Malware Analysis Report

2025-01-02 05:17

Sample ID 231111-czt24afb8z
Target c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9
SHA256 c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9
Tags
mystic redline taiga google paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9

Threat Level: Known bad

The file c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga google paypal infostealer persistence phishing spyware stealer

RedLine payload

RedLine

Mystic

Detect Mystic stealer payload

Detected google phishing page

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

AutoIT Executable

Detected potential entity reuse from brand paypal.

Suspicious use of SetThreadContext

Drops file in Windows directory

Unsigned PE

Program crash

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 02:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 02:31

Reported

2023-11-11 02:34

Platform

win10-20231023-en

Max time kernel

176s

Max time network

194s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected google phishing page

phishing google

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3QC456LL.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = ba02015f4714da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.epicgames.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steamcommunity.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 88713e754714da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 61d9628f4714da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\epicgames.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 18a544564714da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\store.steampowered.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 812 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe
PID 812 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe
PID 812 wrote to memory of 4580 N/A C:\Users\Admin\AppData\Local\Temp\c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe
PID 4580 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe
PID 4580 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe
PID 4580 wrote to memory of 4980 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe
PID 4980 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3QC456LL.exe
PID 4980 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3QC456LL.exe
PID 4980 wrote to memory of 4168 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3QC456LL.exe
PID 4980 wrote to memory of 68 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe
PID 4980 wrote to memory of 68 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe
PID 4980 wrote to memory of 68 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe
PID 68 wrote to memory of 5584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 68 wrote to memory of 5584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 68 wrote to memory of 5584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 68 wrote to memory of 5584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 68 wrote to memory of 5584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 68 wrote to memory of 5584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 68 wrote to memory of 5584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 68 wrote to memory of 5584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 68 wrote to memory of 5584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 68 wrote to memory of 5584 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4580 wrote to memory of 5732 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe
PID 4580 wrote to memory of 5732 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe
PID 4580 wrote to memory of 5732 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe
PID 5732 wrote to memory of 5424 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5732 wrote to memory of 5424 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5732 wrote to memory of 5424 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5732 wrote to memory of 5424 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5732 wrote to memory of 5424 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5732 wrote to memory of 5424 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5732 wrote to memory of 5424 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5732 wrote to memory of 5424 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 812 wrote to memory of 5616 N/A C:\Users\Admin\AppData\Local\Temp\c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe
PID 812 wrote to memory of 5616 N/A C:\Users\Admin\AppData\Local\Temp\c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe
PID 812 wrote to memory of 5616 N/A C:\Users\Admin\AppData\Local\Temp\c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe
PID 4224 wrote to memory of 5232 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4224 wrote to memory of 5232 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4224 wrote to memory of 5232 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4224 wrote to memory of 5232 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4224 wrote to memory of 5232 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4224 wrote to memory of 5232 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5616 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5616 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5616 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5616 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5616 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5616 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5616 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5616 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5616 wrote to memory of 5020 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4224 wrote to memory of 2160 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4224 wrote to memory of 4888 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4224 wrote to memory of 4888 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4224 wrote to memory of 2160 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4224 wrote to memory of 4284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4224 wrote to memory of 4284 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9.exe

"C:\Users\Admin\AppData\Local\Temp\c67d92b897efe047fc48bdb6dfcdcf7ec7e7a80df3574f7eac564a1eff9cfde9.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3QC456LL.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3QC456LL.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 568

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 45.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 3.215.51.251:443 www.epicgames.com tcp
US 3.215.51.251:443 www.epicgames.com tcp
US 8.8.8.8:53 251.51.215.3.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com tcp
US 8.8.8.8:53 186.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 206.246.238.18.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 crls.pki.goog udp
NL 142.251.36.35:80 crls.pki.goog tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 126.179.238.8.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
NL 142.251.36.45:443 accounts.google.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 8.8.8.8:53 crl.rootca1.amazontrust.com udp
US 18.239.50.128:80 crl.rootca1.amazontrust.com tcp
US 8.8.8.8:53 128.50.239.18.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 18.238.246.206:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 killredls.pw udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 174.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 crl.r2m03.amazontrust.com udp
NL 108.156.64.197:80 crl.r2m03.amazontrust.com tcp
US 8.8.8.8:53 197.64.156.108.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe

MD5 ea347a282e1282f39f494fc1da078010
SHA1 1a932e37923c45d054b2492ee493a6a363c17d84
SHA256 9d2e90cad424dc9d875b192d35d46f4ece712cecec1bafb7abc55a17cf14c02a
SHA512 70451e9ed9fb62db7baeb76eb33d49c0720b92f5e137a6a75fe5c0eef55ed0761093c5219029c6856943a9e1224e7ff4698c1d434b22d24082234b064eb43aba

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ds9Ao71.exe

MD5 ea347a282e1282f39f494fc1da078010
SHA1 1a932e37923c45d054b2492ee493a6a363c17d84
SHA256 9d2e90cad424dc9d875b192d35d46f4ece712cecec1bafb7abc55a17cf14c02a
SHA512 70451e9ed9fb62db7baeb76eb33d49c0720b92f5e137a6a75fe5c0eef55ed0761093c5219029c6856943a9e1224e7ff4698c1d434b22d24082234b064eb43aba

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe

MD5 b0c439303edc1c2d83a31a44add54e95
SHA1 0c5c4b60fc7b41844e31021b13c065a835078c25
SHA256 c222d2d788fa38abc8fece8e36e7bec7b2055b9ed0afd830ba62f897e9f2e9f1
SHA512 486dd4251272a7d60d8957098ee20e0d920792f13723bf4d399d78d677c1fd964b41fc208dc0156de2e8398d388d281045be032880d379e208f278ba12ebcb49

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SJ2DW44.exe

MD5 b0c439303edc1c2d83a31a44add54e95
SHA1 0c5c4b60fc7b41844e31021b13c065a835078c25
SHA256 c222d2d788fa38abc8fece8e36e7bec7b2055b9ed0afd830ba62f897e9f2e9f1
SHA512 486dd4251272a7d60d8957098ee20e0d920792f13723bf4d399d78d677c1fd964b41fc208dc0156de2e8398d388d281045be032880d379e208f278ba12ebcb49

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3QC456LL.exe

MD5 cf31d52c5f71816e8022a2a6c6ee508d
SHA1 7f3d5cbb106e538be1d85834a0a6805b2504c51d
SHA256 825b25471c7c3b95ab266e5b97ae9db6d82a980b62de345eb6bc08dedf70e558
SHA512 922b61096e86f1ad8ed28e7c2e40a73f670ea7918db2dcef2ec3d1b2de0d4df89b7f84cea4c31892a93946bb6aca8a8d64d6560c03dfca820edcb36535b43c10

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3QC456LL.exe

MD5 cf31d52c5f71816e8022a2a6c6ee508d
SHA1 7f3d5cbb106e538be1d85834a0a6805b2504c51d
SHA256 825b25471c7c3b95ab266e5b97ae9db6d82a980b62de345eb6bc08dedf70e558
SHA512 922b61096e86f1ad8ed28e7c2e40a73f670ea7918db2dcef2ec3d1b2de0d4df89b7f84cea4c31892a93946bb6aca8a8d64d6560c03dfca820edcb36535b43c10

memory/212-21-0x000002C87E600000-0x000002C87E610000-memory.dmp

memory/212-37-0x000002C8008C0000-0x000002C8008D0000-memory.dmp

memory/212-56-0x000002C804AC0000-0x000002C804AC2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe

MD5 5a96e9ff49ce02c13f99b27c4256b117
SHA1 00ce61c832a581452b3d26e6fad40b779c681d96
SHA256 a2a91d92ec685bc8abc94e7fd46a3f61d2fddd0f69516874000e10f302150388
SHA512 38bcb9b55b1f9bfb91a6f58e625584b22b4856d065aa823b630b601eacf92a60f2482f7d9e716e43b3cf2eab56f03dbad1993009c729d02838c1b54d29cbb7c5

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4eu0yI5.exe

MD5 5a96e9ff49ce02c13f99b27c4256b117
SHA1 00ce61c832a581452b3d26e6fad40b779c681d96
SHA256 a2a91d92ec685bc8abc94e7fd46a3f61d2fddd0f69516874000e10f302150388
SHA512 38bcb9b55b1f9bfb91a6f58e625584b22b4856d065aa823b630b601eacf92a60f2482f7d9e716e43b3cf2eab56f03dbad1993009c729d02838c1b54d29cbb7c5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a4c7d91884a85bdb10d3962b7edb6f31
SHA1 7ed4d4526f5d7876d704af420b18e2322f5cf21d
SHA256 537ea6e404e1a67c311061606067244fcbd8892632cefd438b5376bd9bbbd539
SHA512 c3517da44f2907924aff28bd1ca633c7c74ff1c373776546d8a2cfc24020fc9ffe177ba7a067eafb605eb9bda0e380195c3293ec3886a3c4cc116a85a2a0c444

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e8f373609c38997d0cb466f09595d224
SHA1 4c023e8e04ed2107ca7600463b76d8f195e22499
SHA256 4c2ec7993b6b82df2491cf6676ee250cffad0cf35512434d59d1705127d5581e
SHA512 8b100f08e6795c2b3c4195b071570fe950ed681f901af77462d487f56a23afa4e9cd6f19bc1825a5ac791ba157962244475d544623e7deef35a90ed11b4022be

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e8f373609c38997d0cb466f09595d224
SHA1 4c023e8e04ed2107ca7600463b76d8f195e22499
SHA256 4c2ec7993b6b82df2491cf6676ee250cffad0cf35512434d59d1705127d5581e
SHA512 8b100f08e6795c2b3c4195b071570fe950ed681f901af77462d487f56a23afa4e9cd6f19bc1825a5ac791ba157962244475d544623e7deef35a90ed11b4022be

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e8f373609c38997d0cb466f09595d224
SHA1 4c023e8e04ed2107ca7600463b76d8f195e22499
SHA256 4c2ec7993b6b82df2491cf6676ee250cffad0cf35512434d59d1705127d5581e
SHA512 8b100f08e6795c2b3c4195b071570fe950ed681f901af77462d487f56a23afa4e9cd6f19bc1825a5ac791ba157962244475d544623e7deef35a90ed11b4022be

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1a13e4a7ba240b04e0b42367e2bd2b54
SHA1 675b86efc60c6071f12474fd8ffef9adbf9ad7be
SHA256 246008d339cc173c2a6f6331d4916182e9b451f9f71ff5b07c5af3f9826f8fef
SHA512 28a34c59154a49b35ef1acb4e9c36795e81ac916ea1138dd5c5c3e22eefbfc66af29db7dd8995c0204573190ed2d6e4e67b8f4aed14801252a6ed8f70409960f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 af041effa549f4afd8c1ae3e1b189114
SHA1 9fb544facefbab3cf69a15d37a571dbdd52018ce
SHA256 920098aadc38c2c9cb8066f44c46d07aab35dff4b52e38b149efe5e1d0510ac7
SHA512 80418b97e47b7e93761386a41364e1109f4c26a127400392a8a3959380dd33033b93e890d08680c5e079469306063e49beb3cb81bd8c0a79d9c251d0d57a7738

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 5313e9d659733d5295eeb41242f6c7a7
SHA1 56c5d9fee4938e073287b02f7d12d1abaac4bd67
SHA256 e8245cb46cd9dd1be9b6f166d0423b5bdbf29f935f7b3af27c9cbfc475fc16a1
SHA512 771e90d7db715bf00c9a1ebcca1c3e7b6916061d7f39a663306c9f2b97d73a5a76973dee190665aa8324512143362519c50640e41bd751b4096532ae4d48d8ba

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1a13e4a7ba240b04e0b42367e2bd2b54
SHA1 675b86efc60c6071f12474fd8ffef9adbf9ad7be
SHA256 246008d339cc173c2a6f6331d4916182e9b451f9f71ff5b07c5af3f9826f8fef
SHA512 28a34c59154a49b35ef1acb4e9c36795e81ac916ea1138dd5c5c3e22eefbfc66af29db7dd8995c0204573190ed2d6e4e67b8f4aed14801252a6ed8f70409960f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1a13e4a7ba240b04e0b42367e2bd2b54
SHA1 675b86efc60c6071f12474fd8ffef9adbf9ad7be
SHA256 246008d339cc173c2a6f6331d4916182e9b451f9f71ff5b07c5af3f9826f8fef
SHA512 28a34c59154a49b35ef1acb4e9c36795e81ac916ea1138dd5c5c3e22eefbfc66af29db7dd8995c0204573190ed2d6e4e67b8f4aed14801252a6ed8f70409960f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e8f373609c38997d0cb466f09595d224
SHA1 4c023e8e04ed2107ca7600463b76d8f195e22499
SHA256 4c2ec7993b6b82df2491cf6676ee250cffad0cf35512434d59d1705127d5581e
SHA512 8b100f08e6795c2b3c4195b071570fe950ed681f901af77462d487f56a23afa4e9cd6f19bc1825a5ac791ba157962244475d544623e7deef35a90ed11b4022be

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 5313e9d659733d5295eeb41242f6c7a7
SHA1 56c5d9fee4938e073287b02f7d12d1abaac4bd67
SHA256 e8245cb46cd9dd1be9b6f166d0423b5bdbf29f935f7b3af27c9cbfc475fc16a1
SHA512 771e90d7db715bf00c9a1ebcca1c3e7b6916061d7f39a663306c9f2b97d73a5a76973dee190665aa8324512143362519c50640e41bd751b4096532ae4d48d8ba

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 838d0c20a2aed8f05fb8e99f2f7945b3
SHA1 596b9f0b7959cc8aeb219489a13d9d0ffcbd5329
SHA256 d2114818f47d4753f95d67af4fe8fd6cc692a2101f4aa14ab3a93eac8ac39594
SHA512 9da6f1127835ab90ffc749d7c1c167c526cdebab11918d22d1838b14f5dd0f38e619b6b9740662771f74543fbf3029baf1ebdb83314718116ac1338b9d6c4cf4

memory/5584-118-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 1a13e4a7ba240b04e0b42367e2bd2b54
SHA1 675b86efc60c6071f12474fd8ffef9adbf9ad7be
SHA256 246008d339cc173c2a6f6331d4916182e9b451f9f71ff5b07c5af3f9826f8fef
SHA512 28a34c59154a49b35ef1acb4e9c36795e81ac916ea1138dd5c5c3e22eefbfc66af29db7dd8995c0204573190ed2d6e4e67b8f4aed14801252a6ed8f70409960f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe

MD5 90ad984d1b1b765125d68c5dbfd74c6f
SHA1 f3dc61ddfa98e0717493b1ef431addea716d3c50
SHA256 9ea9dc8a0cfafefe9d17d6a6c0a49e7398c2e5cd3992c5ad34604cf4131535f4
SHA512 5c42d2b94db1f6cd3d65cf9d1a93d4e61610294b1a3152756272485813bdace14e86db11697297aeac4aef4ae33b08b2ca34c056b1082d67313dfe0a23778cd1

memory/5584-124-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5584-126-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 838d0c20a2aed8f05fb8e99f2f7945b3
SHA1 596b9f0b7959cc8aeb219489a13d9d0ffcbd5329
SHA256 d2114818f47d4753f95d67af4fe8fd6cc692a2101f4aa14ab3a93eac8ac39594
SHA512 9da6f1127835ab90ffc749d7c1c167c526cdebab11918d22d1838b14f5dd0f38e619b6b9740662771f74543fbf3029baf1ebdb83314718116ac1338b9d6c4cf4

memory/5584-132-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5Uy44Nt.exe

MD5 90ad984d1b1b765125d68c5dbfd74c6f
SHA1 f3dc61ddfa98e0717493b1ef431addea716d3c50
SHA256 9ea9dc8a0cfafefe9d17d6a6c0a49e7398c2e5cd3992c5ad34604cf4131535f4
SHA512 5c42d2b94db1f6cd3d65cf9d1a93d4e61610294b1a3152756272485813bdace14e86db11697297aeac4aef4ae33b08b2ca34c056b1082d67313dfe0a23778cd1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 34af2bb12f19a531ec4235331de84b9a
SHA1 61b2a1268be4eaf74ecb62070eb9892a3f11bafd
SHA256 0ca361984017c2fd642ec2326c12a9595c8219a5504ebf2a9503c509849a2c1b
SHA512 be64adb3d54a7d22248eb4c382426bee273cc7b9c244a5701dadf20627172b6c38c63617e8eb327c143fa83747cb994df6ce81ee26a7c3ac762e77960b13bdf1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 691993a8c235d1c064d4bdd230073044
SHA1 0c52029aa4a3b41ca735b39b482bd8cbad2b52db
SHA256 83b1b5d27a0d02414c22e21e3b05fa99dd1e7faeee6c5db0c1c61de72e4d5535
SHA512 784273168c165149f67b621c62407211dd8118ab8dc241edf90b884d8ed561cd9fd4cf142ba764654504ec619505a52524a334a5490b0335759ac1dd2b140507

memory/5424-162-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AO5DA42Q.cookie

MD5 cecf5f0a2cbbb0349b590badcfcedb4a
SHA1 8e040483a6c6de6ceb67bff62cd2ffdcc00d0148
SHA256 81fe044378bef872134ca3149144c642cfb346558a9929edcac0dc8dd3ff81ac
SHA512 0634d507d15caf750312862738d8d76f618ae3e3c6a555ade55074e0ea2d38250d0e8c697cb41ba2470164e6ec432cbedead7cfe5a22f3e8a2bc86b8f1f09db2

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe

MD5 ccb1cedcfccab5491085ec21e2c62c45
SHA1 59d27ac4082fee40c6ffc8d4dca782074972a90c
SHA256 0f678c861452d305fbbc5c6704874e1b415961ee9ef21e9bd58cd614b651cb13
SHA512 cb5fd80645b6f2a3731fc1e3ce0b7373857c7b82195ac7b0356b7a3c32e120a97877dfc2b00c82e6ec7c5f456334faa4d55ffb034ee4094cdfc64db377ceb9a9

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6DH148.exe

MD5 ccb1cedcfccab5491085ec21e2c62c45
SHA1 59d27ac4082fee40c6ffc8d4dca782074972a90c
SHA256 0f678c861452d305fbbc5c6704874e1b415961ee9ef21e9bd58cd614b651cb13
SHA512 cb5fd80645b6f2a3731fc1e3ce0b7373857c7b82195ac7b0356b7a3c32e120a97877dfc2b00c82e6ec7c5f456334faa4d55ffb034ee4094cdfc64db377ceb9a9

memory/5232-187-0x0000029574CB0000-0x0000029574CB2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9WW4KXQL.cookie

MD5 e98b703bbee832be84f81fe675ed155a
SHA1 fac782ff304a45b2747e26587f11b20d779aa0e2
SHA256 17a90967b9d367e307ab08eff072cd89f5a4212ed1cda75caaabe01bd0d5e65a
SHA512 fff65f6bbf47434611330197c6e940ff93a03731358f10498340b7145e4483ef2f7fa4a1b8094a276496fd34b7711b59446413c53b7de9d633e677faeeec47e4

memory/5232-203-0x0000029574CD0000-0x0000029574CD2000-memory.dmp

memory/5232-205-0x0000029574CF0000-0x0000029574CF2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 5bfbda1159ee70b5c51cfe5442f9338e
SHA1 258708488c1056b854b2543d02676b98aa5c1e03
SHA256 7e3e290112a5b18bbc34278947b6887952287566aa2aa831b60dc2ebf1dbdf74
SHA512 aef061cdb39b818b5a2e1c39b101d3084d98aba64163ac94a6de111cd6cba5bf31ddf80d3a5c326c7d493d55ac07036a5a1c3b229e19102d0dd796e72d99d77a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 1acdbdc4021190cac755a67c3499b298
SHA1 0e72c50340105ea5bdf53cde2487e938570020c2
SHA256 8cfd8a73213f265fcb3d78bdb436a4de85fb99d474a2f20a01092660a037935e
SHA512 3ec39196e4a248e1c5c4927df55cbea7ff586b2fb7253246bc6b1af70c28b257c1f6916b6e84f926eefe42411d6bd2eac954298bc8ac5a8ea024ba4df17c9274

memory/5232-230-0x0000029575430000-0x0000029575432000-memory.dmp

memory/5232-298-0x0000029575460000-0x0000029575462000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BRK32DG0\shared_global[1].css

MD5 eec4781215779cace6715b398d0e46c9
SHA1 b978d94a9efe76d90f17809ab648f378eb66197f
SHA256 64f61829703eca976c04cf194765a87c5a718e98597df2cb3eae9cf3150e572e
SHA512 c1f8164eb3a250a8edf8b7cb3b8c30396861eff95bcc4ed9a0c92a9dcde8fd7cd3a91b8f4fd8968c4fdafd18b51d20541bcc07a0643e55c8f6b12ceb67d7805d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B71OFA8F\buttons[1].css

MD5 84524a43a1d5ec8293a89bb6999e2f70
SHA1 ea924893c61b252ce6cdb36cdefae34475d4078c
SHA256 8163d25cb71da281079b36fcde6d9f6846ff1e9d70112bbe328cae5ffb05f2bc
SHA512 2bf17794d327b4a9bdbae446dd086354b6b98ac044a8ee0b85bd72c3ab22d93b43f3542df03d64f997d1df6fc6cac5c5e258c4ec82b998f3a40b50c2fde99b5a

memory/5232-330-0x0000029575480000-0x0000029575482000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BRK32DG0\shared_responsive[1].css

MD5 086f049ba7be3b3ab7551f792e4cbce1
SHA1 292c885b0515d7f2f96615284a7c1a4b8a48294a
SHA256 b38fc1074ef68863c2841111b9e20d98ea0305c1e39308dc7ad3a6f3fd39117a
SHA512 645f23b5598d0c38286c2a68268cb0bc60db9f6de7620297f94ba14afe218d18359d124ebb1518d31cd8960baed7870af8fd6960902b1c9496d945247fbb2d78

memory/4500-383-0x000002BCB9680000-0x000002BCB96A0000-memory.dmp

memory/2596-389-0x000002C631790000-0x000002C6317B0000-memory.dmp

memory/5020-390-0x0000000000400000-0x0000000000488000-memory.dmp

memory/2540-397-0x0000024E30200000-0x0000024E30300000-memory.dmp

memory/5020-393-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64DQX6TN\shared_global[1].js

MD5 f94199f679db999550a5771140bfad4b
SHA1 10e3647f07ef0b90e64e1863dd8e45976ba160c0
SHA256 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548
SHA512 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\64DQX6TN\tooltip[1].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

memory/5020-406-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5424-457-0x00000000734E0000-0x0000000073BCE000-memory.dmp

memory/5020-458-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BRK32DG0\shared_responsive_adapter[1].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

memory/1064-471-0x000001A0CE100000-0x000001A0CE200000-memory.dmp

memory/212-555-0x000002C807020000-0x000002C807021000-memory.dmp

memory/212-516-0x000002C807010000-0x000002C807011000-memory.dmp

memory/1064-565-0x000001A0CEDA0000-0x000001A0CEEA0000-memory.dmp

memory/2540-567-0x0000024E44800000-0x0000024E44820000-memory.dmp

memory/2540-577-0x0000024E42410000-0x0000024E42430000-memory.dmp

memory/4500-586-0x000002BCBABA0000-0x000002BCBABC0000-memory.dmp

memory/1008-598-0x0000023AF7250000-0x0000023AF7270000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MWDEN7OI\favicon[1].ico

MD5 630d203cdeba06df4c0e289c8c8094f6
SHA1 eee14e8a36b0512c12ba26c0516b4553618dea36
SHA256 bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
SHA512 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

memory/5424-654-0x000000000C370000-0x000000000C86E000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

memory/5424-730-0x0000000006FA0000-0x0000000007032000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F01YT1OE\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MWDEN7OI\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\IDF4YG89\steamcommunity[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MWDEN7OI\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\VMCW3FKP\favicon[2].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\M8Y9F5B8.cookie

MD5 403080b6432c4fb8451498dd3d485d4e
SHA1 e9ba88a35b12bd296ded1d92a4ce3da09d519f70
SHA256 dd241de559d32311db56452528730560ac85bcdbb84a202dd4bdd02b797cb879
SHA512 4382faf8e646a3bae1834b103a53a1cbcf24e57d8e3c04dde6f60778e76caa29b1a79dbb7542b00f2f647c73c490af18e8174735e8c9e81ceea192e82236bcf3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OY912XWC\epic-favicon-96x96[1].png

MD5 c94a0e93b5daa0eec052b89000774086
SHA1 cb4acc8cfedd95353aa8defde0a82b100ab27f72
SHA256 3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775
SHA512 f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240