Malware Analysis Report

2025-01-02 05:17

Sample ID 231111-dw1wxage9w
Target 94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647
SHA256 94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647
Tags
mystic redline taiga paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647

Threat Level: Known bad

The file 94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647 was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing spyware stealer

RedLine

RedLine payload

Detect Mystic stealer payload

Mystic

Checks computer location settings

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Drops file in Windows directory

Unsigned PE

Program crash

Suspicious behavior: MapViewOfSection

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 03:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 03:22

Reported

2023-11-11 03:26

Platform

win10-20231023-en

Max time kernel

193s

Max time network

207s

Command Line

"C:\Users\Admin\AppData\Local\Temp\94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Gm155Cu.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\paypal.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = fb0e1d704e14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7ab09e6f4e14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000008a63fd0aacc9969daa4b7037d3809ab4829831bde52790027e25a3155109a36d0f1a0795109ef28c48ecc1f51fd4097ffe57b0c3f30d5859d0a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.epicgames.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8dab39704e14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steampowered.com\NumberOfSubd = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "406438013" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9dfb09704e14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.epicgames.com\ = "15" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1156 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe
PID 1156 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe
PID 1156 wrote to memory of 2080 N/A C:\Users\Admin\AppData\Local\Temp\94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe
PID 2080 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe
PID 2080 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe
PID 2080 wrote to memory of 4560 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe
PID 4560 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Gm155Cu.exe
PID 4560 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Gm155Cu.exe
PID 4560 wrote to memory of 3476 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Gm155Cu.exe
PID 4560 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe
PID 4560 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe
PID 4560 wrote to memory of 4452 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe
PID 4452 wrote to memory of 5408 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4452 wrote to memory of 5408 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4452 wrote to memory of 5408 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4452 wrote to memory of 5428 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4452 wrote to memory of 5428 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4452 wrote to memory of 5428 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4452 wrote to memory of 5428 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4452 wrote to memory of 5428 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4452 wrote to memory of 5428 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4452 wrote to memory of 5428 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4452 wrote to memory of 5428 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4452 wrote to memory of 5428 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4452 wrote to memory of 5428 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2080 wrote to memory of 5504 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe
PID 2080 wrote to memory of 5504 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe
PID 2080 wrote to memory of 5504 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe
PID 5504 wrote to memory of 5924 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 5924 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 5924 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 5924 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 5924 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 5924 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 5924 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5504 wrote to memory of 5924 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1156 wrote to memory of 6076 N/A C:\Users\Admin\AppData\Local\Temp\94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe
PID 1156 wrote to memory of 6076 N/A C:\Users\Admin\AppData\Local\Temp\94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe
PID 1156 wrote to memory of 6076 N/A C:\Users\Admin\AppData\Local\Temp\94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe
PID 3392 wrote to memory of 5212 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3392 wrote to memory of 5212 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3392 wrote to memory of 5212 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3392 wrote to memory of 5212 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3392 wrote to memory of 5212 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3392 wrote to memory of 5212 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3392 wrote to memory of 4248 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3392 wrote to memory of 4248 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3392 wrote to memory of 4676 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3392 wrote to memory of 4676 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3392 wrote to memory of 4324 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3392 wrote to memory of 4324 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 6076 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6076 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6076 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6076 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6076 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6076 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6076 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6076 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6076 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3392 wrote to memory of 2564 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3392 wrote to memory of 2564 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647.exe

"C:\Users\Admin\AppData\Local\Temp\94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Gm155Cu.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Gm155Cu.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 576

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 54.156.124.88:443 www.epicgames.com tcp
US 54.156.124.88:443 www.epicgames.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 88.124.156.54.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 186.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 177.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 crl.r2m02.amazontrust.com udp
NL 108.156.64.197:80 crl.r2m02.amazontrust.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 197.64.156.108.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.105:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 8.8.8.8:53 numpersb.fun udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 105.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
RU 5.42.92.51:19057 tcp
US 172.67.209.38:80 killredls.pw tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 c.paypal.com udp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 54.156.124.88:443 www.epicgames.com tcp
US 54.156.124.88:443 www.epicgames.com tcp
US 54.156.124.88:443 www.epicgames.com tcp
US 54.156.124.88:443 www.epicgames.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe

MD5 db7eba0607bc811a574eb6a14675e5e7
SHA1 e12046424cf24282558bd49117c429550699c2eb
SHA256 60ad9877abce72298f9935c6f29e21ad8c15a564c1249da2e5b61c6b5c1bc94d
SHA512 41292b176bafc401fd8a4e90f872cacce9bde116c88d1d9a435a04efe72d4cf9384601c35491f83af90de81e13de46a45e95b1721bc822bab69121fe950675a7

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\QM8xj24.exe

MD5 db7eba0607bc811a574eb6a14675e5e7
SHA1 e12046424cf24282558bd49117c429550699c2eb
SHA256 60ad9877abce72298f9935c6f29e21ad8c15a564c1249da2e5b61c6b5c1bc94d
SHA512 41292b176bafc401fd8a4e90f872cacce9bde116c88d1d9a435a04efe72d4cf9384601c35491f83af90de81e13de46a45e95b1721bc822bab69121fe950675a7

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe

MD5 630cc1d83c0a6a06fcd71645a2cd60a0
SHA1 0293791751ccd585d69cd7aaf09ce467647ecb2c
SHA256 b05da9cca7c0b171866837ed642cc15e1b1cbe9fd6b10a1c0c949a70a1fe309b
SHA512 6934427bac2411034bc45c05859c7f2a33f84af24cfa3eead6d14bbd7dcf3d8696c7d9e9316fe9b49a95e8299f5368ac29c7b8ae93e35c7de736eeb708586604

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\gd6jA83.exe

MD5 630cc1d83c0a6a06fcd71645a2cd60a0
SHA1 0293791751ccd585d69cd7aaf09ce467647ecb2c
SHA256 b05da9cca7c0b171866837ed642cc15e1b1cbe9fd6b10a1c0c949a70a1fe309b
SHA512 6934427bac2411034bc45c05859c7f2a33f84af24cfa3eead6d14bbd7dcf3d8696c7d9e9316fe9b49a95e8299f5368ac29c7b8ae93e35c7de736eeb708586604

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Gm155Cu.exe

MD5 37c60c93dd2489f9810f8f2ec2d8e938
SHA1 26ecc628e06f2e16c2c23df17ef1bbc060334adc
SHA256 a74b2912e598e57c91dc5e99ecf5041e58b1f59d8f71832f261db483ad91a8f3
SHA512 4ea2acb0d506ee158e2165c410d97eca07d1cc74f0c2d14228118b81a9a921d0f0bf92e439d5eaaf7ec7b89e9391b5e1b717bdcfa2d275dbf891d18d4a55aa98

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Gm155Cu.exe

MD5 37c60c93dd2489f9810f8f2ec2d8e938
SHA1 26ecc628e06f2e16c2c23df17ef1bbc060334adc
SHA256 a74b2912e598e57c91dc5e99ecf5041e58b1f59d8f71832f261db483ad91a8f3
SHA512 4ea2acb0d506ee158e2165c410d97eca07d1cc74f0c2d14228118b81a9a921d0f0bf92e439d5eaaf7ec7b89e9391b5e1b717bdcfa2d275dbf891d18d4a55aa98

memory/1176-21-0x0000021E56420000-0x0000021E56430000-memory.dmp

memory/1176-37-0x0000021E56C80000-0x0000021E56C90000-memory.dmp

memory/1176-56-0x0000021E56900000-0x0000021E56902000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe

MD5 6492c5be065e14459e2f440d199c17a1
SHA1 2b1861eb67605547645935ef5f1b50385a5ebbde
SHA256 563cb6b29b2341e56045cbb11244ebe8dd6ad222136f36504cc6bf41b649377b
SHA512 ed911f96e73a0993e776e333638240fcdb56f937a02ef56501c735a750db9ec3a8eadc1fa704b84fba548aa71471a00f47f100224fff02114bc430a36ca6563b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4pb7ks9.exe

MD5 6492c5be065e14459e2f440d199c17a1
SHA1 2b1861eb67605547645935ef5f1b50385a5ebbde
SHA256 563cb6b29b2341e56045cbb11244ebe8dd6ad222136f36504cc6bf41b649377b
SHA512 ed911f96e73a0993e776e333638240fcdb56f937a02ef56501c735a750db9ec3a8eadc1fa704b84fba548aa71471a00f47f100224fff02114bc430a36ca6563b

memory/5428-76-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5428-79-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5428-80-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe

MD5 dec3b58fc562334235a20e33f4e0dab6
SHA1 04fd965f849a5e1315d5948c9622d42dd72bcbba
SHA256 ec071b551f9211abc39dd2f7f3bb3449d153680cb58ffed19f27734bae5a29b4
SHA512 da732fd8db0ec238bc683ce4544285ad55c2bb231feb727b6240de70e21596ff411143b066b045ca1b9810d59809d9249174aa058c7ccd6ef302499df0e79b06

memory/5428-83-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5xA64TZ.exe

MD5 dec3b58fc562334235a20e33f4e0dab6
SHA1 04fd965f849a5e1315d5948c9622d42dd72bcbba
SHA256 ec071b551f9211abc39dd2f7f3bb3449d153680cb58ffed19f27734bae5a29b4
SHA512 da732fd8db0ec238bc683ce4544285ad55c2bb231feb727b6240de70e21596ff411143b066b045ca1b9810d59809d9249174aa058c7ccd6ef302499df0e79b06

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 3cdb35e00f29e6e2f048f0a42b83de3a
SHA1 15065bd5fb052a6761cbddbd2a50d31ccb8b7846
SHA256 c704957c3b0107f50abdeae50e6c8f93e9f087972c37df5cec199c1d5e492c5e
SHA512 4f1db6b2cffdea1eacc0321ac7c199b57f476e2cce85ebc4145e50c295f736d6ee843058dd18028c7438c7b6b841b5709d6a15d8d6da28dadcb8f31abcc2d0b5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 eeabdf69ba5cafd10c7921f9d913210f
SHA1 974d3d64fcbec70c7ba6b5a47e91929c356230d4
SHA256 08e349f847b0e956aaeabcaee37acdd31dfa989b4abe411840f0027c47ea7e21
SHA512 cc91b4650d4b7a48566b7ba4e67867d8ba9ecf4f33fd4e543e82a6b6dcf86357ce39a0689c14eca58b5dde48a6e3d046839a86d8c88315cd4d4d53cfb57235ca

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 eeabdf69ba5cafd10c7921f9d913210f
SHA1 974d3d64fcbec70c7ba6b5a47e91929c356230d4
SHA256 08e349f847b0e956aaeabcaee37acdd31dfa989b4abe411840f0027c47ea7e21
SHA512 cc91b4650d4b7a48566b7ba4e67867d8ba9ecf4f33fd4e543e82a6b6dcf86357ce39a0689c14eca58b5dde48a6e3d046839a86d8c88315cd4d4d53cfb57235ca

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 eeabdf69ba5cafd10c7921f9d913210f
SHA1 974d3d64fcbec70c7ba6b5a47e91929c356230d4
SHA256 08e349f847b0e956aaeabcaee37acdd31dfa989b4abe411840f0027c47ea7e21
SHA512 cc91b4650d4b7a48566b7ba4e67867d8ba9ecf4f33fd4e543e82a6b6dcf86357ce39a0689c14eca58b5dde48a6e3d046839a86d8c88315cd4d4d53cfb57235ca

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 03d2321fe124f24b099edfad000dbb2c
SHA1 6c97f9ad21303ade11189be921e32a16f6d10462
SHA256 9b2248d580f1ccac51837ef74279395d1c6c2d6827cd6d4cd236a295223b95cd
SHA512 6eb23f1632b5a31512042b9eded736ef88f58dc40756d3bae62121beeefd0b47c46aba0ad1be79be8709d415c527735b3acfceb9fa3d48e048aeec54ff2177df

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 cab0a92e88af2dbdc23efb404d98272b
SHA1 263ea3e56c2a426c3e2952f207afcce56c79f97c
SHA256 4b2809632f5557e0e1bab1c60808f5a6b17d02cd3e6bdc9456a97d51fc85a5c8
SHA512 378f2e3d616313fd188cc22cb89a04638db1db63aa730b7d4eb342206e7b9bcbc27348d284c2e45d6aa0f51093228d93341c056503c24087a406c5a9636c41bf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 e75974181bf62779a80b33971c745f05
SHA1 cd4e014522d392c71986ceee995426246d1ba9db
SHA256 a3af6a0217d20342031c9026498a4e92f8e27ed30c9d2381e68380787335d77b
SHA512 c7c0c5e61e9443ebcd951bcbce4f3a195592270910398fed338445964163038dce170c9364cb0e86622636b82e6464d23de2f2137d2ba262fd585dd4d01f5236

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 5de4097c8be4b3145eb5210fb960c780
SHA1 f43d17248b5eadb4b787cba4335ff748ed84c988
SHA256 16dba0ae3e7b723c1abab59381f33cb93f4cdce141a8f16df06151973eff2055
SHA512 4c6610f71d25f326bcfe0f320a12db154d37fb2e04b3ddd8cf8878138d809c35888e16059b6b23be5da2ed39bd447d984d7df5f7493d7c12767239e6deac05bc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 5de4097c8be4b3145eb5210fb960c780
SHA1 f43d17248b5eadb4b787cba4335ff748ed84c988
SHA256 16dba0ae3e7b723c1abab59381f33cb93f4cdce141a8f16df06151973eff2055
SHA512 4c6610f71d25f326bcfe0f320a12db154d37fb2e04b3ddd8cf8878138d809c35888e16059b6b23be5da2ed39bd447d984d7df5f7493d7c12767239e6deac05bc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 a7204fe4d5435d06ad7e5a7898a9170c
SHA1 444b33ff7d9bec8bd0a2b30fa06fb2e7f53dc014
SHA256 49b811cbd704a96242f09bb815313063aa0a53d2971704fa41fba4bd97f2a083
SHA512 475bec407ffb23eaa54bb900cf9d2f0a699e347b9d717a04b8befddd1f4e550f0008026d883e430b3de67a69050afd7d88d805299dab6da1c5ee092a1961acf9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 5de4097c8be4b3145eb5210fb960c780
SHA1 f43d17248b5eadb4b787cba4335ff748ed84c988
SHA256 16dba0ae3e7b723c1abab59381f33cb93f4cdce141a8f16df06151973eff2055
SHA512 4c6610f71d25f326bcfe0f320a12db154d37fb2e04b3ddd8cf8878138d809c35888e16059b6b23be5da2ed39bd447d984d7df5f7493d7c12767239e6deac05bc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 5de4097c8be4b3145eb5210fb960c780
SHA1 f43d17248b5eadb4b787cba4335ff748ed84c988
SHA256 16dba0ae3e7b723c1abab59381f33cb93f4cdce141a8f16df06151973eff2055
SHA512 4c6610f71d25f326bcfe0f320a12db154d37fb2e04b3ddd8cf8878138d809c35888e16059b6b23be5da2ed39bd447d984d7df5f7493d7c12767239e6deac05bc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 5de4097c8be4b3145eb5210fb960c780
SHA1 f43d17248b5eadb4b787cba4335ff748ed84c988
SHA256 16dba0ae3e7b723c1abab59381f33cb93f4cdce141a8f16df06151973eff2055
SHA512 4c6610f71d25f326bcfe0f320a12db154d37fb2e04b3ddd8cf8878138d809c35888e16059b6b23be5da2ed39bd447d984d7df5f7493d7c12767239e6deac05bc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 5de4097c8be4b3145eb5210fb960c780
SHA1 f43d17248b5eadb4b787cba4335ff748ed84c988
SHA256 16dba0ae3e7b723c1abab59381f33cb93f4cdce141a8f16df06151973eff2055
SHA512 4c6610f71d25f326bcfe0f320a12db154d37fb2e04b3ddd8cf8878138d809c35888e16059b6b23be5da2ed39bd447d984d7df5f7493d7c12767239e6deac05bc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 22ac4e6dc50c968464852b7c36d0097c
SHA1 02199fc098a433abe17f20ba367001abbe2520df
SHA256 76689ef606870306eb5687a2ead1d281c776ea0f2ea9983906096231e3dc612b
SHA512 30fe88bc54e7b24ac0bbba2695efdd5d04689ceefbdde07fb5b459f8b5200bcd703834a98cbd3c013bedc765731e2ff31b8e218c75e38da00d1126fa70a72158

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 dde1acc160501dbf073b171f230c7900
SHA1 da6c4d873b83f06856b2dfc849f693019156a772
SHA256 484e50a2a05aada8e5040648e84b0b3402cc574cf2116e5ed848c24527fa4da2
SHA512 a8f4efefdcf21426a3511588c84864ac1827ca2d61a8957aaa9d6cf881114b5a961bd634a7adeda4bca59d2413c4fad4e02e67baee30c5e0cac10b784ad60887

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 dde1acc160501dbf073b171f230c7900
SHA1 da6c4d873b83f06856b2dfc849f693019156a772
SHA256 484e50a2a05aada8e5040648e84b0b3402cc574cf2116e5ed848c24527fa4da2
SHA512 a8f4efefdcf21426a3511588c84864ac1827ca2d61a8957aaa9d6cf881114b5a961bd634a7adeda4bca59d2413c4fad4e02e67baee30c5e0cac10b784ad60887

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 6e3c7acb141512ba22981f0efaee3cb9
SHA1 fd74bccfeed1c8f7e26e25353278501760a90160
SHA256 e23c02284e1d553155799a088dbc31df44aad955b740bc7a053078acfca64777
SHA512 554e14481b27f8114234d8bf9c4199f32977241dcdc6487d81576d333e930be41dfd1239cfef88d1eaa7f2105e93ce5738b28bf84f34f0b92bbc41141de66ab8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a4c7d91884a85bdb10d3962b7edb6f31
SHA1 7ed4d4526f5d7876d704af420b18e2322f5cf21d
SHA256 537ea6e404e1a67c311061606067244fcbd8892632cefd438b5376bd9bbbd539
SHA512 c3517da44f2907924aff28bd1ca633c7c74ff1c373776546d8a2cfc24020fc9ffe177ba7a067eafb605eb9bda0e380195c3293ec3886a3c4cc116a85a2a0c444

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 56445c4b845f083629856e7d322b3cb5
SHA1 d3a9642979048a2b5bd8522b483634bcbf016151
SHA256 686ac610b6b9e510d25f009c4937679ac94c482a02fcbf787e44b7007de78fa9
SHA512 18fb1c30eac048ea1e33b2db0280b8e6b8081501ad3f400d0a51b18eeea9f664e8c52c976ad80f63f02ea67eafef6280f80690cfb4fe0063121cdbb3df7e059c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 56445c4b845f083629856e7d322b3cb5
SHA1 d3a9642979048a2b5bd8522b483634bcbf016151
SHA256 686ac610b6b9e510d25f009c4937679ac94c482a02fcbf787e44b7007de78fa9
SHA512 18fb1c30eac048ea1e33b2db0280b8e6b8081501ad3f400d0a51b18eeea9f664e8c52c976ad80f63f02ea67eafef6280f80690cfb4fe0063121cdbb3df7e059c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LUJGUSCK.cookie

MD5 8f62350682cc361e21aee4b4a33fe779
SHA1 9e598db047ef942470f5788d2bb48865173b9ac2
SHA256 3a8a9f2233f7b81b348e9243c863d0630c2c6f7cd1165baeab0e7c8103e59677
SHA512 495e1510c056f27808888a50c83a7c08e34799e98ce486ae653aa1874726b226eaa0a1d757f879c5b595e3c855b9264e5f35eaa02eef1ee4e4d48adab1214fca

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 0156e647cb8f1bfd0448949b9ce6d873
SHA1 87a3b75312e87c6cf14207d9d8411c77b357004b
SHA256 484b81ede96bcb6687b059663219a9223a4a9f7b4292334b522b77917b252a83
SHA512 4b617f6e0d070257045a9e2433446a8ac78e184115fa49919c9f03d5a00d70f2d78198f06c8648bd09d027fc3ef91f001e6a1587e622fa39ea2a17e9bd71914a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 51e65a8d62927931329e0743ba03fbc1
SHA1 ea8da176836f4154b98f78d27cd26d57a513d67a
SHA256 72da5002d41ea5ba66c9c05cfb07f4bafbe53b026f8956bc7a7f13238e3ac914
SHA512 0be82f053f6a3d9a1684479a394464d58194c93cd96f066b946da1536c8e89ee37e9cd90c2af255c7ef82a84b6a0660ee315518ae2abe392ead5ebc181a40412

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 0156e647cb8f1bfd0448949b9ce6d873
SHA1 87a3b75312e87c6cf14207d9d8411c77b357004b
SHA256 484b81ede96bcb6687b059663219a9223a4a9f7b4292334b522b77917b252a83
SHA512 4b617f6e0d070257045a9e2433446a8ac78e184115fa49919c9f03d5a00d70f2d78198f06c8648bd09d027fc3ef91f001e6a1587e622fa39ea2a17e9bd71914a

memory/5924-215-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a4c7d91884a85bdb10d3962b7edb6f31
SHA1 7ed4d4526f5d7876d704af420b18e2322f5cf21d
SHA256 537ea6e404e1a67c311061606067244fcbd8892632cefd438b5376bd9bbbd539
SHA512 c3517da44f2907924aff28bd1ca633c7c74ff1c373776546d8a2cfc24020fc9ffe177ba7a067eafb605eb9bda0e380195c3293ec3886a3c4cc116a85a2a0c444

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a4c7d91884a85bdb10d3962b7edb6f31
SHA1 7ed4d4526f5d7876d704af420b18e2322f5cf21d
SHA256 537ea6e404e1a67c311061606067244fcbd8892632cefd438b5376bd9bbbd539
SHA512 c3517da44f2907924aff28bd1ca633c7c74ff1c373776546d8a2cfc24020fc9ffe177ba7a067eafb605eb9bda0e380195c3293ec3886a3c4cc116a85a2a0c444

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe

MD5 999fa3ad587c499ed71dd395e815cc47
SHA1 55569cabe195a206f953b2e0507af5e013fc0299
SHA256 bd6aa405505d87891e21df8c8abea9a3eac2619903cd3cde7441fb183bf33fce
SHA512 6dbeb17c1b75d652399f1212bd859e8552e92384843038e627e46547c01aaac276ffdb7f8990463d212994b397e249c7ce13c90572c80bc4185c632d05c0914e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c5e5538a3a92a5399666a2395801cded
SHA1 64e695c84922fc3042342add8d9f9ed3a23ddf7f
SHA256 ca1a6dd5a312aa7483816af442fd1002bae6025414907457e2bbea9a514d32c2
SHA512 f7dc80d4e51ee76e5a71277ab9f77b282e60f674a54dc2fae4c66615ede4b1376e3bb4532e6304baf06da47495d185f23dfa5f6d2bea9fab5b215fee1b4cbbc2

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yz065.exe

MD5 999fa3ad587c499ed71dd395e815cc47
SHA1 55569cabe195a206f953b2e0507af5e013fc0299
SHA256 bd6aa405505d87891e21df8c8abea9a3eac2619903cd3cde7441fb183bf33fce
SHA512 6dbeb17c1b75d652399f1212bd859e8552e92384843038e627e46547c01aaac276ffdb7f8990463d212994b397e249c7ce13c90572c80bc4185c632d05c0914e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 9d51b1afad35ce89d1dddf93b3256af7
SHA1 531c871b5cd5d9bad9aa8c473ac67e2516520756
SHA256 cca5b48437d3101d1f3e1cefc96fab97f27ed75ae62cbb189f5bfde07fa990fc
SHA512 576b0afc781ca1b7ff4d3cd2607d85c582db2da81c346b406b6dfa88867481ed5e62b145b34036994960b953338a30870926d2ed41f7711821557313d81241be

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 c5e5538a3a92a5399666a2395801cded
SHA1 64e695c84922fc3042342add8d9f9ed3a23ddf7f
SHA256 ca1a6dd5a312aa7483816af442fd1002bae6025414907457e2bbea9a514d32c2
SHA512 f7dc80d4e51ee76e5a71277ab9f77b282e60f674a54dc2fae4c66615ede4b1376e3bb4532e6304baf06da47495d185f23dfa5f6d2bea9fab5b215fee1b4cbbc2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 9d51b1afad35ce89d1dddf93b3256af7
SHA1 531c871b5cd5d9bad9aa8c473ac67e2516520756
SHA256 cca5b48437d3101d1f3e1cefc96fab97f27ed75ae62cbb189f5bfde07fa990fc
SHA512 576b0afc781ca1b7ff4d3cd2607d85c582db2da81c346b406b6dfa88867481ed5e62b145b34036994960b953338a30870926d2ed41f7711821557313d81241be

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 9d51b1afad35ce89d1dddf93b3256af7
SHA1 531c871b5cd5d9bad9aa8c473ac67e2516520756
SHA256 cca5b48437d3101d1f3e1cefc96fab97f27ed75ae62cbb189f5bfde07fa990fc
SHA512 576b0afc781ca1b7ff4d3cd2607d85c582db2da81c346b406b6dfa88867481ed5e62b145b34036994960b953338a30870926d2ed41f7711821557313d81241be

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5OM78W03\shared_global[1].css

MD5 cfe7fa6a2ad194f507186543399b1e39
SHA1 48668b5c4656127dbd62b8b16aa763029128a90c
SHA256 723131aba2cf0edd34a29d63af1d7b4ff515b9a3a3e164b2493026132dd37909
SHA512 5c85bb6404d5be1871b0b2e2d2c9053716354acd69c7acca73d8ce8bf8f21645ae11f788f78ef624444016cb722ecbd6213e771bda36717725f2b60f53688c6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBZVDBB5\buttons[1].css

MD5 84524a43a1d5ec8293a89bb6999e2f70
SHA1 ea924893c61b252ce6cdb36cdefae34475d4078c
SHA256 8163d25cb71da281079b36fcde6d9f6846ff1e9d70112bbe328cae5ffb05f2bc
SHA512 2bf17794d327b4a9bdbae446dd086354b6b98ac044a8ee0b85bd72c3ab22d93b43f3542df03d64f997d1df6fc6cac5c5e258c4ec82b998f3a40b50c2fde99b5a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 dd8b477007faa66b3570a925c9a253c9
SHA1 1e41f763009d253e28b5ddfd332383905ac5e071
SHA256 58aa79d1e12e2b3fba02f3edc471fd15d2e8083cd59d462a189b96b61aea8586
SHA512 ea174e8cf5baf902ca4b0b4bfc521a53adfd9b08c0f0862c9a973ccbbe8c0eab5f48cd4672adfd23983c209916095e80afd477406d4d8122d1de2bf7a79c08ae

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBZVDBB5\shared_responsive[1].css

MD5 086f049ba7be3b3ab7551f792e4cbce1
SHA1 292c885b0515d7f2f96615284a7c1a4b8a48294a
SHA256 b38fc1074ef68863c2841111b9e20d98ea0305c1e39308dc7ad3a6f3fd39117a
SHA512 645f23b5598d0c38286c2a68268cb0bc60db9f6de7620297f94ba14afe218d18359d124ebb1518d31cd8960baed7870af8fd6960902b1c9496d945247fbb2d78

memory/4664-380-0x000002337D900000-0x000002337DA00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

memory/5924-394-0x0000000072660000-0x0000000072D4E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBZVDBB5\shared_global[1].js

MD5 f94199f679db999550a5771140bfad4b
SHA1 10e3647f07ef0b90e64e1863dd8e45976ba160c0
SHA256 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548
SHA512 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBZVDBB5\tooltip[1].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

memory/5096-410-0x0000026435480000-0x00000264354A0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VBZVDBB5\shared_responsive_adapter[1].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

memory/5924-442-0x000000000BC70000-0x000000000C16E000-memory.dmp

memory/5212-445-0x000001C131470000-0x000001C131472000-memory.dmp

memory/5924-458-0x000000000B850000-0x000000000B8E2000-memory.dmp

memory/5212-470-0x000001C1314A0000-0x000001C1314A2000-memory.dmp

memory/4664-477-0x0000022B00800000-0x0000022B00820000-memory.dmp

memory/5212-480-0x000001C1314C0000-0x000001C1314C2000-memory.dmp

memory/5924-515-0x000000000B8F0000-0x000000000B8FA000-memory.dmp

memory/5924-523-0x000000000C780000-0x000000000CD86000-memory.dmp

memory/5924-539-0x000000000C170000-0x000000000C27A000-memory.dmp

memory/5924-546-0x000000000BB00000-0x000000000BB3E000-memory.dmp

memory/5924-543-0x000000000BAA0000-0x000000000BAB2000-memory.dmp

memory/5924-556-0x000000000BB40000-0x000000000BB8B000-memory.dmp

memory/5212-563-0x000001C142450000-0x000001C142452000-memory.dmp

memory/5212-565-0x000001C142470000-0x000001C142472000-memory.dmp

memory/5212-569-0x000001C142490000-0x000001C142492000-memory.dmp

memory/2364-574-0x000002455B4D0000-0x000002455B4F0000-memory.dmp

memory/4316-617-0x0000016877700000-0x0000016877800000-memory.dmp

memory/5860-621-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5860-624-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5860-645-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5860-653-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5096-662-0x0000026436C00000-0x0000026436D00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2LT2U5NS\favicon[1].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\XC04VGOB\www.epicgames[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F01YT1OE\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CZLLPKBX\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2LT2U5NS\favicon[2].ico

MD5 630d203cdeba06df4c0e289c8c8094f6
SHA1 eee14e8a36b0512c12ba26c0516b4553618dea36
SHA256 bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
SHA512 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\hmxo271\imagestore.dat

MD5 ea97b387f0d67ccb4a3c0b6c2c92d79a
SHA1 95ca96a54903c09ba3e5b36dac1b5f0017e050a1
SHA256 e7095e05c4351f9113eb048c1640c6953923f3f07cf53151d1ed6c2b7c80b0b8
SHA512 4ae22a36b756c13dcd9feeb97beae79518968da9c2ce82dbda06b2a4e3ebee6d751338ef4bb8f9fe449fd088a267356874b85841075df7f7b228a6cc7a98e648

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\YKEG9F5N\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5OM78W03\chunk~f036ce556[1].css

MD5 19a9c503e4f9eabd0eafd6773ab082c0
SHA1 d9b0ca3905ab9a0f9ea976d32a00abb7935d9913
SHA256 7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a
SHA512 0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83