Malware Analysis Report

2024-12-08 01:05

Sample ID 231111-k6gpcacg6z
Target 5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919
SHA256 5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919
Tags
glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor google paypal dropper infostealer loader persistence phishing rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919

Threat Level: Known bad

The file 5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919 was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor google paypal dropper infostealer loader persistence phishing rat stealer trojan

Glupteba

Detect Mystic stealer payload

RedLine payload

SmokeLoader

ZGRat

SectopRAT

Glupteba payload

RedLine

Detect ZGRat V1

SectopRAT payload

Detected google phishing page

Mystic

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Detected potential entity reuse from brand paypal.

AutoIT Executable

Suspicious use of SetThreadContext

Drops file in Windows directory

Unsigned PE

Program crash

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 09:12

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 09:12

Reported

2023-11-11 09:15

Platform

win10-20231020-en

Max time kernel

68s

Max time network

157s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected google phishing page

phishing google

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1kR63cL5.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Gb59yv.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Gb59yv.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Gb59yv.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b97a53417f14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 085bfa417f14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\store.steampowered.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6daecc647f14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\store.steampowered.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\epicgames.com\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.epicgames.com\ = "34" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "24" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\newassets.hcaptcha.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "34" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\Total = "26" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypalobjects.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2732f5587f14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypalobjects.com\Total = "115" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "15" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steamcommunity.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\recaptcha.net\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\recaptcha.net\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steampowered.com\NumberOfSubd = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\Total = "15" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Gb59yv.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Gb59yv.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Gb59yv.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4868 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe
PID 4868 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe
PID 4868 wrote to memory of 3580 N/A C:\Users\Admin\AppData\Local\Temp\5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe
PID 3580 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe
PID 3580 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe
PID 3580 wrote to memory of 4640 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe
PID 4640 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1kR63cL5.exe
PID 4640 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1kR63cL5.exe
PID 4640 wrote to memory of 4296 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1kR63cL5.exe
PID 4640 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe
PID 4640 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe
PID 4640 wrote to memory of 396 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe
PID 644 wrote to memory of 3232 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 3232 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 3232 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 3232 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 3232 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 3232 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 396 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 396 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 396 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 396 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 396 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 396 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 396 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 396 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 396 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 396 wrote to memory of 5860 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3580 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Gb59yv.exe
PID 3580 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Gb59yv.exe
PID 3580 wrote to memory of 5944 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Gb59yv.exe
PID 644 wrote to memory of 4912 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4912 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4912 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4868 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe
PID 4868 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe
PID 4868 wrote to memory of 4864 N/A C:\Users\Admin\AppData\Local\Temp\5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe
PID 4864 wrote to memory of 5880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4864 wrote to memory of 5880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4864 wrote to memory of 5880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4864 wrote to memory of 5880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4864 wrote to memory of 5880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4864 wrote to memory of 5880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4864 wrote to memory of 5880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4864 wrote to memory of 5880 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 644 wrote to memory of 4364 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4012 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4012 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4012 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4012 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4012 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4012 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4012 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4912 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4912 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4912 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4912 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4912 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4912 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4912 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4912 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4912 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4364 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 644 wrote to memory of 4364 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919.exe

"C:\Users\Admin\AppData\Local\Temp\5ffb90106f253a9c61d62970e2956ec08fbc902b2816e0545032492e1be2b919.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1kR63cL5.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1kR63cL5.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Gb59yv.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Gb59yv.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 568

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\92E.exe

C:\Users\Admin\AppData\Local\Temp\92E.exe

C:\Users\Admin\AppData\Local\Temp\A96.exe

C:\Users\Admin\AppData\Local\Temp\A96.exe

C:\Users\Admin\AppData\Local\Temp\5608.exe

C:\Users\Admin\AppData\Local\Temp\5608.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\5DD9.exe

C:\Users\Admin\AppData\Local\Temp\5DD9.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\61F0.exe

C:\Users\Admin\AppData\Local\Temp\61F0.exe

C:\Users\Admin\AppData\Local\Temp\5DD9.exe

C:\Users\Admin\AppData\Local\Temp\5DD9.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Users\Admin\AppData\Roaming\Tags\Settings.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 fbsbx.com udp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 44.206.117.98:443 www.epicgames.com tcp
US 44.206.117.98:443 www.epicgames.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 98.117.206.44.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 t.paypal.com udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 18.239.104.165:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 152.25.221.88.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 174.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 165.104.239.18.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.150:443 i.ytimg.com tcp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 254.43.238.8.in-addr.arpa udp
US 8.8.8.8:53 150.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
NL 172.217.168.227:443 www.recaptcha.net tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.172:443 watson.telemetry.microsoft.com tcp
US 52.168.117.172:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 172.117.168.52.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 177.25.221.88.in-addr.arpa udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 13.89.179.12:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 12.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 c6.paypal.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 192.229.221.25:443 c6.paypal.com tcp
US 192.229.221.25:443 c6.paypal.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.218.90:443 newassets.hcaptcha.com tcp
US 104.19.218.90:443 newassets.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.19.219.90:443 api.hcaptcha.com tcp
US 104.19.219.90:443 api.hcaptcha.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
NL 142.250.179.150:443 i.ytimg.com tcp
NL 142.250.179.150:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
NL 142.250.179.150:443 i.ytimg.com tcp
NL 142.250.179.150:443 i.ytimg.com tcp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 194.49.94.72:80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 98.142.81.104.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
MD 176.123.9.142:37637 tcp
US 8.8.8.8:53 142.9.123.176.in-addr.arpa udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
RU 5.42.92.51:19057 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 185.174.136.219:443 tcp
US 194.49.94.11:80 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 194.49.94.11:80 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe

MD5 1964599d279783bb807c796d98dbe44f
SHA1 318458c21ae02a2c35c6a797b4454036a6ea071c
SHA256 350790c715abe016d1109fb55ebf407dd0534a08f8dd3f928a67869eb523ee71
SHA512 62968e6e4639371c54c4ce1b3ef3a2646d6362b980d19b3ed774dd4cfb40a82f4295bc4be6961f716b345f36acdc3b8019de477a3affa4964534c20e50fa9bbc

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ga4EK58.exe

MD5 1964599d279783bb807c796d98dbe44f
SHA1 318458c21ae02a2c35c6a797b4454036a6ea071c
SHA256 350790c715abe016d1109fb55ebf407dd0534a08f8dd3f928a67869eb523ee71
SHA512 62968e6e4639371c54c4ce1b3ef3a2646d6362b980d19b3ed774dd4cfb40a82f4295bc4be6961f716b345f36acdc3b8019de477a3affa4964534c20e50fa9bbc

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe

MD5 8091e8028d15744c4b868531ebdee8a7
SHA1 a4ee4650a164b2621dd02ce3be7f6710ea5d4694
SHA256 b334d4b3808cb0c705016fd913f40413af9e44b70d122e41c66f89d3a22d5be2
SHA512 dc3eda321cddd0b0125073facca01d0e7ecc68a4e639f33af8ef0970c4cce2c6a1a8a869b542323a6bf82e37149abf5f83f229c85891cc0b17b7fc908405af6d

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\DV4aq40.exe

MD5 8091e8028d15744c4b868531ebdee8a7
SHA1 a4ee4650a164b2621dd02ce3be7f6710ea5d4694
SHA256 b334d4b3808cb0c705016fd913f40413af9e44b70d122e41c66f89d3a22d5be2
SHA512 dc3eda321cddd0b0125073facca01d0e7ecc68a4e639f33af8ef0970c4cce2c6a1a8a869b542323a6bf82e37149abf5f83f229c85891cc0b17b7fc908405af6d

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1kR63cL5.exe

MD5 b60e1cab4c546903b493faf3ab2dfc07
SHA1 99161504e578cf576dee1cd0b29abb29710fea5f
SHA256 1385a79555c4c3cafbffea433cace1ef3a4c4d26a156084d3b6eb5ea98685ff9
SHA512 672ce69c8f93cda36b23757ebeda6624afd3c216f743d9c9de3933d5d5434aa2a02af5c453cf7eeb5c01cd0f08ffdd24d52cb5a57ba8d4298eb1e28a06f29dd7

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1kR63cL5.exe

MD5 b60e1cab4c546903b493faf3ab2dfc07
SHA1 99161504e578cf576dee1cd0b29abb29710fea5f
SHA256 1385a79555c4c3cafbffea433cace1ef3a4c4d26a156084d3b6eb5ea98685ff9
SHA512 672ce69c8f93cda36b23757ebeda6624afd3c216f743d9c9de3933d5d5434aa2a02af5c453cf7eeb5c01cd0f08ffdd24d52cb5a57ba8d4298eb1e28a06f29dd7

memory/2724-21-0x0000023B1F020000-0x0000023B1F030000-memory.dmp

memory/2724-37-0x0000023B1F410000-0x0000023B1F420000-memory.dmp

memory/2724-56-0x0000023B1F930000-0x0000023B1F932000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe

MD5 50260d77bf7622933e44255b8fa5edea
SHA1 43ef379ff5593c084cd874fbd16748e24edfc823
SHA256 0c3be630f3a8fc81758e02f19a4df3dec4c4e964a9937708c0e938b492cfd3f9
SHA512 152de6bebaf3e8229dd9de7aac1562d64ffcf26e290c77b9bc9ebb3569f8643c4d15b1194d1ba854e330ddb4fe7630b7bd0a13b9a9943c672080442210bdab38

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2qU2831.exe

MD5 50260d77bf7622933e44255b8fa5edea
SHA1 43ef379ff5593c084cd874fbd16748e24edfc823
SHA256 0c3be630f3a8fc81758e02f19a4df3dec4c4e964a9937708c0e938b492cfd3f9
SHA512 152de6bebaf3e8229dd9de7aac1562d64ffcf26e290c77b9bc9ebb3569f8643c4d15b1194d1ba854e330ddb4fe7630b7bd0a13b9a9943c672080442210bdab38

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 407b8a7d75752f61416ec2650aac0655
SHA1 c4389cfa827f3c73841715e1b303ad542dba36b3
SHA256 b46d8206e51fba0d39891173b95f503589b19100d717a5f17410e5f83593db86
SHA512 9890ec93f5e14337f6dd00cb8057731a77768f8944a18ca1d1afd0eb5c593281a9c53e2763cc8ec2c2c70fbb6d7f728c700207a13f236bef107653d0d1cb1af3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 407b8a7d75752f61416ec2650aac0655
SHA1 c4389cfa827f3c73841715e1b303ad542dba36b3
SHA256 b46d8206e51fba0d39891173b95f503589b19100d717a5f17410e5f83593db86
SHA512 9890ec93f5e14337f6dd00cb8057731a77768f8944a18ca1d1afd0eb5c593281a9c53e2763cc8ec2c2c70fbb6d7f728c700207a13f236bef107653d0d1cb1af3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0120cb5e17524eb30835271a4f4c7fee
SHA1 48a1488ae11270befa063af4c7fcad2116135525
SHA256 ba66ee25ac82b030ab90048c47ab69004b80ad8404315f05018cf9b3422a02f6
SHA512 0723b06f639a80f657e621322d4cfb0398d6567d1366065e66a1360a04a979dbc2a5babaa69ddf137393c47f4a32369a228bb0f23452059f577c4707cfee86a9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 29b486efa1bc1f4a24a18f49e3f08836
SHA1 317bb316164004e94c0075b53dd33732a9550451
SHA256 754bbffc6a2da256963d5e432935dc8315e008ebdadf77a38c6f9b3cc378f319
SHA512 c5efcdbbb46d14a706bed4aaa7cde424ff50ddb0a4143a1656fc4b807a43668db7ce4605524632960285bf706c58cfb65f2d8fe917a7225075dcc1b634c33ae5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 211dee0c1e6bbe25032aea3477127d97
SHA1 f946babc0757ad6df8cf22fb59933f6c69ef2e22
SHA256 c638dd28c2098ebf97f824c9ed74152cbabee774388b30af6a74c2220b2a2afa
SHA512 638c9a79acfdf03ea0c853bbdff7a0106ed72117d1dee72b86b23f0d9dab5c8ad426738accf7c12fd7b2bee4213760ad28312fb98746cde46647cf031144cbaa

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 4c44662aac8178e36ea33a2707b61ffb
SHA1 996aeb2ddb4b57af07d45a18a8d217055f72e1af
SHA256 a97002c08d4d9d80ffca580d2c4ab4857987b7b621bf9ddd1b919d75bb38a3d6
SHA512 c7ec18c4f248ae385a4cd4cd9cdb0d3c7681c29731462614e524eb269194cb27a241aed0a40c7c53b5f87e6df783d1a36073b5dbb2f9a868b9217048e29944db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 c19b602b777087af437a4d2e631b290c
SHA1 968e87301c8a263af3849bbc4a077b3b61c98b7a
SHA256 8d3fda7fb74a73de6b339001df22fd0faabfeb624e9cbf9a025d2b7429e88c42
SHA512 de853b2c7ec716ac4a083911b1433394060dc1706c3b5fbfa416a2362b73425d43d9f650ab10ce3cf71b60b3d9f0c7bbb79fa912807e1a20df2617721c126f54

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9KU3YI9U.cookie

MD5 2e6a7e58ba6b3dead3ba15b2c354fb87
SHA1 cfc8723770aaf8317eb5f77ec30a15a62e00bd60
SHA256 d1880af6d6b384d97156a02531ffb44b532246f6519a17bb24db69c3ef7884ac
SHA512 5c383626881e31dc8604847bdbec358306665e4776863658cbb5957ef85aa204f511766954582327eb64f386b651ee81b82332b1f3108daac35f438a97e961e8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\EHA9R2V7.cookie

MD5 ce7e51c8c07df8a946df37288f1318be
SHA1 869ee788c0780f1147f244e18711266ee6c15a85
SHA256 4504b660512c77baef0867643940a1dc073da4ad3870c4be79030aee6ffebd66
SHA512 3984ebfd1c88c6296293024fd675b83ae3e2d403302b12fbe23bc15f909dd575c92e1a538f03c59e9b9371f234ee82494497f760bcc1e31ba4f6cb6d714efc5b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2Z4CP70T.cookie

MD5 9e68f40cc02368833433fee768d4b4b6
SHA1 ab99f146fe8dce757219c6eaad567a24e628be8e
SHA256 b18af8cd83b03ea335e7011f08f49e62ba1b4af5fc06a87c9968e54edca86769
SHA512 b4992e4abfe4deeaae4fc8771557a3f9b829c0885ef36635c0f8d69882f9bddfeb2c9b576c0215c26fbef8ae986bfccb49776d512f967e3674bec646bfc79af8

memory/3232-225-0x0000017B1BA40000-0x0000017B1BA42000-memory.dmp

memory/3232-229-0x0000017B1BA70000-0x0000017B1BA72000-memory.dmp

memory/3232-232-0x0000017B1BA90000-0x0000017B1BA92000-memory.dmp

memory/3232-234-0x0000017B1BAB0000-0x0000017B1BAB2000-memory.dmp

memory/3232-236-0x0000017B1BAD0000-0x0000017B1BAD2000-memory.dmp

memory/3232-240-0x0000017B1BAF0000-0x0000017B1BAF2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4ACMZM9R.cookie

MD5 739938f3f5b41f62568538bfb3e2c4a7
SHA1 7db2c819a389ed1f3f13ff62eb36945d9b27dd9c
SHA256 ea892496797b9f9b9d3fc87715b16db715c02c7507d4e80fc34a6e18d8f66aef
SHA512 701a491fa974acf2f88450107d97e81e18674cd67f6f0dcab931d669752c0d663768a4366efafd776769d7cca788568a4b6ad5d871dd2b70063c2366283ee022

memory/4364-247-0x000001DAEF100000-0x000001DAEF200000-memory.dmp

memory/5860-258-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5860-266-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5860-268-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Gb59yv.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

memory/5944-271-0x0000000000400000-0x000000000040B000-memory.dmp

memory/5860-273-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Gb59yv.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\69MZG14N.cookie

MD5 1d8e121daa051ac39b37b3bd0b67dc96
SHA1 6d34db74d7804bf387af067a0b5a7cba6cf9774e
SHA256 2d1a2865bf75f71441dd04db1e5980841e7f9841b2fa9d04045c8a48a688ee02
SHA512 7cea6459c04aaff4e65336049fc6072ea15c455c71b32522ce64ed0f4a71a739ca5b1226f4d1429db1d08c61d4d75d01eeedb01882fb0e4afc63725015746b55

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5ZALLQO9.cookie

MD5 a4cae23746831aca585e86e66affc538
SHA1 94795b03ebb743f95467b6d501a36bfd41a8992f
SHA256 1ec2198a21ed140d85276c64f6f73fb14bb1fe7e354830c42a60fd5be95418dd
SHA512 d1171710bb5a8762eb521f6bda56324c87e766ffdb036ecceb460a5b47386d3a735b3991c5f3cfa1ca07b44254fd85641b0d9c39663710619c5ad49281879736

memory/4364-313-0x000001DAEE2E0000-0x000001DAEE300000-memory.dmp

memory/4364-316-0x000001DAEF100000-0x000001DAEF200000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 29b486efa1bc1f4a24a18f49e3f08836
SHA1 317bb316164004e94c0075b53dd33732a9550451
SHA256 754bbffc6a2da256963d5e432935dc8315e008ebdadf77a38c6f9b3cc378f319
SHA512 c5efcdbbb46d14a706bed4aaa7cde424ff50ddb0a4143a1656fc4b807a43668db7ce4605524632960285bf706c58cfb65f2d8fe917a7225075dcc1b634c33ae5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 25dc764514d160fce13f7c9523a200aa
SHA1 5c9bc3ceb1ea1b3d55c4fa87c53c049aed868779
SHA256 910e6aef90baf62cea42e96a3efc77954e967f0b53038fc047534e53811fb425
SHA512 1b3d0ad8d337b5ccb99bfc123158fa699bcc70d312078b8574bfa27f74ad0fcc5665d01227d038de33dc4529e6fd1b98d95242813228956d19d4952f15061d4c

memory/4364-337-0x000001DAEEC00000-0x000001DAEEC20000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 bfc1e9df1f0e22a8eff2792a001d246f
SHA1 4383046006a65e60d46b99973d0f482b2c180cd3
SHA256 683233f441c83348fec2b34ce72b74a3d4a11b4b8ac10a27f64d87e4352db51a
SHA512 d73a97381e7b2690eb4c17c8d31a9a72a3eaddc844c9f0bfeaadd7e09f7063fc440026af741b37170a36f3be0ad205a2a21b9e06ffe20c3afe0f7272c7b41f4c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9UH2F7FF.cookie

MD5 cafbdafecb425b13a0428192a8a71eea
SHA1 b5a86547aa5461c47c1296ee52799ff844c484a3
SHA256 3009b3d27812efbe3b07d75c6990d1e67394e9b02c3872656c411b9c414c655b
SHA512 c3bfd4355399d8aeacd30ef1f47c24640f3bd006475831043edc39a3b4cf329ae829bffadd85014ecde6e67384437e7de7157cc6b07eb3b7d63ea505cd57dd52

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 ad53805fe87c0c06b12aea503926ddc0
SHA1 4d7ae1f257ba6ba23c1522719c729dce411efec0
SHA256 8cd876046cd75ab537a5266b3ce9b51e5e1e78ba9176233543f4d8ed037abaff
SHA512 a5c869bbec9bebc60d705e1494fce16e97f4bcdd5652e91e8ff86f6c087fd5604c4dd1642d5394a77334f07bee13d8155a4d262c97cbfd466a74fec7684b4482

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

memory/4520-463-0x0000029EE9370000-0x0000029EE9390000-memory.dmp

memory/2724-531-0x0000023B265C0000-0x0000023B265C1000-memory.dmp

memory/2724-532-0x0000023B265D0000-0x0000023B265D1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XDV0IQE6\favicon[1].ico

MD5 630d203cdeba06df4c0e289c8c8094f6
SHA1 eee14e8a36b0512c12ba26c0516b4553618dea36
SHA256 bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
SHA512 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\DEMXIZ5D.cookie

MD5 02dce69989a6ae0696787b1ce6f57421
SHA1 a8e8ee43d0d8a04fb0a8ee5d20cad173863830ba
SHA256 78b8dc3293985b064ce67cbae018d4fd2780e97ef41a4834b054101469aecd19
SHA512 318031621cdd36ca85cc59734352b70f767b3ef53b46a90af8112ea364e36435ef1c844efdd908e16488962ffcc8bd1578ccd50b650c8d8dd350afc96de93863

memory/4012-564-0x000002B0A8FE0000-0x000002B0A9000000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XDV0IQE6\B8BxsscfVBr[1].ico

MD5 e508eca3eafcc1fc2d7f19bafb29e06b
SHA1 a62fc3c2a027870d99aedc241e7d5babba9a891f
SHA256 e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a
SHA512 49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JLDFGBR3\buttons[2].css

MD5 b91ff88510ff1d496714c07ea3f1ea20
SHA1 9c4b0ad541328d67a8cde137df3875d824891e41
SHA256 0be99fd30134de50d457729cebd0e08342777af747caf503108178cb4c375085
SHA512 e82438186bfc3e9ca690af8e099aafbfbc71c9310f9d1c8cb87ffa9e7f0f11f33982c63a2dac95c9b83fef1aaa59178b73212fc76e895d13a1ffbbe3c1adfa4c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JLDFGBR3\shared_global[2].css

MD5 cfe7fa6a2ad194f507186543399b1e39
SHA1 48668b5c4656127dbd62b8b16aa763029128a90c
SHA256 723131aba2cf0edd34a29d63af1d7b4ff515b9a3a3e164b2493026132dd37909
SHA512 5c85bb6404d5be1871b0b2e2d2c9053716354acd69c7acca73d8ce8bf8f21645ae11f788f78ef624444016cb722ecbd6213e771bda36717725f2b60f53688c6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YN0O6CEA\shared_responsive[2].css

MD5 2ab2918d06c27cd874de4857d3558626
SHA1 363be3b96ec2d4430f6d578168c68286cb54b465
SHA256 4afb3e37bfdd549cc16ef5321faf3f0a3bf6e84c79fc4408bc6f157280636453
SHA512 3af59e0b16ef9d39c2f1c5ccdbd5c9ea35bd78571fde1b5bf01e51a675d5554e03225a2d7c04ed67e22569e9f43b16788105a0bf591ebba28ef917c961cc59e2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YN0O6CEA\tooltip[2].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

memory/4912-653-0x000001C59F880000-0x000001C59F8A0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4L1DO6MS.cookie

MD5 e30d98edec6f33ad5eb1b2101e40d9d9
SHA1 c8b3e4625e2e3c1f71d54ee9066d5a01696be079
SHA256 825dbabaecce3794d80b82cb6364af12cf5077a32d393956f9aada942ab38185
SHA512 b7246f043c412513c7f601f9ddb553e80e2f4a32960e24392ac6054dddae579477e4863408c2a4b9df6813d66439ab488f8561f20d27b5d29f6806f6362cc5ab

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UHXKG991\shared_global[1].js

MD5 f94199f679db999550a5771140bfad4b
SHA1 10e3647f07ef0b90e64e1863dd8e45976ba160c0
SHA256 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548
SHA512 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\U8Y4P0JI.cookie

MD5 15f5ed719c004410938d0bad6487879c
SHA1 4c8bb8358d9ddf04bd5f1dd3c8cde1e0c2a69f46
SHA256 4ecc29b328e06d30e0d5106800df95961e15322f272ee0775780925508422630
SHA512 11860b5fe714d58cce2240c885fd5cbc921f36ec4e40d28e5dbf313656138da463495fde2020929d38ef54be1ab4b28d9dcec22ebf2560577e067b426c7d381b

memory/4012-703-0x000002B0A8800000-0x000002B0A8900000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JUXIC3T7\shared_responsive_adapter[1].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MFG9INL8.cookie

MD5 a3ec5848af6dc59195b957c7a96ba470
SHA1 9c44e487a6e4408c48e9165f6225cadcc4585f40
SHA256 978e1b2ebaabdd3ac4a26f0d4bc210cca2f9eef1d23ecb16b98719034adefe92
SHA512 fc299d3755fa0ecd8551ef45ebf5978aac799e2f241ceb3d314c597c34d60173595d1dd7e7cea717716f26f9620a51de2e6ad22582e072c279d29f4007cb33c9

memory/5944-765-0x0000000000400000-0x000000000040B000-memory.dmp

memory/3172-761-0x0000000000D60000-0x0000000000D76000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EJNUW7VL\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe

MD5 044896f6b0a4a1062ee53e78e469fe38
SHA1 077edde1b88ae9de588a6dc1ac52ceefe74d76de
SHA256 942c0189c9a7d91361ca2be61fa43202a7d743310e971796ad8be44955e13794
SHA512 e3fa9da58a50c194be20c0357c26b5d0289cc8839cb5a7f52ee07a22b61b1fb3d8f63ebd406070697ca5009761373bea682f700a926e39f321fad5df9d6361b7

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7dT9WW53.exe

MD5 044896f6b0a4a1062ee53e78e469fe38
SHA1 077edde1b88ae9de588a6dc1ac52ceefe74d76de
SHA256 942c0189c9a7d91361ca2be61fa43202a7d743310e971796ad8be44955e13794
SHA512 e3fa9da58a50c194be20c0357c26b5d0289cc8839cb5a7f52ee07a22b61b1fb3d8f63ebd406070697ca5009761373bea682f700a926e39f321fad5df9d6361b7

memory/4520-792-0x0000029EEDE60000-0x0000029EEDE80000-memory.dmp

memory/4520-812-0x0000029EEA600000-0x0000029EEA620000-memory.dmp

memory/4012-811-0x000002B0A8DE0000-0x000002B0A8E00000-memory.dmp

memory/3196-834-0x0000016527C80000-0x0000016527CA0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BDEDGKEM.cookie

MD5 5aaf60fb94a8581513bffb3ae1e1ae81
SHA1 9c3087735b05f4bf2a031dfaadc34281bf404c93
SHA256 a6d19a8e33f07c67c0b7664008cfac48f0203c72cae9c022c9ae88118d721a5a
SHA512 2419977199b73706a537e0cc5e1b2fa62b891eafb5e1db85592e5dee3a7f5397212fd045baa0f501412a3c0688e535ed1fb21a8330fdca1a6f4771432f04df16

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\GFSLIEK4\www.paypal[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MKT3Y7FE.cookie

MD5 00dc8df64aaaecfab2714f84e7c38df1
SHA1 d502c929a1385feb621ed4512509fb89833d1ba0
SHA256 6195086b8939277e733c69254808f1ec0b67b3535ab663d11466e8220f4bdc2b
SHA512 24e22bf1ff0a4d3128d42300fb9f4ae82960040d26735f113d02a44f61c0d5958aee51a06688bed8a5f64186b73f34bf9df7a16922c46425d4db5306f32ca8c7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TRJ2UZ6H.cookie

MD5 8f1caa5c19446f312632dde89988e269
SHA1 e095d18639b7e5c77fdf292a37e138dd1e492e3b
SHA256 9840178377d2e1a53d6b1cfdd2e1ecd7edd5648210ad02c6ededacc504e66de5
SHA512 1fafad975a902a07223ffc684cdc7e5db59c0ee61362da657667122eb2ef8f054da1eb095d09a30fb2c2f8101a4866b6913769fbde64b58fcbff85245499bf41

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5JGWVP65.cookie

MD5 d783b3a135a01011847b89b74f4fe54f
SHA1 299f84c77a4c16d01517565186ac209f536ff4d0
SHA256 f5bd0ce163969573a1512ea730ded5bf21984ad2e0d9ae67bf203a0914564826
SHA512 6e86ecedbb4d5d0f6854e2ffa6ff7a3fec33b5383dfe538b7eacd8a1dd6b601340aaa6bb9624433a50c3d56eaafe0263f7c5f9a664e577b400f5185fa2882029

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BFK69LD5.cookie

MD5 12a56428e6657b1e2ee7c8c2a5fd2fe9
SHA1 8460140b243458fc8e7be5cfe13aac5a974f0bd6
SHA256 b7340a8f744ff1f96140fa18e3ca00b5c499b60df5573404e0c2c749030aff3f
SHA512 2b193183a198a88cd062b8b1cfd815f7160503836f1e0f02a55c039cf0d527f477383a74a6d4ae3905b856fa467e61f4c38d4403be698fb5c40d6fbbde748bd6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\1j5w843\imagestore.dat

MD5 ef0fdca0b32dcac923c7612d4dafbb7d
SHA1 a4aef2464469991d9298ec8c9c64445b47dd6e0a
SHA256 abdb448d576ecb4acdf437920c88853071ab3248f069715f053c2c2c606d9c1e
SHA512 8d38ee722b4556d09dcc9a5b2cb572033d09aaf0d45ece9fd5c1efac8b4ef0779f6870331920831348840a6b72cdc87313084ca976ed4ebdb5c45fb8281a040a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\WLJ9B8UJ\favicon[1].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

memory/5880-1109-0x0000000072630000-0x0000000072D1E000-memory.dmp

memory/5880-1115-0x0000000000400000-0x000000000043C000-memory.dmp

memory/5880-1136-0x000000000BC70000-0x000000000C16E000-memory.dmp

memory/5880-1144-0x000000000B810000-0x000000000B8A2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\O240YZ8S.cookie

MD5 9d0eee6f98fe47575894978e8d0edf0d
SHA1 8da7ea0c9786e85212e30b1bf21755c263c9dede
SHA256 029316e8298235e34d65ac923e32a3b5ea1620937ff4dc164ed49675e924ccd5
SHA512 3c56e91026963a24045176690ffc6e8798efb4ec72b15bc90a228c4922459cd6d6d31752bc6e66f122fdf8fc53cd869312333d735b4ba78a29cbaa33f3b0db8d

memory/5880-1191-0x000000000B980000-0x000000000B98A000-memory.dmp

memory/5880-1225-0x000000000C780000-0x000000000CD86000-memory.dmp

memory/5880-1240-0x000000000C170000-0x000000000C27A000-memory.dmp

memory/5880-1241-0x000000000BA60000-0x000000000BA72000-memory.dmp

memory/5880-1245-0x000000000BAF0000-0x000000000BB2E000-memory.dmp

memory/5880-1257-0x000000000BB30000-0x000000000BB7B000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MMY18JW5.cookie

MD5 338852138798275d55ad1488da15b277
SHA1 44c68b8945d9678938763c458bb03d664cbe1306
SHA256 2b1d14b401f5472cbd226bddc3d9576dd8ee76619a1bba8db23e1da5b0fea5cc
SHA512 ca857fb91ce66a117c8a8c40d60ca68fc303995fb77475d154fedbb53e4fb67081cc3bdffc537393cf9386f92082d85dc78fc44537ced0799509fcda1133908e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZSX3XA2A.cookie

MD5 04fa394bb0c732a85a11198a2212492f
SHA1 f6e4e29c46a004e407ae84d089a8425516193348
SHA256 e218ab942f22e0c4ca28ee1d702ab3a9981c9b053e767172e822fd0862225d9e
SHA512 bb737f33674dd84af7793736b60033f02d1de1dacf84627b5ee22df73a45b0b6fe4df63a099841e83bda61f86776bb740b97081b07c3d36219dd70107b2f1ece

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YN0O6CEA\chunk~f036ce556[1].css

MD5 19a9c503e4f9eabd0eafd6773ab082c0
SHA1 d9b0ca3905ab9a0f9ea976d32a00abb7935d9913
SHA256 7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a
SHA512 0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\XDV0IQE6\epic-favicon-96x96[1].png

MD5 c94a0e93b5daa0eec052b89000774086
SHA1 cb4acc8cfedd95353aa8defde0a82b100ab27f72
SHA256 3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775
SHA512 f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YN0O6CEA\recaptcha__en[1].js

MD5 fbeedf13eeb71cbe02bc458db14b7539
SHA1 38ce3a321b003e0c89f8b2e00972caa26485a6e0
SHA256 09ed391c987b3b27df5080114e00377ff1a748793cb417a809b33f22d737fe55
SHA512 124b9f53a53ef596a54c6c04ab3be2b25d33d1ce915978ec03da8f9f294db91d41ee9091b722e462722f51f9d9455ce480e1a0cb57c2f3248c7a3a9e3b9dac58

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\GC543OK4\www.recaptcha[1].xml

MD5 3bc32808995ad78016e96ab3ec51e6e8
SHA1 244b6da98f52b05f4ef8a12c406f569827d8fea7
SHA256 fd294a3026a18979ac54b240e8f9b84941795e4753cee2c779bba91449de7acf
SHA512 d1f96f3ac1f0f94188915308049d9e0b2100dcf4e3ac414ba26d96c6db712f152204f8244a28bf197b7c03d85bed15c0e9aec8ae200029bc4a2c54ec23b97e46

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\L23EB2OL.cookie

MD5 83532b98e14c2d7923e0acaf29b8e102
SHA1 b03b7e943416ae0b6ae04d9abd35dbe1dcd1d91f
SHA256 23f7d873da7c5efb849a7329ae2d907bd0801c83ef730c00fd95a3dbfb0f1768
SHA512 9e4cdbee3cfdd0dadea2d769fd5e19cddbbc2c8f28627ed1991fc86a4ecceecee083b7fce45849d2fa457f5fd8f62126e77cb1094188fc59d790ea039559bef7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\O2BWPUXN.cookie

MD5 6469f66ebef21c1363fb5b30fd9b92d8
SHA1 f56f2dc90e2be5d4f4e072b7e2755b14115a4a51
SHA256 e5cbdb77307ff662e412d8e4aa4850565ba5ab2957152abe6950b9a08eb7bb7d
SHA512 06769c81e6c80abad6f89fdb591e3eb6925ee8ccf906c5f22a199611f6cd70d471a2c9fc1dd8c66912a6f8127fd0bb4ec46172c473c63cdc99a377e6eb6b3dd8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JUXIC3T7\hcaptcha[1].js

MD5 c2a59891981a9fd9c791bbff1344df52
SHA1 1bd69409a50107057b5340656d1ecd6f5726841f
SHA256 6beec8b04234097105f5d7a88af9c27552b27021446c9dbe029d908d1ff8599f
SHA512 f9d556e0f7e95e603881c5196cc2aa736eb24ed62086d09d36a9e1d6b4fec9f4c1dfb125a66bec301f57230a4242108c7c255e6aa3c6f08a3a0d75e0cf288afe

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BQFNVR20.cookie

MD5 f063a43110989dad4242d0f3125dd749
SHA1 83c6b2dc6b7c7fe51752b8aa72d546f6be83ac61
SHA256 85aabd0d724d98436b2f2b89c37edf1cc08348a4ead98874455a4a4467938d08
SHA512 107ece8b5cc47d7b0b0e47ed5cad8bf8a571d954881d41d6466379e3cd0d3dcf4d2b7d4824fde978bb17b2553dd24aace853b81cafad0533a1e2a15dbc8514c8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\H0Y7AU42.cookie

MD5 20c0ac245926906506b0bc9e2f1a807d
SHA1 8be4e9b1b1492c66a274914dc40553786ac4653c
SHA256 4ec863560c9bbf800e21036a1711fe7e995d16dc1f5c4db7089bc1ad18c8190a
SHA512 33a9e19fa5b45474263e3de4bf11c2e8344680c3d9c0e752348a1d8b3aee8d002e6261c7489dae7f480df15da58787404ed42d1b8e138a7b07c32e057c20912f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\78KY24QA.cookie

MD5 0e0357c80ec9d1c80489c1c625f9ea7c
SHA1 84a63d50249498839d28d707d3c2d8c34264d97f
SHA256 83e61d9d5f132da4d8a0132912ec3bc78a7ab7e7dc1a5e003060659dcdb85936
SHA512 108f3d31c76bb996ef0835940c51269b025533a473c813566576ed121896510b63908e7e4aa18f3f68f594600a81ccc6eb989a91b2d0616848aec1048f06c330

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\T480EIF5.cookie

MD5 dfe97b5e6cda685a423aab2a495ca0a4
SHA1 2aa7c5f7ec9757a2fc51068164a606e9b6b20386
SHA256 af070be68330f5e61ef40c1c37aeaf90abc91e818df31368db77de6c1aec90a2
SHA512 d30190ff628eb7617aa0c7f9bf2bc84a8874509f1b1a11cef12502e40d8500bd3f4519fd73c08642ed6fdbac167ec4921cdbca34137e857a1b34c5d68aa3911b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OHXV0WO7.cookie

MD5 0927eb337a8f08da665684b939ecafd7
SHA1 d0032f026125ab8746013d77b34192d26795726d
SHA256 1fd6971528c50adc8af46270b45df8cf63588b71c4c603f67da93b3aeeea0ef7
SHA512 328a3ba792b7f0c44a69db2c0b4e4ea4fc571e65067a94b224c351c3b40964c12c024791198f33d30efd42be6e6571c02176cc6080c9ccae11d4a4c3a081c60f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

MD5 aa55f342abf221a070ac6ae079f18de0
SHA1 e99412afea6dae619a1c74067437dadbafe13cfa
SHA256 20414bc8b15d601c127d8fa3d4a5fe055d63942177f3c7d8a7fb430c6f27cbec
SHA512 1a4dd754651869e711aa189b12b44dce46e15b76f9ed9919c142e89448bacbca1652fb9188120fddf5a864f4076f0e337571c60a8603813a62f5e98dfd2b4007

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

MD5 f4264ddabc96212f54533c49ae7b46dc
SHA1 5c92bfaf0a8e700428cb338eb69fb8ee4e3fda55
SHA256 4a5d88b0867433d40cab69134a301b77c0762a4cd43e12e03710c653c3355ed3
SHA512 47cdaa11b38be0c9a574461dbcda8d6136074e40e3981f0253b03df0594c3c1d834a61e971a21e4ea75638b027a7a84c011dfe62f24c51f2e6bb6f89eed9386c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1KTL7GYU.cookie

MD5 fed1c1b13141b761633157954651efc9
SHA1 964dedd8b23a0f1e29f6f3b17b15b191e29787aa
SHA256 07be34d9320bcf33c0648ecd68b55f0f3675d0404ea7f58e02197e91a565a01e
SHA512 fe3edd6eb73d539c503e0fade6be02fcc49b9dd00dc581c845d5c93c4af84b6793c2afe89233199fe7fce9eec86364d60b4c0d5002c47771ee8dc3cfa480ae33

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

MD5 f995fbc24a8b5c5bcdcac7ccd135721e
SHA1 03e4d5797a4774ee5105252e64e38f960e6bdda3
SHA256 9f2d9f774682c5346032ca6a08f245c788891c0df92752b35ef56f50b8ad283e
SHA512 2cae6b25e58d301786ac468c8599470b9aa3657c09072416e9da1cbd36e23b4f99ea75057c0f5d4acde0f596341c9c3436ae1f02d07237f4bc388a314894c8d0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

MD5 5749a02b5ef1f4179ed664afbd6b7b02
SHA1 8451e0134068bf329a00002e9dc26d16ce987e08
SHA256 44f6c39693e2d2484f11ddef0c371ad9aa8262ae20a6187f38c64272a9544b9d
SHA512 ac30e2cf0b4cd8ad74c8a495c50fc65a324f1e50088d48fe471714de21938650a64143ccee1313b773390359ced2353ffa48fcdbf8f1ddcac27234b45578a557

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TCMH1DO0\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YN0O6CEA\web-animations-next-lite.min[1].js

MD5 cb9360b813c598bdde51e35d8e5081ea
SHA1 d2949a20b3e1bc3e113bd31ccac99a81d5fa353d
SHA256 e0cbfda7bfd7be1dcb66bbb507a74111fc4b2becbc742cd879751c3b4cbfa2f0
SHA512 a51e7374994b6c4adc116bc9dea60e174032f7759c0a4ff8eef0ce1a053054660d205c9bb05224ae67a64e2b232719ef82339a9cad44138b612006975578783c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UHXKG991\webcomponents-ce-sd[1].js

MD5 58b49536b02d705342669f683877a1c7
SHA1 1dab2e925ab42232c343c2cd193125b5f9c142fa
SHA256 dea31a0a884a91f8f34710a646d832bc0edc9fc151ffd9811f89c47a3f4a6d7c
SHA512 c7a70bdefd02b89732e12605ad6322d651ffa554e959dc2c731d817f7bf3e6722b2c5d479eb84bd61b6ee174669440a5fa6ac4083a173b6cf5b30d14388483d4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JUXIC3T7\m=_b,_tp[1].js

MD5 0b3be5461821c195b402fd37b85b85ba
SHA1 f39b54e7f89fdf4fd9df3cd3b34226aadd9e2926
SHA256 f2ba85cd8a91593d7087cd5c495bebbe5c50cd08d39d55887afcac75fb7e7237
SHA512 da4c2726131df98d610b179505cd9b477ccaa00f8809bd32fbe5b13650aa85830f12cb7f9a2ca6b2486f67a5d9a1bd76505f4dec2cec41b7c37b14555f6d67d6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EJNUW7VL\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFB4161CC74CD1A468.TMP

MD5 42d86b286758428710169b3eef4d1634
SHA1 dea62d207bca9c4a3c7abb3cb91725821aa952b9
SHA256 3553f7686a4042cf504df96647895906783cce7ba414a1fe1e714230506fbe97
SHA512 edb07f2407c1722992f370a8c98271c1500bbcf073e6c981cf91fff4f80507b5388a5561074b2d64fb35aaf54376ce3946c50890ddfbed70a875fe52ac35cb4c

memory/5880-3129-0x0000000072630000-0x0000000072D1E000-memory.dmp

memory/2408-3135-0x0000000072630000-0x0000000072D1E000-memory.dmp

memory/2408-3134-0x0000000000E20000-0x0000000000E3E000-memory.dmp

memory/2408-3136-0x00000000056A0000-0x00000000056B0000-memory.dmp

memory/2216-3138-0x0000000000400000-0x000000000046F000-memory.dmp

memory/2216-3142-0x0000000000540000-0x000000000059A000-memory.dmp

memory/2216-3143-0x0000000072630000-0x0000000072D1E000-memory.dmp

memory/2216-3144-0x0000000007610000-0x0000000007620000-memory.dmp

memory/2216-3145-0x0000000007FB0000-0x0000000008016000-memory.dmp

memory/2216-3146-0x0000000008890000-0x0000000008906000-memory.dmp

memory/2216-3147-0x0000000008960000-0x0000000008B22000-memory.dmp

memory/2216-3148-0x0000000008B80000-0x00000000090AC000-memory.dmp

memory/2216-3149-0x0000000009190000-0x00000000091AE000-memory.dmp

memory/2216-3150-0x0000000004C80000-0x0000000004CD0000-memory.dmp

memory/2216-3153-0x0000000072630000-0x0000000072D1E000-memory.dmp

memory/2408-3172-0x0000000072630000-0x0000000072D1E000-memory.dmp

memory/2408-3173-0x00000000056A0000-0x00000000056B0000-memory.dmp

memory/5992-3176-0x0000000072630000-0x0000000072D1E000-memory.dmp

memory/5992-3177-0x00000000005B0000-0x000000000124A000-memory.dmp

memory/5176-3186-0x00000241920B0000-0x000002419219E000-memory.dmp

memory/5176-3190-0x00007FF8D38B0000-0x00007FF8D429C000-memory.dmp

memory/5176-3195-0x00000241AC710000-0x00000241AC720000-memory.dmp

memory/5176-3194-0x00000241AC5B0000-0x00000241AC690000-memory.dmp

memory/5176-3197-0x00000241AC720000-0x00000241AC800000-memory.dmp

memory/5176-3201-0x00000241AC800000-0x00000241AC8C8000-memory.dmp

memory/5496-3199-0x00000000009E0000-0x00000000009E1000-memory.dmp

memory/5176-3202-0x00000241AC9D0000-0x00000241ACA98000-memory.dmp

memory/5992-3204-0x0000000072630000-0x0000000072D1E000-memory.dmp

memory/5176-3207-0x00000241ACAA0000-0x00000241ACAEC000-memory.dmp

memory/2660-3208-0x00007FF8D38B0000-0x00007FF8D429C000-memory.dmp

memory/2660-3206-0x0000021FFA3E0000-0x0000021FFA482000-memory.dmp

memory/2660-3210-0x0000021FFCB20000-0x0000021FFCB30000-memory.dmp

memory/2660-3209-0x0000021FFC9A0000-0x0000021FFCAA0000-memory.dmp

memory/1432-3214-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/2660-3212-0x0000021FFC0E0000-0x0000021FFC136000-memory.dmp

memory/1432-3216-0x00007FF8D38B0000-0x00007FF8D429C000-memory.dmp

memory/1432-3217-0x000001F450370000-0x000001F450380000-memory.dmp

memory/2660-3218-0x0000021FFC140000-0x0000021FFC194000-memory.dmp

memory/1432-3215-0x000001F450380000-0x000001F450464000-memory.dmp

memory/1008-3253-0x00000000023B0000-0x00000000023B9000-memory.dmp

memory/1008-3251-0x00000000009B0000-0x0000000000AB0000-memory.dmp

memory/5044-3259-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5324-3271-0x0000000002B10000-0x0000000002F17000-memory.dmp

memory/5324-3275-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/5176-3278-0x00007FF8D38B0000-0x00007FF8D429C000-memory.dmp

memory/5324-3281-0x0000000002F20000-0x000000000380B000-memory.dmp

memory/5044-3527-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5496-3748-0x00000000009E0000-0x00000000009E1000-memory.dmp

memory/2660-3750-0x00007FF8D38B0000-0x00007FF8D429C000-memory.dmp

memory/1116-3752-0x00000000065D0000-0x0000000006606000-memory.dmp

memory/1116-3754-0x0000000072630000-0x0000000072D1E000-memory.dmp

memory/1116-3756-0x0000000006690000-0x00000000066A0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ls0vysnp.vpa.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a