Malware Analysis Report

2025-01-02 05:17

Sample ID 231111-cs17tsfg43
Target 742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe
SHA256 742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe
Tags
mystic redline taiga google infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe

Threat Level: Known bad

The file 742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga google infostealer persistence phishing spyware stealer

RedLine

RedLine payload

Mystic

Detect Mystic stealer payload

Detected google phishing page

Checks computer location settings

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Drops file in Windows directory

Program crash

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 02:21

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 02:21

Reported

2023-11-11 02:24

Platform

win10-20231020-en

Max time kernel

150s

Max time network

166s

Command Line

"C:\Users\Admin\AppData\Local\Temp\742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected google phishing page

phishing google

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3eh216xz.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steamcommunity.com\NumberOfSu = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\Total = "34" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 208ab3527814da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7bb678e04514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steamcommunity.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.paypal.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\Total = "26" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = e0374efa4514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.recaptcha.net\ = "103" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = f78f9afa4514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4c1e151a4614da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\recaptcha.net C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\Total = "24" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "123" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\recaptcha.net\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\recaptcha.net\Total = "64" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4228 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe
PID 4228 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe
PID 4228 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe
PID 4316 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe
PID 4316 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe
PID 4316 wrote to memory of 3496 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe
PID 3496 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3eh216xz.exe
PID 3496 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3eh216xz.exe
PID 3496 wrote to memory of 4488 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3eh216xz.exe
PID 3496 wrote to memory of 5384 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe
PID 3496 wrote to memory of 5384 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe
PID 3496 wrote to memory of 5384 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe
PID 2832 wrote to memory of 2572 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 2572 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5384 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5384 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5384 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5384 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5384 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5384 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5384 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5384 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5384 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5384 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4316 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe
PID 4316 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe
PID 4316 wrote to memory of 4076 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe
PID 2832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4076 wrote to memory of 6696 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4076 wrote to memory of 6696 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4076 wrote to memory of 6696 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4076 wrote to memory of 6704 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4076 wrote to memory of 6704 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4076 wrote to memory of 6704 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4076 wrote to memory of 6704 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4076 wrote to memory of 6704 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4076 wrote to memory of 6704 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4076 wrote to memory of 6704 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4076 wrote to memory of 6704 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4228 wrote to memory of 6988 N/A C:\Users\Admin\AppData\Local\Temp\742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6sa136.exe
PID 4228 wrote to memory of 6988 N/A C:\Users\Admin\AppData\Local\Temp\742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6sa136.exe
PID 4228 wrote to memory of 6988 N/A C:\Users\Admin\AppData\Local\Temp\742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6sa136.exe
PID 2832 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 4168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 4052 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 4168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 4052 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 4168 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 4052 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2832 wrote to memory of 3236 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe.exe

"C:\Users\Admin\AppData\Local\Temp\742933db3501070ac2913603f070303f26583bea2babce021012de7cfd6cbdbe.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3eh216xz.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3eh216xz.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 588

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6sa136.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6sa136.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\2b0878a1765f4037ac2c98b2bb254317 /t 0 /p 7108

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 twitter.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 157.240.5.35:443 www.facebook.com tcp
US 157.240.5.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 3.224.228.139:443 www.epicgames.com tcp
US 3.224.228.139:443 www.epicgames.com tcp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 139.228.224.3.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 14.15.239.18.in-addr.arpa udp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 206.246.238.18.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 152.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 8.8.8.8:53 steamcommunity.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 c.paypal.com udp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 142.250.179.163:443 www.recaptcha.net tcp
NL 142.250.179.163:443 www.recaptcha.net tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 177.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 192.229.221.25:443 c6.paypal.com tcp
US 192.229.221.25:443 c6.paypal.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 104.208.16.94:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 192.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
US 8.8.8.8:53 45.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.250.179.150:443 i.ytimg.com tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.218.90:443 newassets.hcaptcha.com tcp
US 104.19.218.90:443 newassets.hcaptcha.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 www.epicgames.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 34.225.248.127:443 www.epicgames.com tcp
US 34.225.248.127:443 www.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.19.218.90:443 api.hcaptcha.com tcp
US 104.19.218.90:443 api.hcaptcha.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 127.248.225.34.in-addr.arpa udp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe

MD5 09d2560bd5f42c5bbb0ebfd456a33742
SHA1 65ff660e7e663e61dcf188be60dd900a1f7c5ecb
SHA256 9a55c769d01ec9811d1733b6f89b4a421c502e310a509ef5a0a36c92a571b141
SHA512 5bd37bf18329ee48677bd50c5aea840629a65c3a28e8cad34a17a19dcd7b1bbd2098a9afbb3ecff2247ab3361c8aada51b02d37f8f1a232fad5a59589f7b23eb

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vm0Ok05.exe

MD5 09d2560bd5f42c5bbb0ebfd456a33742
SHA1 65ff660e7e663e61dcf188be60dd900a1f7c5ecb
SHA256 9a55c769d01ec9811d1733b6f89b4a421c502e310a509ef5a0a36c92a571b141
SHA512 5bd37bf18329ee48677bd50c5aea840629a65c3a28e8cad34a17a19dcd7b1bbd2098a9afbb3ecff2247ab3361c8aada51b02d37f8f1a232fad5a59589f7b23eb

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe

MD5 2c837fea0b498a9e3b8c84bcc9a983d0
SHA1 03e1a29035217d1ac74306ed38395d9bb689626e
SHA256 5a7c0c56809efbc8ba750ebb03800b0e9feac609254d6abc20d1123030b1c4a2
SHA512 9bbfb3e50e2233ef8edf20ee98df98d3a3debfb94d0c3fa78c241c72182b3fce3d6970561df1c312d832e683a7ea1ab150a16900c2e702e88a7e6c9f65dfd68c

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WM7uE43.exe

MD5 2c837fea0b498a9e3b8c84bcc9a983d0
SHA1 03e1a29035217d1ac74306ed38395d9bb689626e
SHA256 5a7c0c56809efbc8ba750ebb03800b0e9feac609254d6abc20d1123030b1c4a2
SHA512 9bbfb3e50e2233ef8edf20ee98df98d3a3debfb94d0c3fa78c241c72182b3fce3d6970561df1c312d832e683a7ea1ab150a16900c2e702e88a7e6c9f65dfd68c

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3eh216xz.exe

MD5 667f2f8e858e5c404b9c5c64656603fd
SHA1 ac3a86572c036b0687ebdec72c0e0b5fbf287d5a
SHA256 d068a4fce8ae2965920e4e66e02cb12b854209652438df7604746679ff275d65
SHA512 0392e3361c5d33071e57d1b59c4a60a0640b1013b496e01a834cea34d9177d9223b16efb8e60ce7cf4ef486e34ad26785d9bd0d6db19c69a7eb4582c06f2beff

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3eh216xz.exe

MD5 667f2f8e858e5c404b9c5c64656603fd
SHA1 ac3a86572c036b0687ebdec72c0e0b5fbf287d5a
SHA256 d068a4fce8ae2965920e4e66e02cb12b854209652438df7604746679ff275d65
SHA512 0392e3361c5d33071e57d1b59c4a60a0640b1013b496e01a834cea34d9177d9223b16efb8e60ce7cf4ef486e34ad26785d9bd0d6db19c69a7eb4582c06f2beff

memory/4496-21-0x000001BDDF320000-0x000001BDDF330000-memory.dmp

memory/4496-37-0x000001BDDFA00000-0x000001BDDFA10000-memory.dmp

memory/4496-56-0x000001BDDF4F0000-0x000001BDDF4F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 7e2f02ac4c4bdd110518d0ce3b5da747
SHA1 6b89e145eac9a39335d680e12b9a2f5126308969
SHA256 43ce21144be56323846c1a883d40e5d9fef5bcbea60292079baa9393d219fe83
SHA512 c1c2224f5ec66b35c7b0faa7a5abcf29ee5cd154ad72525742a39af4168af3116eccd50a1aa6e1793fa43cef944423e2241c010a2b259f5ee2b44546ca97eb6a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 5053f2fe4033fc6c6632d5fae59a68b6
SHA1 1b57ec36933d8d76f97e258f250ad6104dbade99
SHA256 7a03cec372ffbe248abf15b1d2448cd8decd5bf249dbef36097a7c7c99eb107d
SHA512 af0646a981c27bd5c5703703f34b2d1f92d4b2a67a81a67088e28cd0f27b2295d870bc239567aa7bdae97938686ff3e8220a4227c86368e828d2bf892184319c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a4c7d91884a85bdb10d3962b7edb6f31
SHA1 7ed4d4526f5d7876d704af420b18e2322f5cf21d
SHA256 537ea6e404e1a67c311061606067244fcbd8892632cefd438b5376bd9bbbd539
SHA512 c3517da44f2907924aff28bd1ca633c7c74ff1c373776546d8a2cfc24020fc9ffe177ba7a067eafb605eb9bda0e380195c3293ec3886a3c4cc116a85a2a0c444

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 5053f2fe4033fc6c6632d5fae59a68b6
SHA1 1b57ec36933d8d76f97e258f250ad6104dbade99
SHA256 7a03cec372ffbe248abf15b1d2448cd8decd5bf249dbef36097a7c7c99eb107d
SHA512 af0646a981c27bd5c5703703f34b2d1f92d4b2a67a81a67088e28cd0f27b2295d870bc239567aa7bdae97938686ff3e8220a4227c86368e828d2bf892184319c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 5313e9d659733d5295eeb41242f6c7a7
SHA1 56c5d9fee4938e073287b02f7d12d1abaac4bd67
SHA256 e8245cb46cd9dd1be9b6f166d0423b5bdbf29f935f7b3af27c9cbfc475fc16a1
SHA512 771e90d7db715bf00c9a1ebcca1c3e7b6916061d7f39a663306c9f2b97d73a5a76973dee190665aa8324512143362519c50640e41bd751b4096532ae4d48d8ba

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 648a89ca4b721ff4b6173d004fa9cce3
SHA1 779e3233265008b213f66313af415eee440d1fc3
SHA256 33d386d86dc17805955291f36016b57f56984ca44daa77049fad42f2015f5663
SHA512 324a64af9e84b916b3742543a92afa10c009321ad546c7c34adfc8762b238d0eef787de8a3c223cd185054e864941883b4a09fefa6408d8366ddcc6e02d49491

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 648a89ca4b721ff4b6173d004fa9cce3
SHA1 779e3233265008b213f66313af415eee440d1fc3
SHA256 33d386d86dc17805955291f36016b57f56984ca44daa77049fad42f2015f5663
SHA512 324a64af9e84b916b3742543a92afa10c009321ad546c7c34adfc8762b238d0eef787de8a3c223cd185054e864941883b4a09fefa6408d8366ddcc6e02d49491

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 a89fc88d1e369ebba1b7444e8e7d3dad
SHA1 1e29ed14d2dc27b0c29e0b844466be4aa044bc0b
SHA256 f18935d61a1e96693c06995a249aee90d752cc8838092c7d236b584bf9658cf5
SHA512 e56e9d3be69c613d5295bd8ba4e9af350965f3bc550cd27fb2a8a85a0bb7798a0e1a50a63064a67c936c3ad667757e54cfa774c15752b29214887bc5aacaf47d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 d69744a6bce25c329f8ed303eb4a75cf
SHA1 3d3dc7b22958ac288ee0cc49b07e58039fb4630b
SHA256 57e9c8cbde0816e0216cac0bf3e714a6803ac6b4fc60c13bedcd36bec79c0ce2
SHA512 8bc2f65f03b2b373ac270ae9bc91c4621305383a214ef22c944d4743c2ab8f35195f27850c5d81279f2dc03d662020ea449e2580d90c8f7122dd30c5fb927f2f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MULMYKQT.cookie

MD5 5da9dd36aed41755fa2defdfd25d8d2a
SHA1 ac68db2563767da0211ad89a43d25fbffeee3695
SHA256 047db7efb776e287d565e0cd4fd14c4866d08286c90c8e6a38f6966ec9ed49e9
SHA512 ee137fa258d36bd0f15983305e282ead9c33a184fa716b9c455842cc0c764eefffbecd61016afa2738ee7b5a4cdeecadfdc7daac8ce06c18c5e652dc57fe1a08

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HZ1R64I3.cookie

MD5 7aec2f1eaaaa80bd995e71c04bf796d8
SHA1 19e7fb658df39a396d5a344ab3cdd3c6425590fe
SHA256 f16f54c9b31e36934de14f40fde5eed84ef78bebdbd2487813ea768e23288e10
SHA512 6a1280bbc242a3ae672d85184829ac02a36b1b45a992fc0829af799740ea601b11cc90ae65f3907103795ea2bcc9aaa25f18c7837dc1d0efaf9e2d3729465eaf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 175bf0af8cd5898d17d6d9e62a3d0230
SHA1 c933a55feca503303c6d0080a1137ada9be20321
SHA256 abe4fa53e99d3505cb4431edc4a1e6cc7414c293d3978f9112f6e08d1cf5a46b
SHA512 757d5960b656a748526d7093e556fac281e7ec5d1a3cd86b67283dfdf3ce918e5837e7e3eff9e496361de03c9d9a12fef6a71522589a09e6bdd2183f06aa5a35

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe

MD5 add9c2ed18040005fc24ba1df3a65d50
SHA1 5bfc7bace88d3cb5fc38a8fbac602b502f4fb5c1
SHA256 b233c6c843df05010bbf39b2f1324bbece3156f501cb41eb8cec218cb3d37570
SHA512 377c7363a47795284c0e7ca9db0bba805fdbb02f847d61d66aa4269baee9d69031ad50c450fb46d9b8d4a79acb613ee271bf22f9c204d2d20cf3bc35163f730b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a4c7d91884a85bdb10d3962b7edb6f31
SHA1 7ed4d4526f5d7876d704af420b18e2322f5cf21d
SHA256 537ea6e404e1a67c311061606067244fcbd8892632cefd438b5376bd9bbbd539
SHA512 c3517da44f2907924aff28bd1ca633c7c74ff1c373776546d8a2cfc24020fc9ffe177ba7a067eafb605eb9bda0e380195c3293ec3886a3c4cc116a85a2a0c444

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 5053f2fe4033fc6c6632d5fae59a68b6
SHA1 1b57ec36933d8d76f97e258f250ad6104dbade99
SHA256 7a03cec372ffbe248abf15b1d2448cd8decd5bf249dbef36097a7c7c99eb107d
SHA512 af0646a981c27bd5c5703703f34b2d1f92d4b2a67a81a67088e28cd0f27b2295d870bc239567aa7bdae97938686ff3e8220a4227c86368e828d2bf892184319c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 b36ffa7cd6ebde12e2fc1e16d6abfcf4
SHA1 4d6ff5023aa3ace5d69082adfd71b8e0ed012cf1
SHA256 9b5c5ae4acdbc600373522395a3e196d39c48f0e3cc1a506276bfad45b445ab3
SHA512 6f33ec56b115d7b5aa9e00c51a3083013e9ef757f5a8ffcbbfe76a154a245961f2bd26451b858fa5ce4483e2b8bfd5d56ee3316158a972210057ca1f4a0f67c5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 648a89ca4b721ff4b6173d004fa9cce3
SHA1 779e3233265008b213f66313af415eee440d1fc3
SHA256 33d386d86dc17805955291f36016b57f56984ca44daa77049fad42f2015f5663
SHA512 324a64af9e84b916b3742543a92afa10c009321ad546c7c34adfc8762b238d0eef787de8a3c223cd185054e864941883b4a09fefa6408d8366ddcc6e02d49491

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2R2I3G25\shared_global[1].css

MD5 eec4781215779cace6715b398d0e46c9
SHA1 b978d94a9efe76d90f17809ab648f378eb66197f
SHA256 64f61829703eca976c04cf194765a87c5a718e98597df2cb3eae9cf3150e572e
SHA512 c1f8164eb3a250a8edf8b7cb3b8c30396861eff95bcc4ed9a0c92a9dcde8fd7cd3a91b8f4fd8968c4fdafd18b51d20541bcc07a0643e55c8f6b12ceb67d7805d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2R2I3G25\buttons[1].css

MD5 84524a43a1d5ec8293a89bb6999e2f70
SHA1 ea924893c61b252ce6cdb36cdefae34475d4078c
SHA256 8163d25cb71da281079b36fcde6d9f6846ff1e9d70112bbe328cae5ffb05f2bc
SHA512 2bf17794d327b4a9bdbae446dd086354b6b98ac044a8ee0b85bd72c3ab22d93b43f3542df03d64f997d1df6fc6cac5c5e258c4ec82b998f3a40b50c2fde99b5a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BPMI2YH2\shared_responsive[1].css

MD5 086f049ba7be3b3ab7551f792e4cbce1
SHA1 292c885b0515d7f2f96615284a7c1a4b8a48294a
SHA256 b38fc1074ef68863c2841111b9e20d98ea0305c1e39308dc7ad3a6f3fd39117a
SHA512 645f23b5598d0c38286c2a68268cb0bc60db9f6de7620297f94ba14afe218d18359d124ebb1518d31cd8960baed7870af8fd6960902b1c9496d945247fbb2d78

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

memory/2572-328-0x000001B9C7230000-0x000001B9C7232000-memory.dmp

memory/4016-329-0x00000226CEA00000-0x00000226CEB00000-memory.dmp

memory/4168-308-0x000002B135800000-0x000002B135900000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 d69744a6bce25c329f8ed303eb4a75cf
SHA1 3d3dc7b22958ac288ee0cc49b07e58039fb4630b
SHA256 57e9c8cbde0816e0216cac0bf3e714a6803ac6b4fc60c13bedcd36bec79c0ce2
SHA512 8bc2f65f03b2b373ac270ae9bc91c4621305383a214ef22c944d4743c2ab8f35195f27850c5d81279f2dc03d662020ea449e2580d90c8f7122dd30c5fb927f2f

memory/2572-349-0x000001B9C7260000-0x000001B9C7262000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BPMI2YH2\tooltip[1].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4xO3Pz9.exe

MD5 add9c2ed18040005fc24ba1df3a65d50
SHA1 5bfc7bace88d3cb5fc38a8fbac602b502f4fb5c1
SHA256 b233c6c843df05010bbf39b2f1324bbece3156f501cb41eb8cec218cb3d37570
SHA512 377c7363a47795284c0e7ca9db0bba805fdbb02f847d61d66aa4269baee9d69031ad50c450fb46d9b8d4a79acb613ee271bf22f9c204d2d20cf3bc35163f730b

memory/4052-369-0x000001A519A30000-0x000001A519A50000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\404IU9LD.cookie

MD5 5b2fef6554ba3902d8c9d5aa73bb68d9
SHA1 424e1ab2edcbf995e6578e7f56c0d0d4680fe979
SHA256 cddfb1e3f0ddfac144907fbb90e73053f7f1b7f15cd3b8569cbab45ebea0a734
SHA512 1483dfbccf7e45bb33671aaeff68ff248cfd7bd459d93b445795385983ba77934035463d95e99dbe64cdbeac2ed6b20784a465fe5be8a89b2c7765243583230f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BPMI2YH2\shared_global[1].js

MD5 f94199f679db999550a5771140bfad4b
SHA1 10e3647f07ef0b90e64e1863dd8e45976ba160c0
SHA256 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548
SHA512 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0SBJADVN.cookie

MD5 d1e86e252777af4177111fbfa7d4572a
SHA1 4b7e7310231fc68c029c4dcacc4b0a129e57d9da
SHA256 4979d22de12ec1ea44be488f0df6b703d815b49e4a2a9e0d4818d235bebb9fc3
SHA512 71b8f58970c9cfb85fb346cdfabfb0648eba72fe0887a39c917da0ced8a2d5e794106f97a0abcdbbd70612b7cc26087654ca93efb4b13958adc68ef1fc7a64af

memory/3236-457-0x000002930BDE0000-0x000002930BDE2000-memory.dmp

memory/3236-459-0x000002931C700000-0x000002931C702000-memory.dmp

memory/3236-461-0x000002931C7C0000-0x000002931C7C2000-memory.dmp

memory/4496-465-0x000001BDE68D0000-0x000001BDE68D1000-memory.dmp

memory/4496-464-0x000001BDE68C0000-0x000001BDE68C1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Z1G7TS9H.cookie

MD5 6e2dd590b68bee7722ae436e58211d04
SHA1 5ad405214cbb67b98653b093eeb4ecb75bcd59c6
SHA256 e460904545456cdcf138b55da07c3dc003cf8922be3720adf7c2d2c324ddf47c
SHA512 6078da96aadd71d7f79e03a1a0a0d2aabb06f253b180bd16648689c1e124878ff19e206f9277989e2986f9faa82ff499c1155962d3e58cc84ac0d6069049b9eb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BPMI2YH2\shared_responsive_adapter[1].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

memory/3088-504-0x00000184390F0000-0x0000018439110000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\M8RE4PRX\favicon[1].ico

MD5 630d203cdeba06df4c0e289c8c8094f6
SHA1 eee14e8a36b0512c12ba26c0516b4553618dea36
SHA256 bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
SHA512 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

memory/3236-538-0x000002931E5F0000-0x000002931E5F2000-memory.dmp

memory/5860-545-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4168-567-0x000002B138860000-0x000002B138880000-memory.dmp

memory/5860-574-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe

MD5 dcca66c9de49d1b378eeaca6cd7f64f7
SHA1 268864a238705ec1bba90ef7380880818ab4bb73
SHA256 8f57ce9a4b5177f85ef2ea923dd92f519b5260b7a9f012c275e42ca5d42de5ae
SHA512 674caa90eb43f8f8843ce976a250a22ccc14b628854edb674cd28ec9cfd4a95760fcbbdb2e11bb41e21169fda49ab78398f8bab03bf1a67a2a1f615426048f17

memory/5860-579-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3236-546-0x000002931E610000-0x000002931E612000-memory.dmp

memory/3236-602-0x000002931EBF0000-0x000002931EBF2000-memory.dmp

memory/5860-601-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4016-610-0x00000226CD9F0000-0x00000226CDA10000-memory.dmp

memory/4168-614-0x000002B136440000-0x000002B136460000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5No46eh.exe

MD5 dcca66c9de49d1b378eeaca6cd7f64f7
SHA1 268864a238705ec1bba90ef7380880818ab4bb73
SHA256 8f57ce9a4b5177f85ef2ea923dd92f519b5260b7a9f012c275e42ca5d42de5ae
SHA512 674caa90eb43f8f8843ce976a250a22ccc14b628854edb674cd28ec9cfd4a95760fcbbdb2e11bb41e21169fda49ab78398f8bab03bf1a67a2a1f615426048f17

memory/4052-625-0x000001A51AEA0000-0x000001A51AEC0000-memory.dmp

memory/4016-683-0x00000226CDB90000-0x00000226CDBB0000-memory.dmp

memory/3236-726-0x000002931C760000-0x000002931C780000-memory.dmp

memory/3088-738-0x0000018439A60000-0x0000018439B60000-memory.dmp

memory/3088-716-0x0000018439A60000-0x0000018439B60000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2NN6PDVC.cookie

MD5 924bfc333dfaf4597215fdb6f34dc01f
SHA1 d22f330e9575c6a265a1135458668f65fa181317
SHA256 50605143fa04174cc783ca3702b81c770720545c674b522f9485dbfc565c1a1b
SHA512 2cb18e4ba138841b2da547144228c77cab70b4a962d236b15f4096662c16a1f7a1c963d7a97bc15866df2663dcef23be4b643e7f41eae6482a26dcb66b12f33d

memory/3088-753-0x000001843AA90000-0x000001843AAB0000-memory.dmp

memory/4108-752-0x00000206481B0000-0x00000206481D0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6sa136.exe

MD5 b8fc2c88a3b08b7a602af74b60841344
SHA1 62b8d5bf23d3a455b3a5523bfb7c386bdb5317b7
SHA256 1508a79495985938568a68bd2133520b54165106fd937724b8bc630686779a6b
SHA512 7b490a1b1b51c8b73a193dd622f3eee53db86e2e061955e62d1905cd9c746e8ed779bde08bfa31ed7d0448b47a430f964b022f9ed52172175c5c24b5ec80b176

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6sa136.exe

MD5 b8fc2c88a3b08b7a602af74b60841344
SHA1 62b8d5bf23d3a455b3a5523bfb7c386bdb5317b7
SHA256 1508a79495985938568a68bd2133520b54165106fd937724b8bc630686779a6b
SHA512 7b490a1b1b51c8b73a193dd622f3eee53db86e2e061955e62d1905cd9c746e8ed779bde08bfa31ed7d0448b47a430f964b022f9ed52172175c5c24b5ec80b176

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NLRILCD1.cookie

MD5 b7d03b0b6a2b4f61d62fbfcc39f2336e
SHA1 294ae08992691f94216b72f9535e88b4f5843504
SHA256 9a5ea8482021a2765c97c1bc2192eb804e99ba6835eebdc4085469f86d08d69b
SHA512 08f4aca5d6da6493d60284c62b35d3850e51e5970a584cc000aafbace3159896396427ac2f7dee4f35c902a3cd9f5c9966acdda4f9249e252191beacba7da0b8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 e839e1749608a26da5e554d910962994
SHA1 a3cb89f8b77a28b579674392229409cc6fa2168a
SHA256 dada1b8004840dcb76d0549663f645fa81f828aa681e6b8a62c293ebb83d28b3
SHA512 05c6ea898163140e2d913f964bdaea12e31b95c12ecb2c23468965530692e6a430d60cc9425cc7b8e84e0b08934048512f5f7bad10768ba80d20c8811cc816db

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EWIRWN58\favicon[2].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\84EUDSXK.cookie

MD5 bb0a593a0d32cec1aeb4a21f5ca42202
SHA1 204f2a194231cc01752c26981e6adb190a62ce66
SHA256 c9fff0c4f55573eef7c995f60ce1d8257fe300d1e37487082d621e0a77c75728
SHA512 6288fbada0316e818988db7328da9db1749dfc4e496fd65ce1dc85974f073a313d013ac95b18d8afaf2eb63f7608ed0e1e3bd165c7198210b0571bb2b86d5375

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SXSLIOU3.cookie

MD5 63ef399c0869c10c29e5282442d43ae3
SHA1 7509fb1420a670230e8b15f9555246711a5a06a4
SHA256 5fc05b3459450311979dfb892e1fa42d17a606bad6835e27630d6560558c2b26
SHA512 ff9e6c8392d9353a76ee46e48c848878f1d3fb4ab50782c17df2408e762bbaf91360ed559e9dc7e4c81b8385b84551d86276183370b9c8373afebb786f35fba5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\15J3T8BX\www.epicgames[1].xml

MD5 3ff4d575d1d04c3b54f67a6310f2fc95
SHA1 1308937c1a46e6c331d5456bcd4b2182dc444040
SHA256 021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44
SHA512 2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GNGQI0AV.cookie

MD5 f66fa19ba70d30a20b99f44964eeb2b2
SHA1 c5122e78cc9747d203706b91e319fca8edef7d8b
SHA256 87b7a0928cfb554313a994e05f9ed6bd0c60912f91207edaef08b9b795242cd9
SHA512 87a1b02df2ea5b12570416ef67a2f66bc988db767a4f1045cf20ec43bdd7a7ac488cc2be7bf431a073c9cd3f40bded814f82e4d49e2d3a7582f4f6b35e18dcd5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\07IP160R.cookie

MD5 28f304550e4aed04acfdfb8eb3d581e8
SHA1 a03c05d58b1990d2419a71241400f03bdbf34096
SHA256 a123256837526499547015e89627cf927140d842096a430d57ab6380ea366309
SHA512 8b937ba736c8827abf63de563b1d529f761273ed6ddee701434a77b5cf5881a81dfdd98881f0a073285e6ef5e4351335c645a6723036c866500b969c7d5a468f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SW2VOPVW\B8BxsscfVBr[1].ico

MD5 e508eca3eafcc1fc2d7f19bafb29e06b
SHA1 a62fc3c2a027870d99aedc241e7d5babba9a891f
SHA256 e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a
SHA512 49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\u9vjybo\imagestore.dat

MD5 5e4eb2f0de1c762e478b510b42f4493e
SHA1 f2d89e6300c34837d50c3174fc63cb3924e6b474
SHA256 49e86399049b9b3ccc15bcd7e596ececbf0f5db2a40754b12c48836e3b935374
SHA512 c54dc2dcac0780cc64cac098b96f75097d176fa17d4e202d8c3a0ed4df97f8e1af28d37ba4dfbda6cf9df89bbaf5c9a2400b0fad4dae6be886dd8b5895b496bb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SW2VOPVW\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

memory/6704-1160-0x0000000000400000-0x000000000043C000-memory.dmp

memory/6704-1178-0x0000000072D60000-0x000000007344E000-memory.dmp

memory/6704-1202-0x000000000BE60000-0x000000000C35E000-memory.dmp

memory/6704-1214-0x000000000BA40000-0x000000000BAD2000-memory.dmp

memory/6704-1236-0x000000000BAE0000-0x000000000BAEA000-memory.dmp

memory/6704-1262-0x000000000C970000-0x000000000CF76000-memory.dmp

memory/6704-1278-0x000000000C360000-0x000000000C46A000-memory.dmp

memory/6704-1291-0x000000000BC90000-0x000000000BCA2000-memory.dmp

memory/6704-1300-0x000000000BCF0000-0x000000000BD2E000-memory.dmp

memory/6704-1307-0x000000000BD30000-0x000000000BD7B000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JFNZFQEN.cookie

MD5 63c2e457b631102968f29e21cb094bf6
SHA1 bb98a12d2d7015ef2b4747e88ded67a1ceb2b536
SHA256 adc20f263e1431f25fd72a40f3b6024e9400f85da319b40759cdba3a65d86d8e
SHA512 6a6240af6c99dc7fc7859ecc5f16999f53d1ae8dd102529599cbff4055818a1d19e09019696eb54b707c0cef99dc1880446fb5a2c279b7f1e0fdab5438933aca

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZLHT5DHI.cookie

MD5 e9b652093a6cbf41ab06d7c466074f3c
SHA1 0a00b397422eb66b441ac3fb2c51ef2b1a296a31
SHA256 2e748113c9d58887fd7429c3a16de63c6355e79066310550806ebe2265733f94
SHA512 ac0ff7c257acc6cbc40803ef55ac9c2ce893956425c4810a0c0f3d97d8bc87555324ddb15e14040c90960ec48db4c62b5c19d09c1b5d5e4fb6b69c174d233749

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NRPZAC3S\chunk~9229560c0[1].css

MD5 19a9c503e4f9eabd0eafd6773ab082c0
SHA1 d9b0ca3905ab9a0f9ea976d32a00abb7935d9913
SHA256 7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a
SHA512 0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4AODSZ66.cookie

MD5 9855d7390a364e196b7950271cff5866
SHA1 de23c9e33905b8f48a6e825d836cc36c26e48198
SHA256 5d540f9b30169627a3c5f192b38285916fa81d51de23dc52f6f3dc4f9ab10d85
SHA512 f3b2e5f19ba4f4177090f3afac0be273a8ff848d203e924b53fae2d19064398e5651c4418fd1b98fb5bcc5196216e84bfd3f8d5857b98db5aaf4858579bf9c8b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3GTKS4S0.cookie

MD5 20cfaf61f6d815f1770f43d248b88c50
SHA1 66d56f71bd07d2f1a73150a9e8459a6b24759128
SHA256 30f51350aae19a3f66cec4e4e4bd327234e42996761a7b56117d7e3ca65750f4
SHA512 db521b443599b0b876e4aaa7562717786b531af834353a2c8e8e7bc4eb850ee0ba4d1437565571d12addb8f1539cfffc1208ddb2313db90a9b81620816ddb106

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MT8HBACI.cookie

MD5 a8230800dcb49a8b6a76284cc76d7c44
SHA1 7756c03220e79e739a7a2e79c024dc95f0dc594c
SHA256 24dc9341004acc32fc1709482f32506c25b845e61bd6e90f93e44405b92db556
SHA512 7b102ef9e58b296eb11299f6eea4796d5f7b11e782cb3fea02e03d27e3a16db15f12f4c3eb6d883a439effe3b27ae6996ef674b47b3e70c11d66066b8536781c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\U0GZVE4N.cookie

MD5 4a323b405176c8c53b60a63074200b8e
SHA1 ef8074bbb680ac9c49291c336a37bb271545f259
SHA256 a7540d09fbe8b828224a86323bbd3f4a7dbce0aa298fbf85262b846fe7e73c91
SHA512 3aae5c795bbad5c44f41b07fa3d79b93b66650b14c581fd3986d6dc49d69c191c1cd41515aa8a8a4ceb7ee9e269abc680998c491da9acbc4502a0a6be2e04416

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7WXOYX\recaptcha__en[1].js

MD5 fbeedf13eeb71cbe02bc458db14b7539
SHA1 38ce3a321b003e0c89f8b2e00972caa26485a6e0
SHA256 09ed391c987b3b27df5080114e00377ff1a748793cb417a809b33f22d737fe55
SHA512 124b9f53a53ef596a54c6c04ab3be2b25d33d1ce915978ec03da8f9f294db91d41ee9091b722e462722f51f9d9455ce480e1a0cb57c2f3248c7a3a9e3b9dac58

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VYEJ6E0K.cookie

MD5 f2bd6549603390cb34a256d51b3d8d6e
SHA1 9b1e9dc410ce96fc154a9f1815c6b978395a25b0
SHA256 3a5d05db6878bca794f6cd0d5fbaebaa5f6190d6334159aae45fed2f5a89c48c
SHA512 a2aa3192e3bbcab00e23692b67cddf94cf2ccdbb99161ae15b1323ab92e5fe1969daa5494a93624d3f38f18c203f392c80da5796cb90042b29e1c1d00fb6ed8f

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\86KONSSQ\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\U1W7FM2J.cookie

MD5 d652cc8377335c8d7366b5bef2ba7b09
SHA1 01094f6f24f7f7360316604e8a66160895f2ce73
SHA256 209346198b727167217505426117061bcf168b78936ded8240b6a72348bd2e0e
SHA512 744da321d10446a3d009f761081b7310ed803d0f4bf845bf7a71010d0700ba2c77fe55423efa5bbdf42f2d2a1d8f0d928963426525464029fb78ff8837c11b6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\15J3T8BX\www.epicgames[1].xml

MD5 3ff4d575d1d04c3b54f67a6310f2fc95
SHA1 1308937c1a46e6c331d5456bcd4b2182dc444040
SHA256 021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44
SHA512 2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MYU0D2BK.cookie

MD5 5528cc6e891976111a246002060bf98c
SHA1 fb8cb4ca3ea2bd8d0f3b12e91ad05daa5c470fa5
SHA256 37ab1d282bff6b0aabd52b20477c332f4f34db2ebed4c0e17a182576af115d1a
SHA512 4068edff4aa2b2bd98d75791954b9a4623977fb067168479468d34802eb200d7c70350321490b569f5725e717c58f03e83e5f944b8c3e2fbba8769b472fe0180

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

MD5 1fd9cd5ea87bf1787333043a7033209b
SHA1 44d54ae14aa2caed85b82c84ad8d96b84c2e76e0
SHA256 72666e4a6cfe60fd082d7824a857a0b4a2b8a490f314c3ef4f14684cc9db5fbf
SHA512 e0d6a04af1b5da1c0daa629f1e7a9236cb0a0c37490b1ea27e49ff4e052f3c0049920911c0ad52d75cd00c8b05c885f27e1e49b01e8e2559c88a120461f41826

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_26971925776788617818974D91697792

MD5 6293fc5eaaed8df7afcac06f55276c56
SHA1 9ba81b982f35eeee0d9aff03491063769dbd2c30
SHA256 9454dc1a0257f4e36d2e6ed3e42b023453d474b8d6d2a0d94e4bf47ccad2ba88
SHA512 d6bb25647b97121e6cf7e4283ddfcd601dd3d517399658155e89af0b45bace1b1c58572604783fda8d1c2e6f437015494a7e88ad7041ccea530a1ada89971b15

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_26971925776788617818974D91697792

MD5 5dfdf8f2706ce814de673b460c2ade9a
SHA1 a8c4c0dfbd63dad3cb859b5c28c207e7fd4b6ebf
SHA256 9eb0865895f20c8cbb9516d50ed92f699467f4771de761dd3821f322f515b3bc
SHA512 dc5ab73affaf1b10691bfd86a8ec0bc97d120af6576c671ce55601a54e8e1e333036f5190ccd954df543224abb38716453f3882d3297fd5c6e4cedda8a873ac0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_17A1BB9C6401DC9652040571BD192211

MD5 5dd1e7bb674cf948acbb70d52c9b1c63
SHA1 86dff261f6f718a8a7f7cf04f1f92ddca8a468b4
SHA256 cd6e9fcdb86c0b071572d724ad69dfa0dead67509d3d96fb23792389e9f9e081
SHA512 bac1f1e1c30d92a61c036a1d7a0a227143d8614324e117196f6ebe4197ecb0f63b8dfdc1d3e39789b31a0e260bc94c7c620dc363a8a5d153c56280411e5fc14c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_17A1BB9C6401DC9652040571BD192211

MD5 64abd699f90379c78469dba746925e11
SHA1 61a4a76876959f5fba20b5d2cff8905821bd7518
SHA256 fe38a78c39d207e9f7aeaf4db92bcc6437e98969d0b333d48ff6d21f25adfad1
SHA512 77128d0b695b187122028d5b4afa4c245fe4d753b6e0d2be84dacb78b20882beedc6649bb99a74abc0525ad1da37359ce8901c7eed643607d04b5f741ea31107

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

MD5 f995fbc24a8b5c5bcdcac7ccd135721e
SHA1 03e4d5797a4774ee5105252e64e38f960e6bdda3
SHA256 9f2d9f774682c5346032ca6a08f245c788891c0df92752b35ef56f50b8ad283e
SHA512 2cae6b25e58d301786ac468c8599470b9aa3657c09072416e9da1cbd36e23b4f99ea75057c0f5d4acde0f596341c9c3436ae1f02d07237f4bc388a314894c8d0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7WXOYX\web-animations-next-lite.min[1].js

MD5 cb9360b813c598bdde51e35d8e5081ea
SHA1 d2949a20b3e1bc3e113bd31ccac99a81d5fa353d
SHA256 e0cbfda7bfd7be1dcb66bbb507a74111fc4b2becbc742cd879751c3b4cbfa2f0
SHA512 a51e7374994b6c4adc116bc9dea60e174032f7759c0a4ff8eef0ce1a053054660d205c9bb05224ae67a64e2b232719ef82339a9cad44138b612006975578783c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7WXOYX\webcomponents-ce-sd[1].js

MD5 58b49536b02d705342669f683877a1c7
SHA1 1dab2e925ab42232c343c2cd193125b5f9c142fa
SHA256 dea31a0a884a91f8f34710a646d832bc0edc9fc151ffd9811f89c47a3f4a6d7c
SHA512 c7a70bdefd02b89732e12605ad6322d651ffa554e959dc2c731d817f7bf3e6722b2c5d479eb84bd61b6ee174669440a5fa6ac4083a173b6cf5b30d14388483d4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7WXOYX\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7WXOYX\scheduler[1].js

MD5 3403b0079dbb23f9aaad3b6a53b88c95
SHA1 dc8ca7a7c709359b272f4e999765ac4eddf633b3
SHA256 f48cc70897719cf69b692870f2a85e45ecf0601fd672afcd569495faa54f6e48
SHA512 1b7f23639fd56c602a4027f1dd53185e83e3b1fa575dc29310c0590dd196dc59864407495b8cc9df23430a0f2709403d0aa6ec6d234cce09f89c485add45b40e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7WXOYX\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7WXOYX\spf[1].js

MD5 892335937cf6ef5c8041270d8065d3cd
SHA1 aa6b73ca5a785fa34a04cb46b245e1302a22ddd3
SHA256 4d6a0c59700ff223c5613498f31d94491724fb29c4740aeb45bd5b23ef08cffa
SHA512 b760d2a1c26d6198e84bb6d226c21a501097ee16a1b535703787aaef101021c8269ae28c0b94d5c94e0590bf50edaff4a54af853109fce10b629fa81df04d5b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7WXOYX\www-tampering[1].js

MD5 d0a5a9e10eb7c7538c4abf5b82fda158
SHA1 133efd3e7bb86cfb8fa08e6943c4e276e674e3a6
SHA256 a82008d261c47c8ca436773fe8d418c5e32f48fe25a30885656353461e84bbbc
SHA512 a50f80003b377dbc6a22ef6b1d6ad1843ef805d94bafb1fcab8e67c3781ae671027a89c06bf279f3fd81508e18257740165a4fea3b1a7082b38ec0dc3d122c2f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DN7WXOYX\hcaptcha[1].js

MD5 c2a59891981a9fd9c791bbff1344df52
SHA1 1bd69409a50107057b5340656d1ecd6f5726841f
SHA256 6beec8b04234097105f5d7a88af9c27552b27021446c9dbe029d908d1ff8599f
SHA512 f9d556e0f7e95e603881c5196cc2aa736eb24ed62086d09d36a9e1d6b4fec9f4c1dfb125a66bec301f57230a4242108c7c255e6aa3c6f08a3a0d75e0cf288afe

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\T2X738OX\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

memory/6704-2848-0x0000000072D60000-0x000000007344E000-memory.dmp