Malware Analysis Report

2025-01-02 05:10

Sample ID 231111-g5l1wsdd55
Target 57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b
SHA256 57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b
Tags
mystic redline taiga paypal infostealer persistence phishing stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b

Threat Level: Known bad

The file 57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga paypal infostealer persistence phishing stealer

RedLine

Detect Mystic stealer payload

RedLine payload

Mystic

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Drops file in Windows directory

Program crash

Unsigned PE

Suspicious behavior: MapViewOfSection

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 06:23

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 06:23

Reported

2023-11-11 06:26

Platform

win10-20231023-en

Max time kernel

179s

Max time network

195s

Command Line

"C:\Users\Admin\AppData\Local\Temp\57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 319985be6714da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 341c49bf6714da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steampowered.com\NumberOfSubd = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steampowered.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steamcommunity.com\NumberOfSu = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b764f2bf6714da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9b8abbbf6714da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steamcommunity.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{3C9D0FF6-473A-480C-A9B6-A905CF97222B} = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-946614337-2046421199-3397417319-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2872 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe
PID 2872 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe
PID 2872 wrote to memory of 1740 N/A C:\Users\Admin\AppData\Local\Temp\57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe
PID 1740 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe
PID 1740 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe
PID 1740 wrote to memory of 2956 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe
PID 1740 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe
PID 1740 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe
PID 1740 wrote to memory of 2028 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe
PID 2028 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2028 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2028 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2028 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2028 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2028 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2028 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2028 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2028 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2028 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4968 wrote to memory of 5164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2872 wrote to memory of 6412 N/A C:\Users\Admin\AppData\Local\Temp\57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe
PID 2872 wrote to memory of 6412 N/A C:\Users\Admin\AppData\Local\Temp\57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe
PID 2872 wrote to memory of 6412 N/A C:\Users\Admin\AppData\Local\Temp\57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe
PID 4968 wrote to memory of 5164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4968 wrote to memory of 5164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4968 wrote to memory of 5164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4968 wrote to memory of 5164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4968 wrote to memory of 5164 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4968 wrote to memory of 4552 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4968 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4968 wrote to memory of 3728 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4968 wrote to memory of 4552 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4968 wrote to memory of 2736 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4968 wrote to memory of 3728 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 6412 wrote to memory of 6288 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6412 wrote to memory of 6288 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6412 wrote to memory of 6288 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6412 wrote to memory of 6208 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6412 wrote to memory of 6208 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6412 wrote to memory of 6208 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6412 wrote to memory of 6208 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6412 wrote to memory of 6208 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6412 wrote to memory of 6208 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6412 wrote to memory of 6208 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6412 wrote to memory of 6208 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4968 wrote to memory of 5064 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4968 wrote to memory of 5064 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b.exe

"C:\Users\Admin\AppData\Local\Temp\57f628e6916fce1880dce5cffcd73d7d7018cd7bc4a1b9329a9f7e7d6e7e893b.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 568

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 3.227.115.152:443 www.epicgames.com tcp
US 3.227.115.152:443 www.epicgames.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 152.115.227.3.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 192.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 store.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 206.246.238.18.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 fbsbx.com udp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 10.173.189.20.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 community.cloudflare.steamstatic.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe

MD5 272f1d0d9fff63da850d896d13502744
SHA1 df5ac5b8a98886c57c7bf8440a1ef8804d68a3bb
SHA256 952d2ab8643f554a13fb17453a8d6163c79a89faf4d209dbf811828385058b6b
SHA512 3e226737a310b9d2b07b567ab11df8b93f1bda8f031d9f43e359a6fba9b93218f93fa87f2447c7560d2c66106c3a9b95b414df0949345930b78ce9a9abfe5087

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ak9Iz90.exe

MD5 272f1d0d9fff63da850d896d13502744
SHA1 df5ac5b8a98886c57c7bf8440a1ef8804d68a3bb
SHA256 952d2ab8643f554a13fb17453a8d6163c79a89faf4d209dbf811828385058b6b
SHA512 3e226737a310b9d2b07b567ab11df8b93f1bda8f031d9f43e359a6fba9b93218f93fa87f2447c7560d2c66106c3a9b95b414df0949345930b78ce9a9abfe5087

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe

MD5 74f9e64c82dca367749a5b57704a108a
SHA1 a45afbf1609bb08bd44c31f9b35b1e93d8877d98
SHA256 3f21ce7ce6081b8476a87f5bb930c4a395e2bf5b8c7db003ee759e0add6e767e
SHA512 2a83b542bfe45496ea10d7358513f469c89061b74f96e0003c62020b3a1f239a1e4b317eccc4eaf40bf3703fb83ffc95a564a138cf9fbec1b9b4a84b415a7c0d

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1qL41ea9.exe

MD5 74f9e64c82dca367749a5b57704a108a
SHA1 a45afbf1609bb08bd44c31f9b35b1e93d8877d98
SHA256 3f21ce7ce6081b8476a87f5bb930c4a395e2bf5b8c7db003ee759e0add6e767e
SHA512 2a83b542bfe45496ea10d7358513f469c89061b74f96e0003c62020b3a1f239a1e4b317eccc4eaf40bf3703fb83ffc95a564a138cf9fbec1b9b4a84b415a7c0d

memory/4860-14-0x0000020B70920000-0x0000020B70930000-memory.dmp

memory/4860-30-0x0000020B70F00000-0x0000020B70F10000-memory.dmp

memory/4860-49-0x0000020B75FD0000-0x0000020B75FD2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 ded3a4824490c50b7777fdf255fd2739
SHA1 26e6cbb4e1e9283d0e4b13314f0988c2faaa4961
SHA256 816fa3e91c1a4c71a037c1ceae0bd2d755349c8ffd2ec4a9d24294f5d5800f94
SHA512 19bfefb53ef24a9d039a3458e37fe1abef27f08436d7d904a061e6dc0fc027963a183a3279f8a19118a246e3844f3bc8f7c212fb9728e3324ae7df89d5c18ed4

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe

MD5 9eb29958e62ecc76ed1f0ede326b8afa
SHA1 6b09635e9775231c682f8efaecacd07417b72775
SHA256 f18838709f90f3a08ba6fae3f6ec5935dc5c044225ab2ed1201fbe4b4d5902ae
SHA512 5874c599a09d8c3e7938a9e5ab99b73314eda145b0c486f7937c8131768d809af9c0aceccc12bf197e86bc9dd346999e62029ed1762cf4b3e24db0fd7401cab9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 f16034bdf8dc2c6cc308e80ff6b4f66a
SHA1 a7da62c1364362bcc750c808e119179391d4bbd7
SHA256 5cad704f955e1b90e297820435d355647d007a63af093275f5c705f1586dbe71
SHA512 53742fc23332139ada6bd2cd0f3d0b33fa8d5c9586539570e64d3122ca5d2d912e3307e39317da97641fbf470bf492b9e38c5e11883f9d330d2b9b5cf0b9b9f9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 3b5f64699fca4a11d766d8ca3a7a5b83
SHA1 47cd31436f867356fdcd070a977a535bddfb5977
SHA256 352f8bdd5151a5c07f8ba5442a6a061514aac0fa4fe923275fd011a41152177f
SHA512 d55023b25b9cb28472c238b42b3b7b0d610be3c7209d8ae36f247e0b31a16b7031f242e4b572e83cbe48bbd54c09a6e8d10b165f6afa3f04153664cea6828eea

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Tf9361.exe

MD5 9eb29958e62ecc76ed1f0ede326b8afa
SHA1 6b09635e9775231c682f8efaecacd07417b72775
SHA256 f18838709f90f3a08ba6fae3f6ec5935dc5c044225ab2ed1201fbe4b4d5902ae
SHA512 5874c599a09d8c3e7938a9e5ab99b73314eda145b0c486f7937c8131768d809af9c0aceccc12bf197e86bc9dd346999e62029ed1762cf4b3e24db0fd7401cab9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 11d396fbe9dc65b959efaeca36469be7
SHA1 1ce3537e3b45fbcc3f24d0f07cf0cc785dad9a4a
SHA256 3a12abf5984fb8ca9446f0ccdc4159a890243ed86ec0888b153dba0ab089e0db
SHA512 fe8d64cf4f86ff93bdfb2bfed180c9fdf77da516c5e06f6dcffb9210e6d41eea3bab85b36f363d91ff4f342e2212f99509fbfb9f6702a2eea3f16bed0c3a37cc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 3b5f64699fca4a11d766d8ca3a7a5b83
SHA1 47cd31436f867356fdcd070a977a535bddfb5977
SHA256 352f8bdd5151a5c07f8ba5442a6a061514aac0fa4fe923275fd011a41152177f
SHA512 d55023b25b9cb28472c238b42b3b7b0d610be3c7209d8ae36f247e0b31a16b7031f242e4b572e83cbe48bbd54c09a6e8d10b165f6afa3f04153664cea6828eea

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 11d396fbe9dc65b959efaeca36469be7
SHA1 1ce3537e3b45fbcc3f24d0f07cf0cc785dad9a4a
SHA256 3a12abf5984fb8ca9446f0ccdc4159a890243ed86ec0888b153dba0ab089e0db
SHA512 fe8d64cf4f86ff93bdfb2bfed180c9fdf77da516c5e06f6dcffb9210e6d41eea3bab85b36f363d91ff4f342e2212f99509fbfb9f6702a2eea3f16bed0c3a37cc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 29b486efa1bc1f4a24a18f49e3f08836
SHA1 317bb316164004e94c0075b53dd33732a9550451
SHA256 754bbffc6a2da256963d5e432935dc8315e008ebdadf77a38c6f9b3cc378f319
SHA512 c5efcdbbb46d14a706bed4aaa7cde424ff50ddb0a4143a1656fc4b807a43668db7ce4605524632960285bf706c58cfb65f2d8fe917a7225075dcc1b634c33ae5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\M4JB6LNX.cookie

MD5 2078099c2a6161b2b1a693ba438eb1c2
SHA1 951d565547ffbe397a43c18e581a7bebbdc0c684
SHA256 99b568874f594f1fd414c73261440d0b3d0d968d38ff364427b647f495a7ac51
SHA512 ba989857333ac57c44181a03c8c9f634f4e94de8c01b621f46f09dfe74ccead3bdc97cb5192ae77a079bcdfefdf206a275dcde0b700e0cb2c7a5c931ae2e401a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 6f20a23d616e2ae1a92e4d8d89e1bc91
SHA1 9167e465b9f01c6d9752eb861281a9fadc098a5e
SHA256 19c2445f0838b818188dba803d5f1c25ebde8abb0d7ddf5c8e564c87ce723421
SHA512 279d924e840d5e8be7363542e4df690fbca4401ca7b4dc5dbad2d4b4dc6af50ff03a12372138eb7829bf7528dcfec60815b6d414ccf3c1f4bd081d81c99acb3f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 a18e39d00d1ed503c4186c7dc5dd15da
SHA1 aca122103a7fa4ac002af1ce2d9603d8fd082469
SHA256 7898c80f8ad75029ad500a452536894c91bd49b85cf255261af10dc25fa6772c
SHA512 fd3ac5a883b2410494a996d8b0d272d4f4d7bce889a052d03788979ad6137b7f2753b7a27efc4f4ad2726334ddf2e478f79f74bbd4ec1100ad6e9b27551a4a88

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 53794efa7410eb33bc200061a714d531
SHA1 baf26bf11d03553826effd61b9d7b194dc7fe0cf
SHA256 a6cfa8cea0032a59f7f69fe42c0d0897f4ce18c592d0b822c22d7d5e9a5a1dc2
SHA512 07eb2aea5eee9678a32cc34f8f87715286a887cad0d3b27da57f17bd23e11b2a500875567bd10e230971f339ae6c379dc6e6cb7902d4b8421902567572f22e08

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 7690084e08c3c1e9eb7ca685b34bf099
SHA1 1cc2ee611ec662e78e374b9f77189e8f3be599bf
SHA256 77c5d34051eecd251572a1be5e4b41a87073b40edc240b7ac3fe24cf41ba9918
SHA512 116c8232362ba6c3bd8ebab2367faf605d62d649695ace670de814413ee8359abede49f7a3451dc253c8249c368d56c890aa6c621fe7a6c46ebf171010d5bf17

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 53794efa7410eb33bc200061a714d531
SHA1 baf26bf11d03553826effd61b9d7b194dc7fe0cf
SHA256 a6cfa8cea0032a59f7f69fe42c0d0897f4ce18c592d0b822c22d7d5e9a5a1dc2
SHA512 07eb2aea5eee9678a32cc34f8f87715286a887cad0d3b27da57f17bd23e11b2a500875567bd10e230971f339ae6c379dc6e6cb7902d4b8421902567572f22e08

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 11d396fbe9dc65b959efaeca36469be7
SHA1 1ce3537e3b45fbcc3f24d0f07cf0cc785dad9a4a
SHA256 3a12abf5984fb8ca9446f0ccdc4159a890243ed86ec0888b153dba0ab089e0db
SHA512 fe8d64cf4f86ff93bdfb2bfed180c9fdf77da516c5e06f6dcffb9210e6d41eea3bab85b36f363d91ff4f342e2212f99509fbfb9f6702a2eea3f16bed0c3a37cc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 7690084e08c3c1e9eb7ca685b34bf099
SHA1 1cc2ee611ec662e78e374b9f77189e8f3be599bf
SHA256 77c5d34051eecd251572a1be5e4b41a87073b40edc240b7ac3fe24cf41ba9918
SHA512 116c8232362ba6c3bd8ebab2367faf605d62d649695ace670de814413ee8359abede49f7a3451dc253c8249c368d56c890aa6c621fe7a6c46ebf171010d5bf17

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 444ca8fb05ef147f32b237c58791ab76
SHA1 79da8f17913725aba0493fca171cb3f10d94546a
SHA256 55ef8e47ac888106d70c965b9b5fac9252b1b5d54f9740b8ade4ffe6b388ac5c
SHA512 7b755bee01cd480f354c13aec279d0041348e7ecd20dcfd3410d08e9837e5406c569b2b8cb488efc01b22494365db97f97045102ac313daf591f85a91b757719

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 f036ad99d91174c52604732998a9a4ed
SHA1 a2f81b9b3f3f9c5507d803839f93d6fe4b781620
SHA256 c28cbb9b8af4db7588d0a40c9295bb533fec6d5dad96ab82d4a80f314934951e
SHA512 2aa54657eadc130e919bd098afc115f8ba6b990d4c0cb96557dc4b48d27037455d5e283e45a75fb8d4d4ed117ba1fb86be6bffe76f943e2c991fada7676d318f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U1VHGVHR\shared_global[1].css

MD5 cfe7fa6a2ad194f507186543399b1e39
SHA1 48668b5c4656127dbd62b8b16aa763029128a90c
SHA256 723131aba2cf0edd34a29d63af1d7b4ff515b9a3a3e164b2493026132dd37909
SHA512 5c85bb6404d5be1871b0b2e2d2c9053716354acd69c7acca73d8ce8bf8f21645ae11f788f78ef624444016cb722ecbd6213e771bda36717725f2b60f53688c6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\31O0KHPK\buttons[1].css

MD5 84524a43a1d5ec8293a89bb6999e2f70
SHA1 ea924893c61b252ce6cdb36cdefae34475d4078c
SHA256 8163d25cb71da281079b36fcde6d9f6846ff1e9d70112bbe328cae5ffb05f2bc
SHA512 2bf17794d327b4a9bdbae446dd086354b6b98ac044a8ee0b85bd72c3ab22d93b43f3542df03d64f997d1df6fc6cac5c5e258c4ec82b998f3a40b50c2fde99b5a

memory/5944-331-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5944-351-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5944-347-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5164-346-0x000001C55D8D0000-0x000001C55D8D2000-memory.dmp

memory/5944-362-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe

MD5 fbc6d505bc02bc28d6fcd297f4b0cb46
SHA1 a41685f43afbe5e70bdebab0e11f33163ccab625
SHA256 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e
SHA512 c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af

memory/5164-364-0x000001C56DDB0000-0x000001C56DDB2000-memory.dmp

memory/5164-366-0x000001C56DE70000-0x000001C56DE72000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3uS10sR.exe

MD5 fbc6d505bc02bc28d6fcd297f4b0cb46
SHA1 a41685f43afbe5e70bdebab0e11f33163ccab625
SHA256 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e
SHA512 c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\31O0KHPK\shared_responsive[1].css

MD5 086f049ba7be3b3ab7551f792e4cbce1
SHA1 292c885b0515d7f2f96615284a7c1a4b8a48294a
SHA256 b38fc1074ef68863c2841111b9e20d98ea0305c1e39308dc7ad3a6f3fd39117a
SHA512 645f23b5598d0c38286c2a68268cb0bc60db9f6de7620297f94ba14afe218d18359d124ebb1518d31cd8960baed7870af8fd6960902b1c9496d945247fbb2d78

memory/3128-393-0x0000017314100000-0x0000017314200000-memory.dmp

memory/5164-382-0x000001C56E520000-0x000001C56E522000-memory.dmp

memory/2304-425-0x00000126AE2A0000-0x00000126AE2C0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\31O0KHPK\shared_responsive_adapter[1].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\31O0KHPK\shared_global[1].js

MD5 f94199f679db999550a5771140bfad4b
SHA1 10e3647f07ef0b90e64e1863dd8e45976ba160c0
SHA256 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548
SHA512 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\31O0KHPK\tooltip[1].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

memory/1248-417-0x000001911A5D0000-0x000001911A5F0000-memory.dmp

memory/5164-410-0x000001C56E540000-0x000001C56E542000-memory.dmp

memory/308-454-0x0000023B1B820000-0x0000023B1B840000-memory.dmp

memory/5164-453-0x000001C56E560000-0x000001C56E562000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\O5CQAOXZ.cookie

MD5 00f044be1193e06c6074b44d3c7e717a
SHA1 39f372419aff8e9e713fd28d76a52e8544d06886
SHA256 618c24c3f94e6c7010c78542a6451c472b3e779c72fc07caa10f39cb0f0bcac3
SHA512 5e2e4c643c27f47160355af605f80b21f29cbf2baec571778d96ea7d656459bbbf530ff0e42743251ab041ccfe4a32fcb3fc78bd9c195b8c209b9970f335fee9

memory/308-511-0x0000023B19480000-0x0000023B194A0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

memory/2304-555-0x00000126AF600000-0x00000126AF620000-memory.dmp

memory/4572-565-0x0000016624640000-0x0000016624660000-memory.dmp

memory/6208-581-0x0000000000400000-0x000000000043C000-memory.dmp

memory/1248-620-0x000001911AAC0000-0x000001911ABC0000-memory.dmp

memory/4860-631-0x0000020B78D10000-0x0000020B78D11000-memory.dmp

memory/4860-640-0x0000020B78D20000-0x0000020B78D21000-memory.dmp

memory/3128-682-0x0000017314920000-0x0000017314940000-memory.dmp

memory/3128-684-0x0000017315700000-0x0000017315800000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\97VQY5OM.cookie

MD5 548390e6f6bcec3de1569da9204e8865
SHA1 2697305d8fffd6c993aca3f7625158443880611b
SHA256 db5add3aa548b3747eaf1efd0e9fe2d9642af4bb8db0826f1b06060b8863a0b4
SHA512 da1dba19bbab13454a5433e379dc40f96c59da96382d7cb1d5e59773942c5a2e8e4cde1ca0d70cbbb1c0fe9713082c6bc7dfdae0a2040a8bf37f362a1e3c3d5c

memory/4572-715-0x0000016625000000-0x0000016625100000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FYIAFPFP\favicon[1].ico

MD5 630d203cdeba06df4c0e289c8c8094f6
SHA1 eee14e8a36b0512c12ba26c0516b4553618dea36
SHA256 bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
SHA512 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FYIAFPFP\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\28JK3VIL.cookie

MD5 5fb502de06d07f7a62dca16c32ba0966
SHA1 371608a79ecefd523f447f8bc0ac0ba17982a42b
SHA256 cba45f3d3432ef392ce46e8fe4b213a25e4018f949c84a4a41f91fe71d46326a
SHA512 c083d06bdd273a9c18d31a1dec5231d58a547e24952075cd04bf419eff5c0b696413720d2ec6e9602417d760131fad8dc7059c48b65b98390287da57e8bbeeb4

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\U1WN6XJB\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\FYIAFPFP\favicon[2].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\F01YT1OE\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4SPAE1SI\www.epicgames[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\msko7it\imagestore.dat

MD5 062272b57613e64f9d9796b405c08194
SHA1 8101653b6717e893a3ce1869089f6fc67a0cf774
SHA256 33390479d2cebdf6576bdb0b8c2493b04fa3ffd71588367d11137edd59838edb
SHA512 389416629db97f6c1f7ff71071b8e1c586797903410e82a2dde0ef76e339581c4e7885836291b8c487bc96b53172673e23fba562f32d83f589246c2aeb31d5bd