac790a5077dc9d36cb70e77e6ac1badc4c8129fb116b01341bd7a911
SHA512 14effa841e2c23c4f8c84b4522e2d093264d9a1a238ecc98366c3cc9377c24c62db1d22ac1a89ce9941da86b6bee90da07579cbf97a598ddc615baa361e2022a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 a38146e3ba6238ddba000d0bd52f9ba9
SHA1 d53a63c1f77f86be7e316c1b80c42ad1f6243881
SHA256 75a5d8a5ac790a5077dc9d36cb70e77e6ac1badc4c8129fb116b01341bd7a911
SHA512 14effa841e2c23c4f8c84b4522e2d093264d9a1a238ecc98366c3cc9377c24c62db1d22ac1a89ce9941da86b6bee90da07579cbf97a598ddc615baa361e2022a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 b8e83c9099f661ec982dcb55a336e092
SHA1 be6ccc2943ab5b7b93ea5dc8ca1074ea6a0b5f35
SHA256 7ae8f32f2e9f52f566a748bc7a0872d5d496d8f112a054b82e9eb3b8b2cfef5f
SHA512 c6153e94a6cc15fa44c11577369d46bcb6ff450e1bb72ae567c9ad4f85675c505f21ea81b82ce79097d8ebb060991c8231709480672488234bfb387cb403450c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 5313e9d659733d5295eeb41242f6c7a7
SHA1 56c5d9fee4938e073287b02f7d12d1abaac4bd67
SHA256 e8245cb46cd9dd1be9b6f166d0423b5bdbf29f935f7b3af27c9cbfc475fc16a1
SHA512 771e90d7db715bf00c9a1ebcca1c3e7b6916061d7f39a663306c9f2b97d73a5a76973dee190665aa8324512143362519c50640e41bd751b4096532ae4d48d8ba

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 b8e83c9099f661ec982dcb55a336e092
SHA1 be6ccc2943ab5b7b93ea5dc8ca1074ea6a0b5f35
SHA256 7ae8f32f2e9f52f566a748bc7a0872d5d496d8f112a054b82e9eb3b8b2cfef5f
SHA512 c6153e94a6cc15fa44c11577369d46bcb6ff450e1bb72ae567c9ad4f85675c505f21ea81b82ce79097d8ebb060991c8231709480672488234bfb387cb403450c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 3c5c0bb6fbbd6308c89f6e2d16757674
SHA1 7c8015edff654ce6e2ac7b99753d0f052c65aafd
SHA256 b635a49558ec87bee2775f05d23779dd7764de58d347c37726c1de9d61952d71
SHA512 8931126fe5b0ce3a6ea0a3dc9345a2b6fccb6299b4dbce0edcf192a2a208aece3a6aebdca9a1032f6d82423609787403463d1219e2d8f4a637bbf1313571be60

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 a38146e3ba6238ddba000d0bd52f9ba9
SHA1 d53a63c1f77f86be7e316c1b80c42ad1f6243881
SHA256 75a5d8a5ac790a5077dc9d36cb70e77e6ac1badc4c8129fb116b01341bd7a911
SHA512 14effa841e2c23c4f8c84b4522e2d093264d9a1a238ecc98366c3cc9377c24c62db1d22ac1a89ce9941da86b6bee90da07579cbf97a598ddc615baa361e2022a

memory/6072-226-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe

MD5 0d1700f1d0724738beb7c277b21c244f
SHA1 f2965e057568a36290ce6abc75f876631d115186
SHA256 3cbcef59daa504c221f920f535290fcbb40da7091491964bed2b53cd4af07fb4
SHA512 ba84281891250dbb55d9fdc7096b6a063a1501ef3d8df05b482360b52e8a3586d51e9cb1e7131136c93e3835fdf15c103caadc0e499d982217f644deca1f9693

memory/6072-238-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6072-237-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6072-243-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5YN76Uu.exe

MD5 0d1700f1d0724738beb7c277b21c244f
SHA1 f2965e057568a36290ce6abc75f876631d115186
SHA256 3cbcef59daa504c221f920f535290fcbb40da7091491964bed2b53cd4af07fb4
SHA512 ba84281891250dbb55d9fdc7096b6a063a1501ef3d8df05b482360b52e8a3586d51e9cb1e7131136c93e3835fdf15c103caadc0e499d982217f644deca1f9693

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NPS2NTVK.cookie

MD5 1ce452a2536adaa9be52cd9053012794
SHA1 85dc220d5633a2fc63014b84c656329a859cda5a
SHA256 95fb98dd9933c475fffa0d01837bcca208540e30d31ec3b27900594578a50455
SHA512 4ce29e9fac5e82ff1991c284a6ec138fdaa94fa734d3de5f81aeed06ac911d4bbec3ecaec8d13be5db5580e96a0b57d6920309a976080fc19238fa40cd3a1bba

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 f3abd2d2b3ff13eb9d5ce1c541b49f2f
SHA1 d38a21703d69cd76e3a927a27a32484dab181ebe
SHA256 e439a316a1dbf7f39cceaecc968c593632579fca35f78980c9e24589e8e68d73
SHA512 9560f978232727df21a2fdfd22d3edffdc56442b9ca843af996d48adaf74fad38e05353f6d1aa72ec5abea9b5dc8e0a5889fc4379ed3efe330c242807a6dcdd4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

memory/4728-295-0x0000019CF0330000-0x0000019CF0350000-memory.dmp

memory/3880-303-0x00000217F0C30000-0x00000217F0C32000-memory.dmp

memory/3960-305-0x000001F04E200000-0x000001F04E300000-memory.dmp

memory/3880-339-0x00000217F0C50000-0x00000217F0C52000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\08FGBU7G.cookie

MD5 af16d8e1108f5d9da33e912fd13a9d19
SHA1 5181b11d0bc5d2c601e75c91fa3bc0298ac884a6
SHA256 8440455589d4f53a2bebf2e0166ac285206ecf7ff0b8618c5e3225c7b4554435
SHA512 9e2aa1db65b271120658f8e2d9fea7e7d75c555b14c163deb657ddb5d1dcdea38d30c4d7c65e51bbe1db82820bd534d3f350ae8141ed5644cb3f97000ddd555f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9ZIWRRB1\buttons[1].css

MD5 84524a43a1d5ec8293a89bb6999e2f70
SHA1 ea924893c61b252ce6cdb36cdefae34475d4078c
SHA256 8163d25cb71da281079b36fcde6d9f6846ff1e9d70112bbe328cae5ffb05f2bc
SHA512 2bf17794d327b4a9bdbae446dd086354b6b98ac044a8ee0b85bd72c3ab22d93b43f3542df03d64f997d1df6fc6cac5c5e258c4ec82b998f3a40b50c2fde99b5a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9ZIWRRB1\shared_global[2].css

MD5 cfe7fa6a2ad194f507186543399b1e39
SHA1 48668b5c4656127dbd62b8b16aa763029128a90c
SHA256 723131aba2cf0edd34a29d63af1d7b4ff515b9a3a3e164b2493026132dd37909
SHA512 5c85bb6404d5be1871b0b2e2d2c9053716354acd69c7acca73d8ce8bf8f21645ae11f788f78ef624444016cb722ecbd6213e771bda36717725f2b60f53688c6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I0ZJMN0O\shared_responsive[1].css

MD5 086f049ba7be3b3ab7551f792e4cbce1
SHA1 292c885b0515d7f2f96615284a7c1a4b8a48294a
SHA256 b38fc1074ef68863c2841111b9e20d98ea0305c1e39308dc7ad3a6f3fd39117a
SHA512 645f23b5598d0c38286c2a68268cb0bc60db9f6de7620297f94ba14afe218d18359d124ebb1518d31cd8960baed7870af8fd6960902b1c9496d945247fbb2d78

memory/5156-468-0x000002C2FC180000-0x000002C2FC1A0000-memory.dmp

memory/6416-492-0x0000000000400000-0x000000000043C000-memory.dmp

memory/4136-491-0x0000013BEE5E0000-0x0000013BEE600000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe

MD5 57e7aaee234eae9f8e391e6bb7695f98
SHA1 17785d748f2894532c2fa5a6b1b6c8d52591bf9c
SHA256 e1e6f71e70941ef63584e43a12c99327e88c0707a4e3e2297f68e97ac69f6655
SHA512 80e1f8218f7e7da570cb3f5c6115cc765bb5549ad8971bbedfebacae1614ee2b63f37c4ba3c832a31fdd0b7516600027c8453af59062cf2dadb311348b0d3580

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Rv219.exe

MD5 57e7aaee234eae9f8e391e6bb7695f98
SHA1 17785d748f2894532c2fa5a6b1b6c8d52591bf9c
SHA256 e1e6f71e70941ef63584e43a12c99327e88c0707a4e3e2297f68e97ac69f6655
SHA512 80e1f8218f7e7da570cb3f5c6115cc765bb5549ad8971bbedfebacae1614ee2b63f37c4ba3c832a31fdd0b7516600027c8453af59062cf2dadb311348b0d3580

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

memory/4564-533-0x000001BD86100000-0x000001BD86200000-memory.dmp

memory/5156-543-0x000002C2FCEA0000-0x000002C2FCEC0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I0ZJMN0O\shared_responsive_adapter[2].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I0ZJMN0O\shared_global[2].js

MD5 f94199f679db999550a5771140bfad4b
SHA1 10e3647f07ef0b90e64e1863dd8e45976ba160c0
SHA256 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548
SHA512 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\I0ZJMN0O\tooltip[2].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

memory/4728-581-0x0000019CF0C00000-0x0000019CF0D00000-memory.dmp

memory/4728-587-0x0000019CF22D0000-0x0000019CF23D0000-memory.dmp

memory/3960-593-0x000001F04D520000-0x000001F04D540000-memory.dmp

memory/4728-599-0x0000019CF1C70000-0x0000019CF1C90000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 2bb20de4242fd38d9381dd552c4aee53
SHA1 b6e8631293b01b06f544acc59191f06b3a10693f
SHA256 5c5eb3dd485029636dad03c3e51cbfe5bcfe39fc82ab3419a0899ed30def9cbd
SHA512 4e7da7b9d43939fcf0216da0b4e341bb1c7eb98b6a9599a1b4b8baa5a48d47b67422ba5ddb27edae108b4c199794ed54b963e2cf887f1a2539134f6a42b763c0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 3c5c0bb6fbbd6308c89f6e2d16757674
SHA1 7c8015edff654ce6e2ac7b99753d0f052c65aafd
SHA256 b635a49558ec87bee2775f05d23779dd7764de58d347c37726c1de9d61952d71
SHA512 8931126fe5b0ce3a6ea0a3dc9345a2b6fccb6299b4dbce0edcf192a2a208aece3a6aebdca9a1032f6d82423609787403463d1219e2d8f4a637bbf1313571be60

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a4c7d91884a85bdb10d3962b7edb6f31
SHA1 7ed4d4526f5d7876d704af420b18e2322f5cf21d
SHA256 537ea6e404e1a67c311061606067244fcbd8892632cefd438b5376bd9bbbd539
SHA512 c3517da44f2907924aff28bd1ca633c7c74ff1c373776546d8a2cfc24020fc9ffe177ba7a067eafb605eb9bda0e380195c3293ec3886a3c4cc116a85a2a0c444

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 bb22f4f5d009aa1d7125a07e359b6fef
SHA1 6985cc4c2ad1262a398ecaa331b574937e9148aa
SHA256 0add707c4f6447c989d036e0952787b134c7133682ad183bd70370e42e79a299
SHA512 c80a8ad97b88c100fbc90529a14e5f369ac6c1028f5c8ed00773f587c14dc15bc69f62fe687a0063b5a8ba2e2c703034d03a0066f80558f2ff420eae26ecc226

memory/4812-654-0x0000011A3A630000-0x0000011A3A631000-memory.dmp

memory/4812-675-0x0000011A3A640000-0x0000011A3A641000-memory.dmp

memory/6556-708-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6556-709-0x0000000000400000-0x0000000000488000-memory.dmp

memory/4728-728-0x0000019CF1700000-0x0000019CF1800000-memory.dmp

memory/4728-714-0x0000019CF1700000-0x0000019CF1800000-memory.dmp

memory/6556-729-0x0000000000400000-0x0000000000488000-memory.dmp

memory/6556-713-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5ZJ71N7U\favicon[1].ico

MD5 630d203cdeba06df4c0e289c8c8094f6
SHA1 eee14e8a36b0512c12ba26c0516b4553618dea36
SHA256 bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
SHA512 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F01YT1OE\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\ZHDWQ4R1\store.steampowered[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\35CN1J90\favicon[1].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\ncn8yjb\imagestore.dat

MD5 864599cde2816c076319694c1058a574
SHA1 6599bf49dec3f162d22565b564daeca1e1758f9e
SHA256 df7324f808a18073e530c47ec88c4e03573eb18ec2a9d2085b4877bb2473896c
SHA512 03920a57b828f2b569a655333664db1dd17b2469f8799c34f7fc5b3f17e77c1c201d3db0d1a46c8ab295f3e8bf5e82c71eece80c257f6f00ed7943ed9cd6e8a7

memory/6416-1209-0x0000000072DD0000-0x00000000734BE000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\7QW6M6OQ.cookie

MD5 04ccbf37f8427183c20d0b2b2cdf7c58
SHA1 30ba680ccc2d85adbaa8e15cfacae113613398a0
SHA256 b34f98e174da9aa01160b79119eb4720115bb9919202a20fa45213dd20e99748
SHA512 f936fb68712959d721d052ae6c349f4f4c1fdfcd1d859a82ee8a8fff37b571b5fc4e883d11def83a2003e0ab9e3c3dbffa367ee9ec225d253bddb3b72769bf0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0V1Q66O5.cookie

MD5 dac6150ca4aae4c78328fad142ac8927
SHA1 2641188233dbd918491bdb05c7076855308bd426
SHA256 17338bd0c52c941475a3bb9706a24581d211ecfbfbd5210c71bfe4804900f349
SHA512 dfc949e4e010a6ea36e25a61f7dc1f5b232f8f23a689025c97c40e8bcf016e689a7384a64dc50d056ee5da4d586aac1707ec5cb7e327594751c0e143c71d9fb2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5ZJ71N7U\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4N3B8TIO\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\4N3B8TIO\B8BxsscfVBr[1].ico

MD5 e508eca3eafcc1fc2d7f19bafb29e06b
SHA1 a62fc3c2a027870d99aedc241e7d5babba9a891f
SHA256 e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a
SHA512 49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JPE22GIR\chunk~9229560c0[1].css

MD5 19a9c503e4f9eabd0eafd6773ab082c0
SHA1 d9b0ca3905ab9a0f9ea976d32a00abb7935d9913
SHA256 7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a
SHA512 0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83