Malware Analysis Report

2025-01-02 05:16

Sample ID 231111-dh2w2sga4z
Target b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148
SHA256 b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148
Tags
mystic redline taiga google paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148

Threat Level: Known bad

The file b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga google paypal infostealer persistence phishing stealer

RedLine

Mystic

RedLine payload

Detected google phishing page

Detect Mystic stealer payload

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Suspicious use of SetThreadContext

AutoIT Executable

Detected potential entity reuse from brand paypal.

Drops file in Windows directory

Unsigned PE

Program crash

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 03:01

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 03:01

Reported

2023-11-11 03:04

Platform

win10-20231020-en

Max time kernel

55s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected google phishing page

phishing google

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3ZJ860pX.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\epicgames.com\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\store.steampowered.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.epicgames.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = c0ee3b894b14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ad72e0714b14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 7aed6e804b14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steamcommunity.com\NumberO = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\paypal.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e9f449744b14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.epicgames.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ea4574724b14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5dec98714b14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steampowered.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steampowered.com\NumberOfS = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2236 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe
PID 2236 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe
PID 2236 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe
PID 4432 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe
PID 4432 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe
PID 4432 wrote to memory of 1192 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe
PID 1192 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3ZJ860pX.exe
PID 1192 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3ZJ860pX.exe
PID 1192 wrote to memory of 824 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3ZJ860pX.exe
PID 1192 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe
PID 1192 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe
PID 1192 wrote to memory of 4932 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe
PID 4932 wrote to memory of 6032 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6032 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6032 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1008 wrote to memory of 4320 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1008 wrote to memory of 4320 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4932 wrote to memory of 6236 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6236 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6236 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4932 wrote to memory of 6460 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1008 wrote to memory of 5400 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1008 wrote to memory of 5400 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1008 wrote to memory of 5400 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4432 wrote to memory of 7028 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe
PID 4432 wrote to memory of 7028 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe
PID 4432 wrote to memory of 7028 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe
PID 7028 wrote to memory of 6308 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 7028 wrote to memory of 6308 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 7028 wrote to memory of 6308 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 7028 wrote to memory of 6308 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 7028 wrote to memory of 6308 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 7028 wrote to memory of 6308 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 7028 wrote to memory of 6308 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 7028 wrote to memory of 6308 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2236 wrote to memory of 6416 N/A C:\Users\Admin\AppData\Local\Temp\b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6uI784.exe
PID 2236 wrote to memory of 6416 N/A C:\Users\Admin\AppData\Local\Temp\b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6uI784.exe
PID 2236 wrote to memory of 6416 N/A C:\Users\Admin\AppData\Local\Temp\b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6uI784.exe

Processes

C:\Users\Admin\AppData\Local\Temp\b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148.exe

"C:\Users\Admin\AppData\Local\Temp\b495222ef689172171ab499d18dab704062534d267e59cf4f6a1a6671f85e148.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3ZJ860pX.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3ZJ860pX.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 568

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6uI784.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6uI784.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\ca2fd8f66c604a11866a3f1bb15626e8 /t 0 /p 6576

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.201.35:443 www.facebook.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 twitter.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 34.193.246.20:443 www.epicgames.com tcp
US 34.193.246.20:443 www.epicgames.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 20.246.193.34.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 www.paypal.com udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 186.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 18.239.62.218:80 ocsp.r2m02.amazontrust.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 157.240.5.35:443 fbcdn.net tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 218.62.239.18.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 fbsbx.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 c.paypal.com udp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
US 8.8.8.8:53 numpersb.fun udp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
US 8.8.8.8:53 killredls.pw udp
US 8.8.8.8:53 ocsp.r2m03.amazontrust.com udp
US 104.21.53.57:80 killredls.pw tcp
US 18.239.62.218:80 ocsp.r2m03.amazontrust.com tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.21:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe

MD5 0fbc26744e93fdba30eaaa205315a327
SHA1 ce19911b5c1e9004075902b9533320a13d5419e9
SHA256 539213859124247dd9002832b974e21f5b07f8b0bf0ce922c4e6618ed13f6544
SHA512 60c53b4eb86fbba1b3d0fdbce730be789bb4af609af16ed2c413298b7246fce02b95632499ec3a3c3fbd726872ce9227961c15d66054c561ada90fbce5815cd3

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lZ1fz75.exe

MD5 0fbc26744e93fdba30eaaa205315a327
SHA1 ce19911b5c1e9004075902b9533320a13d5419e9
SHA256 539213859124247dd9002832b974e21f5b07f8b0bf0ce922c4e6618ed13f6544
SHA512 60c53b4eb86fbba1b3d0fdbce730be789bb4af609af16ed2c413298b7246fce02b95632499ec3a3c3fbd726872ce9227961c15d66054c561ada90fbce5815cd3

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe

MD5 2dfda26c54a2a36baa2109e0740991d8
SHA1 87b88ae4ed29060bc6ba2ace5ab349453c0cf8d3
SHA256 93122076d18cca0ddea7f3efe8cae440f83f11471e4bfd95f82d90c53210e301
SHA512 ed950c6d262e6eea1b92e7afa366499b488892bbe6a4c70ee561a9399c82c313797717271bbbe05db3c5a61f1fc57dca147cf057557dcc828339a831c09302fd

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Jb9kP65.exe

MD5 2dfda26c54a2a36baa2109e0740991d8
SHA1 87b88ae4ed29060bc6ba2ace5ab349453c0cf8d3
SHA256 93122076d18cca0ddea7f3efe8cae440f83f11471e4bfd95f82d90c53210e301
SHA512 ed950c6d262e6eea1b92e7afa366499b488892bbe6a4c70ee561a9399c82c313797717271bbbe05db3c5a61f1fc57dca147cf057557dcc828339a831c09302fd

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3ZJ860pX.exe

MD5 6e8c060debb18f895f3cfe001ffb5dda
SHA1 d65ab92cf058d3dcbdbcbdb0fca548fe676ac2d4
SHA256 d3b28d5496b60b80c3de8e9af8ff7e5aefbdab14143be44a59b86cce15047e4b
SHA512 5df8e9577c463361af8b0f935ccecc71eba85f64c0e40cf67fcce8408b4e7f86c656b4b18c9ba9a037792a3d84a6b5683ad79e5436da3cc366aadb8944d78de1

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3ZJ860pX.exe

MD5 6e8c060debb18f895f3cfe001ffb5dda
SHA1 d65ab92cf058d3dcbdbcbdb0fca548fe676ac2d4
SHA256 d3b28d5496b60b80c3de8e9af8ff7e5aefbdab14143be44a59b86cce15047e4b
SHA512 5df8e9577c463361af8b0f935ccecc71eba85f64c0e40cf67fcce8408b4e7f86c656b4b18c9ba9a037792a3d84a6b5683ad79e5436da3cc366aadb8944d78de1

memory/4628-21-0x0000014C6D620000-0x0000014C6D630000-memory.dmp

memory/4628-37-0x0000014C6D8F0000-0x0000014C6D900000-memory.dmp

memory/4628-56-0x0000014C6DAF0000-0x0000014C6DAF2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe

MD5 a54e1156cfbd5bbb1bd258abddcafcec
SHA1 1950b1a4b1bf1a4cc5259e3de3ed49541390258e
SHA256 95b855b1ac16c74b9b1734e6a06a1901a7350ebb1b86e7353c303483d7b244a0
SHA512 516696d9871677076a671c38c2ed57b8fcd98a1aa6a89effe1c7ca83da68483106e7a7891e0bf0f36d00f0d72f96e9a70728735783774bd8bde5a9d9a31a7521

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4VR5mi7.exe

MD5 a54e1156cfbd5bbb1bd258abddcafcec
SHA1 1950b1a4b1bf1a4cc5259e3de3ed49541390258e
SHA256 95b855b1ac16c74b9b1734e6a06a1901a7350ebb1b86e7353c303483d7b244a0
SHA512 516696d9871677076a671c38c2ed57b8fcd98a1aa6a89effe1c7ca83da68483106e7a7891e0bf0f36d00f0d72f96e9a70728735783774bd8bde5a9d9a31a7521

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a4c7d91884a85bdb10d3962b7edb6f31
SHA1 7ed4d4526f5d7876d704af420b18e2322f5cf21d
SHA256 537ea6e404e1a67c311061606067244fcbd8892632cefd438b5376bd9bbbd539
SHA512 c3517da44f2907924aff28bd1ca633c7c74ff1c373776546d8a2cfc24020fc9ffe177ba7a067eafb605eb9bda0e380195c3293ec3886a3c4cc116a85a2a0c444

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e6b1f23e28485cdbd6f1f2b45b0d95d4
SHA1 2bc92955a2a44871fee9e21783fdde055b4b1fb6
SHA256 651fe4c7a8c96f76c2c817d43e73e834cfee0715a017aa5faec6b551593a038c
SHA512 54c010ab8306febdd319184d7db235f32ae8fa78003e46c74dd9d4479d310543c63537eb2c5cce4c4dd10258d3aeb891da0142f51677b6353d98a4fc4a80637d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e6b1f23e28485cdbd6f1f2b45b0d95d4
SHA1 2bc92955a2a44871fee9e21783fdde055b4b1fb6
SHA256 651fe4c7a8c96f76c2c817d43e73e834cfee0715a017aa5faec6b551593a038c
SHA512 54c010ab8306febdd319184d7db235f32ae8fa78003e46c74dd9d4479d310543c63537eb2c5cce4c4dd10258d3aeb891da0142f51677b6353d98a4fc4a80637d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 cd565e2b41a3fe62a7e897474f110304
SHA1 9a362f244a6671698795448af528d0ad89c8228d
SHA256 47f54ce4cab5e101cfa1c6d40be24a8fc1828db9f5f3b3ab7664ec6844ace3e7
SHA512 135027aed2dfdc585e037e53eb480b57a4446f9de8ecba83130f9cfd9f7d750306ae13510e514b52b52878f05a20c37c122320c7dd20b249e2f799780fddda1e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 fb86d4cc1a802fb31612db64082fc0e2
SHA1 858b8eaba4f01bd344cac002f265f9b017246746
SHA256 7adb7d9ed7114a73d2e6dffcea65b78d7c6015e12bf21ea0d41c5665dca219f3
SHA512 e8ba64e65001895e77b836fd3aa99f00dbb48c5b770604e5bfb3b7426f10e391fb0537c5c2333ff43f99b5d2cfc42c02f539123f76f4136c2fe74f3ed744a5db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 7d0e2ca9dd6d42d59469f1559dd46f0d
SHA1 5dc6c19dcd12464c577bb68cc029459eab78cd63
SHA256 b5bf9ac3427c0152a829f4992061b24a4ea745fc444db9fef87a7cbf9c1001d0
SHA512 16dd330ab91eb87dbc8eb30eb44a88e65097681de2f74857537198e0780f3dbd90ff07e5f5bd614f000fa4abd415511e1a3e21405fb5f91e1a3d707f8da55995

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\50U36INY.cookie

MD5 4b6ff9627195c33df3dcc0e81e16292d
SHA1 ae5c7d29b38c1f118481ab84d8809157e0fa97b1
SHA256 535e65f657bffd1e091441e7bb9c1613c5b960cd9c33d0dfbe4cae002039e45c
SHA512 688c32d6ac7ee9c7302b5525b02a7e59809c6f8bbd7e9ae491e213b8cc1835b155ee6e51ee83d5b693fe4682eb667acac8730c4cfdafcf5e9a5e254072612aee

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\S8KKCGWL.cookie

MD5 4b562dc41abb46b93a6abfc739ab1449
SHA1 9c85292cc9abc4788e54907e75412dd0600c9dea
SHA256 5bf0986a7e6a6b9ceedbfd4bb73f4bbf031b2d78ab9c4f75cb5afa33e8d32bab
SHA512 98984d5906ca66341f16bde2b7412c28db72b9de0ad96a0eb92e28a417454ee07e2d5e0f98cbd4ff49f38d5f9f9d70480c2a5931cec6c2dbc396b42691d43ff4

memory/3320-132-0x00000193F7740000-0x00000193F7760000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 469961b7c3861660987f582697d91408
SHA1 9c448f59696874f3dd6a7671a86b59a837c07823
SHA256 9e170eeb6657a821bd58f6be8dc9cbe1d569beb454bb971f51b95f451fb5cf22
SHA512 67dfe75bc94e7ab2782b015ab8edf169f3cfb428fcfb418e45ab7b6d9ef55c57a8be709e43b6ec2efb1193bc496175e8d4357ab0eeb7abf3c59134d5337698f3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 cdbf9f3e25b685facd7a077733d5f9c7
SHA1 2fb22dfe78f95e303d3b2815799fdf99196bb3d3
SHA256 92ae5dc11fc0153d4d0da5438fee524e09c01e0a1150cbab58a216d65fa23bc4
SHA512 74a646d27eea72923c2de274552ef8f09accbaebe38463971bf5b19944ce219782245ed19d1f6825544908b087ec4af4a83ba267cad19fd8a04178dd3e1fd944

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 cdbf9f3e25b685facd7a077733d5f9c7
SHA1 2fb22dfe78f95e303d3b2815799fdf99196bb3d3
SHA256 92ae5dc11fc0153d4d0da5438fee524e09c01e0a1150cbab58a216d65fa23bc4
SHA512 74a646d27eea72923c2de274552ef8f09accbaebe38463971bf5b19944ce219782245ed19d1f6825544908b087ec4af4a83ba267cad19fd8a04178dd3e1fd944

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 cd565e2b41a3fe62a7e897474f110304
SHA1 9a362f244a6671698795448af528d0ad89c8228d
SHA256 47f54ce4cab5e101cfa1c6d40be24a8fc1828db9f5f3b3ab7664ec6844ace3e7
SHA512 135027aed2dfdc585e037e53eb480b57a4446f9de8ecba83130f9cfd9f7d750306ae13510e514b52b52878f05a20c37c122320c7dd20b249e2f799780fddda1e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e6b1f23e28485cdbd6f1f2b45b0d95d4
SHA1 2bc92955a2a44871fee9e21783fdde055b4b1fb6
SHA256 651fe4c7a8c96f76c2c817d43e73e834cfee0715a017aa5faec6b551593a038c
SHA512 54c010ab8306febdd319184d7db235f32ae8fa78003e46c74dd9d4479d310543c63537eb2c5cce4c4dd10258d3aeb891da0142f51677b6353d98a4fc4a80637d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 aff8848a4b64275aaadde77b34dcb431
SHA1 d0e21086192f8c04cc7158b6ad3a1c0a3da811eb
SHA256 7e2f6a86bee23d94a93d4087de01215eab2ababcd7c921781108851ffc18f79c
SHA512 58e09d7ce760204dce548050f21089d07550e3c964dca01cec38a6ccc3ea23a3374f059ec8ba7d65bc5388890fe0eb0314c40b20b674eb0da6c2db67abc032a9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 aff8848a4b64275aaadde77b34dcb431
SHA1 d0e21086192f8c04cc7158b6ad3a1c0a3da811eb
SHA256 7e2f6a86bee23d94a93d4087de01215eab2ababcd7c921781108851ffc18f79c
SHA512 58e09d7ce760204dce548050f21089d07550e3c964dca01cec38a6ccc3ea23a3374f059ec8ba7d65bc5388890fe0eb0314c40b20b674eb0da6c2db67abc032a9

memory/4320-262-0x000002FEFDAF0000-0x000002FEFDAF2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7WSKT6HN\shared_global[1].css

MD5 eec4781215779cace6715b398d0e46c9
SHA1 b978d94a9efe76d90f17809ab648f378eb66197f
SHA256 64f61829703eca976c04cf194765a87c5a718e98597df2cb3eae9cf3150e572e
SHA512 c1f8164eb3a250a8edf8b7cb3b8c30396861eff95bcc4ed9a0c92a9dcde8fd7cd3a91b8f4fd8968c4fdafd18b51d20541bcc07a0643e55c8f6b12ceb67d7805d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7WSKT6HN\buttons[1].css

MD5 84524a43a1d5ec8293a89bb6999e2f70
SHA1 ea924893c61b252ce6cdb36cdefae34475d4078c
SHA256 8163d25cb71da281079b36fcde6d9f6846ff1e9d70112bbe328cae5ffb05f2bc
SHA512 2bf17794d327b4a9bdbae446dd086354b6b98ac044a8ee0b85bd72c3ab22d93b43f3542df03d64f997d1df6fc6cac5c5e258c4ec82b998f3a40b50c2fde99b5a

memory/4320-324-0x000002FEFDC20000-0x000002FEFDC22000-memory.dmp

memory/1928-372-0x0000025975B50000-0x0000025975C50000-memory.dmp

memory/2504-369-0x0000018D425E0000-0x0000018D42600000-memory.dmp

memory/6460-381-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X98RD7IL\tooltip[1].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X98RD7IL\shared_global[1].js

MD5 f94199f679db999550a5771140bfad4b
SHA1 10e3647f07ef0b90e64e1863dd8e45976ba160c0
SHA256 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548
SHA512 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

memory/6460-399-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6460-403-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5400-414-0x0000027E70DF0000-0x0000027E70DF2000-memory.dmp

memory/5400-421-0x0000027E70F20000-0x0000027E70F22000-memory.dmp

memory/5400-425-0x0000027E70F40000-0x0000027E70F42000-memory.dmp

memory/6460-398-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7WSKT6HN\shared_responsive[1].css

MD5 086f049ba7be3b3ab7551f792e4cbce1
SHA1 292c885b0515d7f2f96615284a7c1a4b8a48294a
SHA256 b38fc1074ef68863c2841111b9e20d98ea0305c1e39308dc7ad3a6f3fd39117a
SHA512 645f23b5598d0c38286c2a68268cb0bc60db9f6de7620297f94ba14afe218d18359d124ebb1518d31cd8960baed7870af8fd6960902b1c9496d945247fbb2d78

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\C2Z8J6GA.cookie

MD5 b72d03c2d032115dc081b6138f546191
SHA1 4c379dd1112e40cb4dad0e06ff1d4d14324c5146
SHA256 72242fd923e9621120092a035081d698396b287dc6bcc6ba8f710371e17c9d89
SHA512 66b944d9f3cfaabe1f2e7c05329aa160ba8c13858301f4ed41a1f0075a9b2a75eaa6385a1c79db6e92a31acd6c6f9747035f46266d4f1a8ea5d1562c3efb036a

memory/688-260-0x00000202A5700000-0x00000202A5800000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7WSKT6HN\shared_responsive_adapter[1].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 7d0e2ca9dd6d42d59469f1559dd46f0d
SHA1 5dc6c19dcd12464c577bb68cc029459eab78cd63
SHA256 b5bf9ac3427c0152a829f4992061b24a4ea745fc444db9fef87a7cbf9c1001d0
SHA512 16dd330ab91eb87dbc8eb30eb44a88e65097681de2f74857537198e0780f3dbd90ff07e5f5bd614f000fa4abd415511e1a3e21405fb5f91e1a3d707f8da55995

memory/2860-457-0x0000027DDA7F0000-0x0000027DDA810000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe

MD5 1caa474dfd94bd5366781c620df8ac15
SHA1 10c438c51cba8958f70e4c62a27c40f2a52a0431
SHA256 1a69e4a0acbbab341f3ff4f4f71b5c97f0d3232acc5e50c276f3b3e5eea617b4
SHA512 e54778dd784f1a69b18c944ad71c9f889dc26702e73be436d6adf29452005e716c76078e280ae3086f0602099dbfd656f671af95047bf465ed39d52b6b441ddb

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5sv01UR.exe

MD5 1caa474dfd94bd5366781c620df8ac15
SHA1 10c438c51cba8958f70e4c62a27c40f2a52a0431
SHA256 1a69e4a0acbbab341f3ff4f4f71b5c97f0d3232acc5e50c276f3b3e5eea617b4
SHA512 e54778dd784f1a69b18c944ad71c9f889dc26702e73be436d6adf29452005e716c76078e280ae3086f0602099dbfd656f671af95047bf465ed39d52b6b441ddb

memory/4628-497-0x0000014C74F70000-0x0000014C74F71000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AJ9JW8N9.cookie

MD5 32301f936901c461cfe5434d421e07fd
SHA1 f6163fd6cf9c55109860c09721f028d151cb8580
SHA256 de11c3bb74725c979b3c28d40854527bf621bb57cc3f7426b4daaf412a637fdd
SHA512 ef087b084c8cc07305b42170e20c3578b87d5b0ce010a9f06e1fed43ec59c1dd723e7becbf1928b25f410f58e74c953c972aa0d6e8cf17141d79e461bd434160

memory/4628-505-0x0000014C74F80000-0x0000014C74F81000-memory.dmp

memory/2504-519-0x0000018D438E0000-0x0000018D43900000-memory.dmp

memory/6308-557-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6uI784.exe

MD5 7f716337af35cf0da5675ed19e125394
SHA1 268c33d482efe85d92ae62c9c4a89b131e658f0e
SHA256 d0a03b39447e92e0c52de3550265d1e718cbd9e2b80db9bfdd59285da4db3001
SHA512 b8efcf3b3c7afd8abbfbf94e79b9015576f4b303e97ffce846f44b943e39df3a9db7cc1aa2f35a70b48e51210609ef0ee8f4136a0770aa3fe60a3873a5edf69e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6uI784.exe

MD5 7f716337af35cf0da5675ed19e125394
SHA1 268c33d482efe85d92ae62c9c4a89b131e658f0e
SHA256 d0a03b39447e92e0c52de3550265d1e718cbd9e2b80db9bfdd59285da4db3001
SHA512 b8efcf3b3c7afd8abbfbf94e79b9015576f4b303e97ffce846f44b943e39df3a9db7cc1aa2f35a70b48e51210609ef0ee8f4136a0770aa3fe60a3873a5edf69e

memory/2860-598-0x0000027DDB200000-0x0000027DDB300000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3FWWRSFB\favicon[1].ico

MD5 630d203cdeba06df4c0e289c8c8094f6
SHA1 eee14e8a36b0512c12ba26c0516b4553618dea36
SHA256 bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
SHA512 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

memory/688-623-0x0000020293EE0000-0x0000020293F00000-memory.dmp

memory/2860-611-0x0000027DDB200000-0x0000027DDB300000-memory.dmp

memory/2860-681-0x0000027DDC190000-0x0000027DDC1B0000-memory.dmp

memory/2504-728-0x0000018D44000000-0x0000018D44100000-memory.dmp

memory/3784-735-0x000001B8A3760000-0x000001B8A3780000-memory.dmp

memory/1928-762-0x0000025976D40000-0x0000025976E40000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\A3B65E7N\www.epicgames[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

memory/2860-806-0x0000027DDB940000-0x0000027DDBA40000-memory.dmp

memory/2860-810-0x0000027DDB940000-0x0000027DDBA40000-memory.dmp

memory/6308-847-0x0000000073720000-0x0000000073E0E000-memory.dmp

memory/6308-851-0x000000000BCF0000-0x000000000C1EE000-memory.dmp

memory/6308-857-0x000000000B8D0000-0x000000000B962000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3FWWRSFB\B8BxsscfVBr[1].ico

MD5 e508eca3eafcc1fc2d7f19bafb29e06b
SHA1 a62fc3c2a027870d99aedc241e7d5babba9a891f
SHA256 e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a
SHA512 49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

memory/6308-905-0x000000000BA50000-0x000000000BA5A000-memory.dmp

memory/6308-929-0x000000000C800000-0x000000000CE06000-memory.dmp

memory/6308-938-0x000000000C1F0000-0x000000000C2FA000-memory.dmp

memory/6308-943-0x000000000BB30000-0x000000000BB42000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LY4XCJ3P.cookie

MD5 48266acba62a047602ea63388b0095be
SHA1 2fda66f57ef3edd64f8960cc74eb886f2be6ff3d
SHA256 2b061260318cb5cf64383889331423ff193a5db1f34228fa7a6fb483e0a58f33
SHA512 4c2b15045a50d354fd2e74a316c2379de32af28175b4a1c1ae0abe5ae6184c11087ba740bb373477fe99a992de7d315dfc74fb7dd847bc6be9b68903a66674cb

memory/6308-947-0x000000000BBB0000-0x000000000BBEE000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QH14GEEK.cookie

MD5 87aacd4ec086a2566c34d69ecf878b5a
SHA1 00328d7d3d8c2cfe804a1850224ff4c699470b23
SHA256 b3ae88cac730d842a2b1afe3b17c55d02d6beee3a204f8482403abd09bcef3a5
SHA512 e6a803167e5605ffc2b6c417132f46cbc5e7c71f797b3a135cd05e375933475470469a8e8f203852e7e8789881c4750afb947d9be64a20b467f8ee6922555156

memory/6308-976-0x000000000BBF0000-0x000000000BC3B000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3H2AYLJ9.cookie

MD5 49dc2382aec8ec52a2d7b2e709a9b198
SHA1 dd5e4fb19d54731045d19e246a900da9418f91fb
SHA256 cf23dd72bbad514c253fce6f32a1ba86c78ba1da139afe8f176ea289449a509a
SHA512 6f817bb8eaa1155319c09bc2220242dfc78c96a0bde5da87b7e7e4745f1104b65a6a5d183d28da07d0cb152ddcd94d196519d4ee6e8c86f5f55e57ab87d00e1e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FIJSSBQQ\favicon[1].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\wfzs4sn\imagestore.dat

MD5 0b94242c0401bf13a1988db0f694e198
SHA1 d6dcab7359d20b55547a4240b72256429b736ac1
SHA256 0e687281fced7be20a2c32b863191349d9c9e1b8d1e74378e8d49ab5424dbf75
SHA512 f790d2f648a4d2f701b64a1c21085a81a42882c233f834320476b1593995bc0ae82cc4b7034b2fe522e03fc5f756740280fe53f56c61efcf6efee45f05d9db8f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\A3B65E7N\www.epicgames[1].xml

MD5 a1dadcf26fbb10492bc9d9d8144e40c9
SHA1 7b718769ae1646101080ae43f4bd14361c1bceb7
SHA256 6bf9dafbd27c127a18fa826572e4b19743da7db7a94ec170da5bb3bd6354d4b7
SHA512 30f05ca4dde3e98f3bd200afff7c3d2538ef1e531edfb2f2d3dac67ef0a41c0de3945bee7219ef63a0ac730113337d8688fcf5223f96aa23beb4c8ee98d36463

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FIJSSBQQ\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\X98RD7IL\chunk~9229560c0[1].css

MD5 19a9c503e4f9eabd0eafd6773ab082c0
SHA1 d9b0ca3905ab9a0f9ea976d32a00abb7935d9913
SHA256 7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a
SHA512 0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GXRWW7EQ.cookie

MD5 fbe4144d4fcb802210f4336a2b294dbc
SHA1 632241ae0868693a81bc952390a486a8562de1b3
SHA256 a340535d5ef6be52b59f8ffb0b8d75eae4060805567690a132debf962669e8e7
SHA512 218913de4732ac3821fec586d62aba5ebf7c13f463055056813a49803bee8812bf4e3def4a2f48502d1ba9131135fc16423a56683cfd063f41bea0277e2cc45d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\U1C0M1NQ.cookie

MD5 00315faa188aeff6f54625d223554461
SHA1 2257d91c39511be03d29f1767df117ec1af59b52
SHA256 e9909bd6f294632f98f62ef394785bb2ea3955bea7a4e323d5015750541fd9a9
SHA512 e292ff6f474eba6a1581efda3dcd4db835666822722150988b0f02404892b7f6f1d090c2516fd67fbf6613411a9ce6b17fd6f9c08a211e8179a2fe10a44679dc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FBPDBY07.cookie

MD5 4467a11a9ae6f3f45cc9e4f82660bc6f
SHA1 3ad183a6d57d8db31a39227c51b0320745e62b2c
SHA256 ecac91eab2da59b9a22d09f433872c3bcf02e8b7fa97e2ebdeb7f94951f5adc6
SHA512 f9aff7be602e26defd697ea79201c0b521cd41e7461cae461ec12cbc0549c47304dcc208ae5df7c6ee38d817a5ed19063842b215cc6915a8ea30eabe15fd25a7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

MD5 f4264ddabc96212f54533c49ae7b46dc
SHA1 5c92bfaf0a8e700428cb338eb69fb8ee4e3fda55
SHA256 4a5d88b0867433d40cab69134a301b77c0762a4cd43e12e03710c653c3355ed3
SHA512 47cdaa11b38be0c9a574461dbcda8d6136074e40e3981f0253b03df0594c3c1d834a61e971a21e4ea75638b027a7a84c011dfe62f24c51f2e6bb6f89eed9386c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

MD5 04895bd8aad05302d8663f087e7e3ba8
SHA1 974c8fa232c56221c940c35c6fdeb460379a5810
SHA256 e5fe7a0d00312925e54b1b6669e2dab37113741d0c4f85559de6733724a9d0aa
SHA512 1be1fbf76c380b9f500bc4625031142e358fe0f537699ed4bf0d8721affb02b94b200d727f809a6cf009d15802949d897b4fe6208ccca74fe1b050d9e21f9318

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0TFQALG0.cookie

MD5 5d1a646cf2e3725b588950a06d4539dc
SHA1 8ce16f9adedfaa6e20d24e47d19a93632da93c68
SHA256 b194d849c640d6c657730bf3fba4b6faf73f4e67dbc62d5e0db0d73b986445db
SHA512 68ce0cff8ddb0d9d17c13a144affbf3cdab7d1a84c089da6a42a83a8cd2cc527b9e5e50bf12657ceb355c47d362d9171588f544e8cb0497acea513ed2a3c67f0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\IBXFUQF6\epic-favicon-96x96[1].png

MD5 c94a0e93b5daa0eec052b89000774086
SHA1 cb4acc8cfedd95353aa8defde0a82b100ab27f72
SHA256 3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775
SHA512 f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XA59HHPK.cookie

MD5 2abf458a421251eb94b0c4d090d07f20
SHA1 b35ce34df7d6c52e071a2406b3dcdbfc75e52deb
SHA256 0e95c03b59d6af4858e8fe1bfe3e2da782a5939f5c13d6a33d6cbb4cbc65d3f8
SHA512 5a0c49290ff0548b18effc3488d6eab4faf09eefa9ac1bb1b8e04a62bfd3ab522a03db3e197cf74aa60d0e31ff5ed6d90711fbb7f0757015956aeac2b8ed5db4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\E2TUIJ4Z.cookie

MD5 4a5ea9fcbc14b7d35516c786c00edb05
SHA1 85273686d8391bcaf6579f53ae89e1a930bbe223
SHA256 92b98d9e91aa6f57434dc7f905d1b668c347cf0705f669281eb9f64512b6e14c
SHA512 40cd6b27ec1d7d8732db19be93a4bb3c904760df8e2409069cf04cfd4f329dd2b96d3b21649be3d2ed66657f454dac4805b3958b3a13d7210ee159513d0193e9