Malware Analysis Report

2024-12-08 01:03

Sample ID 231111-lzs98sda2v
Target 77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2
SHA256 77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2
Tags
mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga backdoor google paypal infostealer persistence phishing rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2

Threat Level: Known bad

The file 77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2 was found to be: Known bad.

Malicious Activity Summary

mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga backdoor google paypal infostealer persistence phishing rat spyware stealer trojan

RedLine

RedLine payload

SectopRAT payload

Detect ZGRat V1

SmokeLoader

Detected google phishing page

SectopRAT

Mystic

ZGRat

Detect Mystic stealer payload

Downloads MZ/PE file

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Drops file in Windows directory

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies registry class

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Checks SCSI registry key(s)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 09:58

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 09:58

Reported

2023-11-11 10:01

Platform

win10-20231025-en

Max time kernel

145s

Max time network

172s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected google phishing page

phishing google

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jJ16qx0.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\219.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\219.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\paypal.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\Total = "15" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4dc763fd8514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 509226b08514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.epicgames.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\c.paypal.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steampowered.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000078185f7a5a35f11caa2a905bad66e3b8b85ec9708e7228471743c84085ade13840da1a5001108fc0aa3ac3eeff669cc97c0aca09df15b746fdf0d9cc C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3972 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe
PID 3972 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe
PID 3972 wrote to memory of 4432 N/A C:\Users\Admin\AppData\Local\Temp\77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe
PID 4432 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe
PID 4432 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe
PID 4432 wrote to memory of 4876 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe
PID 4876 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe
PID 4876 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe
PID 4876 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe
PID 316 wrote to memory of 204 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jJ16qx0.exe
PID 316 wrote to memory of 204 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jJ16qx0.exe
PID 316 wrote to memory of 204 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jJ16qx0.exe
PID 316 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe
PID 316 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe
PID 316 wrote to memory of 1868 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 3756 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1868 wrote to memory of 5900 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1868 wrote to memory of 5900 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1868 wrote to memory of 5900 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1868 wrote to memory of 5900 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1868 wrote to memory of 5900 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1868 wrote to memory of 5900 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1868 wrote to memory of 5900 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1868 wrote to memory of 5900 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1868 wrote to memory of 5900 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1868 wrote to memory of 5900 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4876 wrote to memory of 6048 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe
PID 4876 wrote to memory of 6048 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe
PID 4876 wrote to memory of 6048 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe
PID 4344 wrote to memory of 2280 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 2280 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 2280 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 2280 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 2280 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4344 wrote to memory of 2280 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4432 wrote to memory of 6036 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe
PID 4432 wrote to memory of 6036 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe
PID 4432 wrote to memory of 6036 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe
PID 6036 wrote to memory of 6356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6036 wrote to memory of 6356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6036 wrote to memory of 6356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6036 wrote to memory of 6356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6036 wrote to memory of 6356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6036 wrote to memory of 6356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6036 wrote to memory of 6356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6036 wrote to memory of 6356 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3972 wrote to memory of 6368 N/A C:\Users\Admin\AppData\Local\Temp\77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Bx9pp4.exe
PID 3972 wrote to memory of 6368 N/A C:\Users\Admin\AppData\Local\Temp\77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Bx9pp4.exe
PID 3972 wrote to memory of 6368 N/A C:\Users\Admin\AppData\Local\Temp\77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Bx9pp4.exe

Processes

C:\Users\Admin\AppData\Local\Temp\77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2.exe

"C:\Users\Admin\AppData\Local\Temp\77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jJ16qx0.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jJ16qx0.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 568

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Bx9pp4.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Bx9pp4.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\219.exe

C:\Users\Admin\AppData\Local\Temp\219.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\12A5.exe

C:\Users\Admin\AppData\Local\Temp\12A5.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 756

C:\Users\Admin\AppData\Local\Temp\670F.exe

C:\Users\Admin\AppData\Local\Temp\670F.exe

C:\Users\Admin\AppData\Local\Temp\7C1F.exe

C:\Users\Admin\AppData\Local\Temp\7C1F.exe

C:\Users\Admin\AppData\Local\Temp\80A4.exe

C:\Users\Admin\AppData\Local\Temp\80A4.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\7C1F.exe

C:\Users\Admin\AppData\Local\Temp\7C1F.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\DB2.exe

C:\Users\Admin\AppData\Local\Temp\DB2.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 twitter.com udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 157.240.5.35:443 fbcdn.net tcp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 8.8.8.8:53 129.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 steamcommunity.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 184.72.173.149:443 www.epicgames.com tcp
US 184.72.173.149:443 www.epicgames.com tcp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 149.173.72.184.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 104.244.42.129:443 twitter.com tcp
US 104.244.42.129:443 twitter.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 192.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 18.239.104.165:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 165.104.239.18.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 136.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 steamcommunity.com udp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 194.49.94.72:80 tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
RU 5.42.92.190:80 5.42.92.190 tcp
US 172.67.209.38:80 killredls.pw tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 88.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 184.72.173.149:443 www.epicgames.com tcp
US 184.72.173.149:443 www.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
RU 185.174.136.219:443 tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 5.42.64.16 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 c6.paypal.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe

MD5 4a170a706c51cb6c832da72c7fad832c
SHA1 3b841811a763d67b8b4084f77ae0da6e81afe23d
SHA256 9a69398fad56edf468b0dae19f1adbeff2a8284aef05dd4971a1b002bc50e719
SHA512 57f772f3f771886b530ce65b6bc83355c4080385f0f6772c50527e11ce26aec81a8d4aed4f687cb1f5f3e126fbced992c933332acc17c0f7c75713867cbf4cd2

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe

MD5 4a170a706c51cb6c832da72c7fad832c
SHA1 3b841811a763d67b8b4084f77ae0da6e81afe23d
SHA256 9a69398fad56edf468b0dae19f1adbeff2a8284aef05dd4971a1b002bc50e719
SHA512 57f772f3f771886b530ce65b6bc83355c4080385f0f6772c50527e11ce26aec81a8d4aed4f687cb1f5f3e126fbced992c933332acc17c0f7c75713867cbf4cd2

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe

MD5 63bb6b8281fe2d7fb4507c9cb31282cb
SHA1 99b91d25727d37504a7774fd98f73178bc47c638
SHA256 915e708a59c97ad5a13593cf270a56d6d3fa693917e05d51dcb75326b5d3db0e
SHA512 432ff7be6af8e3ff964dc7aef28344335495d5f76942a0c841d0caee5bd2b2b9db14ed29bd069a0cb6d462139179e600fa11400958b35d4684ed4424c5f4f054

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe

MD5 63bb6b8281fe2d7fb4507c9cb31282cb
SHA1 99b91d25727d37504a7774fd98f73178bc47c638
SHA256 915e708a59c97ad5a13593cf270a56d6d3fa693917e05d51dcb75326b5d3db0e
SHA512 432ff7be6af8e3ff964dc7aef28344335495d5f76942a0c841d0caee5bd2b2b9db14ed29bd069a0cb6d462139179e600fa11400958b35d4684ed4424c5f4f054

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe

MD5 1ce6441c8a28a4066bc35c72d7ef26f6
SHA1 b97cc3e65e099cb020438faa6b478c5211760d77
SHA256 31bb7caf66d59d7a3ce4a9db6dabe1de2d9f050ceae4192eaa07304680931717
SHA512 9594a7c3a4e03f9dd01ca7cb0553860bb0f988d036a66ddde5a377dd8bb0fbc360c5c48fd23dcddebcf30c840cf839952318d73b123090fe2690b4154c631533

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe

MD5 1ce6441c8a28a4066bc35c72d7ef26f6
SHA1 b97cc3e65e099cb020438faa6b478c5211760d77
SHA256 31bb7caf66d59d7a3ce4a9db6dabe1de2d9f050ceae4192eaa07304680931717
SHA512 9594a7c3a4e03f9dd01ca7cb0553860bb0f988d036a66ddde5a377dd8bb0fbc360c5c48fd23dcddebcf30c840cf839952318d73b123090fe2690b4154c631533

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jJ16qx0.exe

MD5 46e42f41a604394344176da6dac9fa9c
SHA1 d5bce2a49373f47633b7485301efa103f9921120
SHA256 4fd68f726850444e14d39be3ddfaab23161f6dcaed073f0967e8766207591409
SHA512 39740214d1c0e250b12d185f9e8a9e5c10f3817e30f1b5078bbaac529706f7b259a4631c88249f59e218cfed2192dec8b3ae7872ed6d3a002246a5748d08fb3f

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jJ16qx0.exe

MD5 46e42f41a604394344176da6dac9fa9c
SHA1 d5bce2a49373f47633b7485301efa103f9921120
SHA256 4fd68f726850444e14d39be3ddfaab23161f6dcaed073f0967e8766207591409
SHA512 39740214d1c0e250b12d185f9e8a9e5c10f3817e30f1b5078bbaac529706f7b259a4631c88249f59e218cfed2192dec8b3ae7872ed6d3a002246a5748d08fb3f

memory/2088-28-0x000002027FA20000-0x000002027FA30000-memory.dmp

memory/2088-44-0x0000020200600000-0x0000020200610000-memory.dmp

memory/2088-63-0x00000202008A0000-0x00000202008A2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe

MD5 d9ce87d093c201e785fb49c93d24ff66
SHA1 9677dd7e99e1207c8fe695c146f7aecdf2ffa575
SHA256 276e479ae1a7c7c5b79325c3ad6352d4e737a4eab5549d2f83e8ff5fc6454a9f
SHA512 926532078e7f7151888fae251f1ec2e0d2e37e89cf931728c6b40a3a3a8cc09ccfbd7a25f3280615c5ed8c665460f0b79a7ac587b87a62116b22d4f678879051

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe

MD5 d9ce87d093c201e785fb49c93d24ff66
SHA1 9677dd7e99e1207c8fe695c146f7aecdf2ffa575
SHA256 276e479ae1a7c7c5b79325c3ad6352d4e737a4eab5549d2f83e8ff5fc6454a9f
SHA512 926532078e7f7151888fae251f1ec2e0d2e37e89cf931728c6b40a3a3a8cc09ccfbd7a25f3280615c5ed8c665460f0b79a7ac587b87a62116b22d4f678879051

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KDQWHGD3.cookie

MD5 573334131ed07b64d80585f7e6cba64c
SHA1 14ace771ff46c652d67ae19bf7ca346ba2b963fe
SHA256 feaae492c69ecee4e0ef068136396696c65db52df2f3ed7ed062b85f2ad3c5d9
SHA512 37f56757e60159a4c6ccee3f009cd6c479ca4695cf2dd3d1ffa16767a47060f484737ffd04cac856e2228c50fe873e20505c5114945c53301bcf20702baf2621

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 4076fa5410ead892f185eaf0a50f9605
SHA1 2be4f3eca8f96a36999d10c00c30beb0565a0d95
SHA256 83af28268e8702b57843490448c9a42f71964cea442c67ab13a4259a3b563bc2
SHA512 72cb20eb1e32d4d7265bcb80a547b326b15b1ddc268a8e9525c3679cf3ab86cfeba208d7a34057cc2c53a20fe67c056e3eb69351c329c46af05e2db5448b5240

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 b96d8278a30e63e0aae041f4302e54c7
SHA1 390eac200faebaff0357272213161b71b2cea8d8
SHA256 0da1d1f0d0283fda967ca01c3842c6ad5c9be7616e1dd3c139798c5446cf1b78
SHA512 4560d8d130cb61c8ee9f537392eab6504b7d61c9dbe9dfb8e23fe8d6bc33453af5ca6a5052397ea890a08bd0d7d7d1e066d40f995c8a37721b8d239401ba08c1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 29b486efa1bc1f4a24a18f49e3f08836
SHA1 317bb316164004e94c0075b53dd33732a9550451
SHA256 754bbffc6a2da256963d5e432935dc8315e008ebdadf77a38c6f9b3cc378f319
SHA512 c5efcdbbb46d14a706bed4aaa7cde424ff50ddb0a4143a1656fc4b807a43668db7ce4605524632960285bf706c58cfb65f2d8fe917a7225075dcc1b634c33ae5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 5b1ad6759373c187c78e1f326dbb5f13
SHA1 2a5e1a68487da0783273f7f612e80bf7b921006b
SHA256 6d2327afc4cb71984e5d0fc79804a3f666b797bf72bbbce42b49fb529c105726
SHA512 64626ea87cdbb703ab3c229be9996752f01246cd7fff541e67db3f6baa0afa36ceeef79f747731f82bef56c572bf59b74b01901685bda37760cf58fbd4ba6f64

memory/368-191-0x000001E2296E0000-0x000001E229700000-memory.dmp

memory/3756-214-0x00000188B62C0000-0x00000188B62E0000-memory.dmp

memory/3756-209-0x00000188B6710000-0x00000188B6712000-memory.dmp

memory/3756-232-0x00000188B6870000-0x00000188B6872000-memory.dmp

memory/3756-231-0x00000188B6CE0000-0x00000188B6D00000-memory.dmp

memory/3756-240-0x00000188A4F30000-0x00000188A4F32000-memory.dmp

memory/3756-256-0x00000188A4F60000-0x00000188A4F62000-memory.dmp

memory/3756-277-0x00000188A4EA0000-0x00000188A4EA2000-memory.dmp

memory/3756-283-0x00000188A4EC0000-0x00000188A4EC2000-memory.dmp

memory/3756-287-0x00000188A4EE0000-0x00000188A4EE2000-memory.dmp

memory/3756-290-0x00000188A4F00000-0x00000188A4F02000-memory.dmp

memory/3756-351-0x00000188B6360000-0x00000188B6380000-memory.dmp

memory/3756-347-0x00000188B6360000-0x00000188B6380000-memory.dmp

memory/3756-385-0x00000188B9400000-0x00000188B9402000-memory.dmp

memory/3756-392-0x00000188B9420000-0x00000188B9422000-memory.dmp

memory/3756-396-0x00000188B9950000-0x00000188B9952000-memory.dmp

memory/3756-402-0x00000188B9960000-0x00000188B9962000-memory.dmp

memory/3756-407-0x00000188B9970000-0x00000188B9972000-memory.dmp

memory/3756-413-0x00000188B9980000-0x00000188B9982000-memory.dmp

memory/3756-420-0x00000188B88E0000-0x00000188B89E0000-memory.dmp

memory/3756-422-0x00000188B88E0000-0x00000188B89E0000-memory.dmp

memory/2088-448-0x0000020206800000-0x0000020206801000-memory.dmp

memory/2088-450-0x0000020206810000-0x0000020206811000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8142WVGP\B8BxsscfVBr[1].ico

MD5 e508eca3eafcc1fc2d7f19bafb29e06b
SHA1 a62fc3c2a027870d99aedc241e7d5babba9a891f
SHA256 e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a
SHA512 49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 b2b6a68047085ce259ecb1567cceeb74
SHA1 2ef5856f53e4e97f44f372796d0695f654771166
SHA256 711e92254de5d0cf688173a685a9b30f5fa1a9f64d67a6ca670676f171da17f4
SHA512 e311121cf255e45e800241f58384ce8e85dad45ff163aaf5160174c893a3d7545d5f0bdbbdacabd77fa96483f48c45dfa48c5d7535e999f8b529ebe4707a4d40

memory/5900-511-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5900-521-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5900-519-0x0000000000400000-0x0000000000433000-memory.dmp

memory/5900-525-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6048-529-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NOUZHF7K.cookie

MD5 4607136af6d22f18b174a30c43e9d3de
SHA1 419def584bff602702ed58c8823f41b59c39368a
SHA256 65233b041300b0a97cb1d723c354746d7406ff2cff98dd1d381e779fa58eb5b4
SHA512 350191eeb1cd348fdc822317114865e980f73aadc41236e9feeac8d945374f2057c9e08406387427aa24c912b1573a640b396a4aaafe0111fed41382de805c00

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8Z3NQYRH.cookie

MD5 216e865dc36a91efdd6f8ee3826f1fdb
SHA1 25e1817b94e7a9bdafd33445803602ad732c1e84
SHA256 e798d43ad1ab6dc2a47d02ddc858b405d7541d5e9f4de46f2d2bb5f3f2f35a0b
SHA512 c9cf1908fe517145868c8fc7700efdbae337138605a5bca9236fd2c432d69138f15dfdb71421012cb0b3ef619e3b60af926469ab309269fd989209d795a6f6d3

memory/6048-569-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe

MD5 70baec4542feb73f057d4384d85ff811
SHA1 85e23c443a5af552347eea6c222bfb71dc07fc33
SHA256 8e0614c6914ee41d87ff66f8c95f4bee25deb6b4cebe527bebaa08732da8c4e4
SHA512 cacdcb7d644b9fbce8a647f6b7ff88edfc6caaaf4e032739f97223e7b23c1c52a883eadf47d5ac20e943ebb379476d60aca0aa419be384f08ad0db8c7e6d9b93

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe

MD5 70baec4542feb73f057d4384d85ff811
SHA1 85e23c443a5af552347eea6c222bfb71dc07fc33
SHA256 8e0614c6914ee41d87ff66f8c95f4bee25deb6b4cebe527bebaa08732da8c4e4
SHA512 cacdcb7d644b9fbce8a647f6b7ff88edfc6caaaf4e032739f97223e7b23c1c52a883eadf47d5ac20e943ebb379476d60aca0aa419be384f08ad0db8c7e6d9b93

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\AV0KL6WC.cookie

MD5 6a0af655f39b3b9770567d682fd187db
SHA1 994df06173e4eb0d59fb126e72af34351b306f06
SHA256 dd82e3575c54310041c65532a7dfe1dd5c80d0f03d6e0fa58689f40b112992c4
SHA512 75b4682cb2209ac7ad7242a5cd8173217ce52714037f7cfd85429d11b3569c4770b04e044f52f68bda7a5f32de5dc3d893314907501b9f669ee8986bbc129f90

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 1173ecd5a4a6c207196ea76e51dcc856
SHA1 c3e64592aa7321c2aaf855ce4f2328718bc30146
SHA256 f9745cb2b12736bfa122d015d0c9fc7043b19bfa4742004f57095542acc55b94
SHA512 300836ee5b2d32dfc2129aa2d050b5e40f94626eac79fd0c21a287030362583dd83f7e9ddbe2b711892d916d6a769ec1184e284a9d24ad958fac6b4238369368

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 1173ecd5a4a6c207196ea76e51dcc856
SHA1 c3e64592aa7321c2aaf855ce4f2328718bc30146
SHA256 f9745cb2b12736bfa122d015d0c9fc7043b19bfa4742004f57095542acc55b94
SHA512 300836ee5b2d32dfc2129aa2d050b5e40f94626eac79fd0c21a287030362583dd83f7e9ddbe2b711892d916d6a769ec1184e284a9d24ad958fac6b4238369368

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 1eb50d83fca29c27e3b0ef36b5a59722
SHA1 3963019ef5655b5b66f4cf47f275f4e1fb928e47
SHA256 058086932270a2b273c3d0a22f575ab73ce87834542d85a33f2e5b3633b13ab9
SHA512 052b98ced5510c3998ee3cc15f7694dc934ee6ccb5dc55444683608f2a5311571fa28b8aad28fa00d9b41f2fbb47dfbf1b8fc62bbbbc1a117662de4e83732d02

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Bx9pp4.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Bx9pp4.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZHDT40NK\favicon[1].ico

MD5 630d203cdeba06df4c0e289c8c8094f6
SHA1 eee14e8a36b0512c12ba26c0516b4553618dea36
SHA256 bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
SHA512 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3RRPBJB4\shared_responsive[2].css

MD5 086f049ba7be3b3ab7551f792e4cbce1
SHA1 292c885b0515d7f2f96615284a7c1a4b8a48294a
SHA256 b38fc1074ef68863c2841111b9e20d98ea0305c1e39308dc7ad3a6f3fd39117a
SHA512 645f23b5598d0c38286c2a68268cb0bc60db9f6de7620297f94ba14afe218d18359d124ebb1518d31cd8960baed7870af8fd6960902b1c9496d945247fbb2d78

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3RRPBJB4\buttons[2].css

MD5 84524a43a1d5ec8293a89bb6999e2f70
SHA1 ea924893c61b252ce6cdb36cdefae34475d4078c
SHA256 8163d25cb71da281079b36fcde6d9f6846ff1e9d70112bbe328cae5ffb05f2bc
SHA512 2bf17794d327b4a9bdbae446dd086354b6b98ac044a8ee0b85bd72c3ab22d93b43f3542df03d64f997d1df6fc6cac5c5e258c4ec82b998f3a40b50c2fde99b5a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3RRPBJB4\shared_global[2].css

MD5 eec4781215779cace6715b398d0e46c9
SHA1 b978d94a9efe76d90f17809ab648f378eb66197f
SHA256 64f61829703eca976c04cf194765a87c5a718e98597df2cb3eae9cf3150e572e
SHA512 c1f8164eb3a250a8edf8b7cb3b8c30396861eff95bcc4ed9a0c92a9dcde8fd7cd3a91b8f4fd8968c4fdafd18b51d20541bcc07a0643e55c8f6b12ceb67d7805d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3RRPBJB4\shared_global[2].js

MD5 f94199f679db999550a5771140bfad4b
SHA1 10e3647f07ef0b90e64e1863dd8e45976ba160c0
SHA256 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548
SHA512 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3RRPBJB4\tooltip[2].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

memory/6356-905-0x0000000073680000-0x0000000073D6E000-memory.dmp

memory/6356-915-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3RRPBJB4\shared_responsive_adapter[2].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

memory/6356-968-0x000000000C090000-0x000000000C58E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

MD5 50de260777cdbeaa6ef5bf78470c4f65
SHA1 0c0b2450b9f67cd56ce10f9ac3dd4989258cb60e
SHA256 1b2d0f6c7f4b360855e9d70785285b53c9e76f2092db5b192ab7d9e5c537e90f
SHA512 1815e6c377127c553b9a555161006081528a69ec889a9fdc0989114657f54086d6696878604be66d258096cef242593347f6e2d4d21e813894f82874cf76dca6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

MD5 f4264ddabc96212f54533c49ae7b46dc
SHA1 5c92bfaf0a8e700428cb338eb69fb8ee4e3fda55
SHA256 4a5d88b0867433d40cab69134a301b77c0762a4cd43e12e03710c653c3355ed3
SHA512 47cdaa11b38be0c9a574461dbcda8d6136074e40e3981f0253b03df0594c3c1d834a61e971a21e4ea75638b027a7a84c011dfe62f24c51f2e6bb6f89eed9386c

memory/6356-984-0x000000000BC30000-0x000000000BCC2000-memory.dmp

memory/6356-1079-0x000000000BBF0000-0x000000000BBFA000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KHFRYLJ9.cookie

MD5 2fbed9c3408c819d46d99e1b7103ed2a
SHA1 f72bb0590717331bc0bacfe084cda17313932bfd
SHA256 7f419ddd6c7344ec8d5247de7e873f5a0fc40bd55d3a7b7c8001dd06da927a33
SHA512 df5ae8c7e19ecff3d25f470f3d9246bfb48a5c03423747627311857dc729f8679a9a89e4758763db5f84bbba8c6a6af874ef0c573aa84ec11b3f5026a742c9a1

C:\Users\Admin\AppData\Local\Temp\219.exe

MD5 f6079a0d6e9c3d6c80af8adb5033b007
SHA1 c111e23c945fc86bf81729112ba1c0acdab479a0
SHA256 fed9fe7c0027acbfeb05ae652b70d981ed3aabb54559eb6bfb1ba24a27e1c3a7
SHA512 02f4609bad9babbd141e2e80e923a99b6e03969fbbf53ad1f99f1839da83076c41dd8765df081587bba466437ff64f292c672616addcae524e1e4909bc7c44bf

C:\Users\Admin\AppData\Local\Temp\219.exe

MD5 f6079a0d6e9c3d6c80af8adb5033b007
SHA1 c111e23c945fc86bf81729112ba1c0acdab479a0
SHA256 fed9fe7c0027acbfeb05ae652b70d981ed3aabb54559eb6bfb1ba24a27e1c3a7
SHA512 02f4609bad9babbd141e2e80e923a99b6e03969fbbf53ad1f99f1839da83076c41dd8765df081587bba466437ff64f292c672616addcae524e1e4909bc7c44bf

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\554FB74B\favicon[1].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

memory/6640-1253-0x0000000000400000-0x000000000046F000-memory.dmp

\Users\Admin\AppData\Local\Temp\219.exe

MD5 f6079a0d6e9c3d6c80af8adb5033b007
SHA1 c111e23c945fc86bf81729112ba1c0acdab479a0
SHA256 fed9fe7c0027acbfeb05ae652b70d981ed3aabb54559eb6bfb1ba24a27e1c3a7
SHA512 02f4609bad9babbd141e2e80e923a99b6e03969fbbf53ad1f99f1839da83076c41dd8765df081587bba466437ff64f292c672616addcae524e1e4909bc7c44bf

\Users\Admin\AppData\Local\Temp\219.exe

MD5 f6079a0d6e9c3d6c80af8adb5033b007
SHA1 c111e23c945fc86bf81729112ba1c0acdab479a0
SHA256 fed9fe7c0027acbfeb05ae652b70d981ed3aabb54559eb6bfb1ba24a27e1c3a7
SHA512 02f4609bad9babbd141e2e80e923a99b6e03969fbbf53ad1f99f1839da83076c41dd8765df081587bba466437ff64f292c672616addcae524e1e4909bc7c44bf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\39K4RCR6.cookie

MD5 539abfc909dde3b2693c6757a46c5044
SHA1 225cd34e513b2fceae1b79dac60344d9090cec7b
SHA256 1747fed957c38ecb0cc5d9aba9eb7c2424d5551da8b769d8a24287cce5c5ae0b
SHA512 d415599db39938951e87c1ead833d3c4cb654f9963df7ad1a160ce499002560b96ed6fe890a864464fbf14c4f5f9a1a83c6732c918cf9557fd37554dc2ae11df

C:\Users\Admin\AppData\Local\Temp\12A5.exe

MD5 0592c6d7674c77b053080c5b6e79fdcb
SHA1 693339ede19093e2b4593fda93be0b140be69141
SHA256 fe19cdb149ecd8fd116f048852dcc10e46a3521351102685ce25c61a7d962a14
SHA512 37f2ff110b0702229b888280c8c2dff7885e6b1e583ccc47c36e74f44adfa491f70d6d6ab95d79149437d6fd9400448f1046eee3676ea98dffe99bc28e4783cb

memory/6640-1268-0x0000000073680000-0x0000000073D6E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\12A5.exe

MD5 0592c6d7674c77b053080c5b6e79fdcb
SHA1 693339ede19093e2b4593fda93be0b140be69141
SHA256 fe19cdb149ecd8fd116f048852dcc10e46a3521351102685ce25c61a7d962a14
SHA512 37f2ff110b0702229b888280c8c2dff7885e6b1e583ccc47c36e74f44adfa491f70d6d6ab95d79149437d6fd9400448f1046eee3676ea98dffe99bc28e4783cb

memory/5976-1270-0x00000000007D0000-0x00000000007EE000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\B3ROYS9M\www.epicgames[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TQPWWT2H.cookie

MD5 ae84f3466786cca1ea28412f97cc7682
SHA1 0a387ded47f0db26c347cfe0bb880c8894ad4542
SHA256 a4569c063d0c5d25851c17ac0b9219d89ec9e2b0e981de76d4c5bfe21b82bab7
SHA512 6f6eca94c3b0046a06ab33cea4918bd344ed231b830f465d7f5cc9e44031869c2a2cdcd364281f3fa3d07b08febbd7161e0e7fef2e24f633cf286bf0deed89b7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IIAEVS4\chunk~9229560c0[1].css

MD5 19a9c503e4f9eabd0eafd6773ab082c0
SHA1 d9b0ca3905ab9a0f9ea976d32a00abb7935d9913
SHA256 7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a
SHA512 0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83

memory/6356-1362-0x000000000CBA0000-0x000000000D1A6000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OJXPRHEU.cookie

MD5 32d500acb0b2531868fe34d811610553
SHA1 1c850607f2b14dc5543d32e6d12279f0163d4400
SHA256 e2eda5424fcc0b0f024a10fa729deb689adb62f8b5a2c5dfd705ae8006a873bf
SHA512 2d849cd5a1443a6b041e0e0308ef75730914f189d300f49df3b8a7d2e8d69381da6c232eb309fc6229124d861cea393f108b4a2916055cc8bd2003937a7c9983

memory/5976-1387-0x0000000073680000-0x0000000073D6E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\edohox9\imagestore.dat

MD5 de6934fb010d691cc46922a08b8e11ae
SHA1 a74f8f0ae37d664ddb83413af2bccfd5cf21a45f
SHA256 21b6401868ed8055243d154ed6fdccc26db1f5f0c19ae948e0ab15ba88ede512
SHA512 f3d10bda91d4c11f552faa805375d9b001c97593bfa529afbe597df221b3c664d21e59f175a23953f74b2724d1dcfd6ef10912d59708ad34cb1cb7a7d33da255

C:\Users\Admin\AppData\Local\Temp\670F.exe

MD5 c6efb8a96d16975e226f757619892d09
SHA1 fe1d7fc49e6ca211930347334eb27b0d64d9b5dc
SHA256 2f831895016ec2f255ca65fb3fb7b7aac1c5f8bd07569fd170bba8dabca86f7c
SHA512 d373614d6d4fb31449212936d62f4584b8023a9c4776e7fc94634b0c494137287f7bf9b2296a4f8e1b43055fd73377322a4bae01407ea95615723f7a2e4cd8ec

C:\Users\Admin\AppData\Local\Temp\670F.exe

MD5 c6efb8a96d16975e226f757619892d09
SHA1 fe1d7fc49e6ca211930347334eb27b0d64d9b5dc
SHA256 2f831895016ec2f255ca65fb3fb7b7aac1c5f8bd07569fd170bba8dabca86f7c
SHA512 d373614d6d4fb31449212936d62f4584b8023a9c4776e7fc94634b0c494137287f7bf9b2296a4f8e1b43055fd73377322a4bae01407ea95615723f7a2e4cd8ec

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZHDT40NK\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\A0K33EXM.cookie

MD5 8f571ec4ef7353727a3385785e475e0e
SHA1 e80ffc3b33280596e40712355a57394c9ff8b933
SHA256 4b3ddcfca057f6b6cd3fbebf95e7b498d161954728299fca45d3363503c1eef6
SHA512 5afb245ab10f8227539e3d941abee6f2c77175a9e8222aa73d6b7f83aabdbdbfb057a60fcb9226378b41b663be4a43145de487c90c2ff6f5f8330bd67286404c

memory/5976-1410-0x0000000005140000-0x0000000005152000-memory.dmp

memory/7152-1420-0x0000000073680000-0x0000000073D6E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7C1F.exe

MD5 d497d6f5d3b74379d1ca2e1abde20281
SHA1 937aac5cf9191e833724edda2742ed115a5237c7
SHA256 a1765648a41eea21fd942776cba9b50705673d8f7564ae7f8c9751eda9e2e564
SHA512 bdb28622542e3b34e40b37a189a967b6136963200fec616c6147fd36bb543b94a7d64128d5fbd65a5358b1131dc265c7cbdb1240fece3e8c09652b97c4c025a6

memory/7152-1428-0x0000000000A20000-0x00000000016BA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7C1F.exe

MD5 d497d6f5d3b74379d1ca2e1abde20281
SHA1 937aac5cf9191e833724edda2742ed115a5237c7
SHA256 a1765648a41eea21fd942776cba9b50705673d8f7564ae7f8c9751eda9e2e564
SHA512 bdb28622542e3b34e40b37a189a967b6136963200fec616c6147fd36bb543b94a7d64128d5fbd65a5358b1131dc265c7cbdb1240fece3e8c09652b97c4c025a6

memory/6112-1435-0x0000017C4E950000-0x0000017C4EA3E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9V74OVAC.cookie

MD5 83b0bf1ee9cf3235ceef30cd1a5b8bab
SHA1 e4af446abf169e43c06e97c444d576baafd84ec8
SHA256 444e5e387861c7ef35d219f171ad600c09c1f77d1b1177d7a39305b228c6a1c4
SHA512 b4b79fb8c4319ff27e02f2dd6ed8f303005863d63516bcdfab273f5ab71e198ff54c7e3d7d3d17be6665f44f675b082e7ad10fe5573bab48056e5bc7a54543f5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GBNG4YDO.cookie

MD5 0630f308132e7bd1caeed5a5b6210018
SHA1 4db8c7b06511cb1bc344e5922b6f26bfcbc4288e
SHA256 211ad95bd4c7d0ea8784ab215f8d2e27adf1ffd477ef592f5db587d5048793de
SHA512 e5f0e2c7bf52f2ba82a8b220b41e00e41db8b693cb19d91d3a827e71ca3b30f7b8b7657d293d259f4ffb122498c3359db64807f8cdc44b3a17a96049f03083c5

memory/5976-1469-0x00000000051C0000-0x00000000051FE000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SKXK1112.cookie

MD5 22e076dac6562e4e0ae2605bb84d04f3
SHA1 dc556d44c862dea8067cd0522351b3fbc253e263
SHA256 a3e1e8da4fcc28c1331268c621df96cc3662bcfe8cf5b610237bae5f4b8dbf1a
SHA512 b67744e395f0bfe9e342ea71ede9e11fd2a53e90ac2fc74e432a22a6c96e70207f6ec8463d786032f8bff158e9fe732fa64b89989e3146b2d9bbf18ca14bad6a

C:\Users\Admin\AppData\Local\Temp\80A4.exe

MD5 73ae6c3b85c619aa3fb06de545597251
SHA1 eb1aebe3b76ca3a2b5075880a307c7da2a7d4526
SHA256 622b9f4f5d1eb80a8d6c0384d4c2cc62db85499005cbc5efb35e0fd343db7427
SHA512 912a6aac98a5e83d9519b9bb40efebe843d5265768a702c5523161ba2edd422d7c7d743eaac8c5ddab6719f2500a9826979baab2ed22d0bd7d6be66f56d59923

C:\Users\Admin\AppData\Local\Temp\80A4.exe

MD5 73ae6c3b85c619aa3fb06de545597251
SHA1 eb1aebe3b76ca3a2b5075880a307c7da2a7d4526
SHA256 622b9f4f5d1eb80a8d6c0384d4c2cc62db85499005cbc5efb35e0fd343db7427
SHA512 912a6aac98a5e83d9519b9bb40efebe843d5265768a702c5523161ba2edd422d7c7d743eaac8c5ddab6719f2500a9826979baab2ed22d0bd7d6be66f56d59923

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\H6CDYCJK.cookie

MD5 e47f501d790d4b0d5e1da5f1ad65b94e
SHA1 740394e1acebef7e6130910476affa0bf841248e
SHA256 fe66250cc6e7162c0efc94fb1a987d025dd4e29f3bd312f8b93505d2171210dc
SHA512 cf84a9166198466014ebd15651bd2d697e5b3ce5bbe2f9261705d7dbfbd572478ca22e41ebef89149e77a02784bf3bb4b811aae900af606480a34f124e666c7e

memory/6356-1483-0x000000000C6A0000-0x000000000C7AA000-memory.dmp

memory/5608-1525-0x000002138E050000-0x000002138E0F2000-memory.dmp

memory/5608-1531-0x00000213A8540000-0x00000213A8640000-memory.dmp

memory/6112-1536-0x00007FF943620000-0x00007FF94400C000-memory.dmp

memory/6112-1533-0x0000017C68EA0000-0x0000017C68F80000-memory.dmp

memory/5976-1547-0x0000000005170000-0x0000000005180000-memory.dmp

memory/5608-1545-0x00007FF943620000-0x00007FF94400C000-memory.dmp

memory/5608-1549-0x000002138E520000-0x000002138E530000-memory.dmp

memory/6112-1552-0x0000017C68E50000-0x0000017C68E60000-memory.dmp

memory/6112-1566-0x0000017C68FF0000-0x0000017C690D0000-memory.dmp

memory/5976-1657-0x0000000005200000-0x000000000524B000-memory.dmp

memory/6112-1661-0x0000017C690D0000-0x0000017C69198000-memory.dmp

memory/6112-1773-0x0000017C692A0000-0x0000017C69368000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\B3ROYS9M\www.epicgames[1].xml

MD5 3ff4d575d1d04c3b54f67a6310f2fc95
SHA1 1308937c1a46e6c331d5456bcd4b2182dc444040
SHA256 021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44
SHA512 2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

memory/6356-1777-0x0000000073680000-0x0000000073D6E000-memory.dmp

memory/6112-1787-0x0000017C69370000-0x0000017C693BC000-memory.dmp

memory/5608-1786-0x00000213A8640000-0x00000213A8696000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GOR9M374.cookie

MD5 9a9545d131cded877875f7f933531dd2
SHA1 d5084868492d588db7c91799e300e3a6bcca5841
SHA256 b83a2489c6cef8303198b6ffe5648ebfef99eff05ae063d3893fb4c160e3c9de
SHA512 c5d42a06dace9b1b432765ed9de23fd2431a13e9353defa98490136b4ea4d69ce61d8f33525a6c2e65dd9852e4134d5f6ed56e47723f2961a7f34f2d9681d30e

memory/6640-1835-0x0000000073680000-0x0000000073D6E000-memory.dmp

memory/5976-1836-0x0000000073680000-0x0000000073D6E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GQSA6O9J.cookie

MD5 cec66e4006a7216c7a98f20dc22a078b
SHA1 774e84fdf9478683374633908f34df50a6cfc752
SHA256 003f93ff5bf46470b09d17dbc636899bb5c18778cff5b18fe13b136443f00b21
SHA512 de174bb18412587bf44fff9fabf14ec7ef8a3a0e7f8e8826ea3c9ccf533c6350a7ce9d155b48ac9384cb2e13897a2e730481a668b12d14e623b7830ff5454ba6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\J8YSNOTV.cookie

MD5 4df2c77ef2fd19988379fe1fc587faf3
SHA1 2e1016095e582acc528ba37be4ae4f9fa0eadade
SHA256 60bbf1f153faa24820d1d0697994d51c8ef45841c59d5fdf3f1a9ec43b2fb7a8
SHA512 ceb4e4ab7f71c0ef90f6e056e1a395a414e38242ce5e9ad0a31f9e484b0a9d4b34b970317f0e15dfc8c9693d0e17123a7caa29fa51eca6ce5f121572cc49ea5f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\67NQ17EZ.cookie

MD5 552649e91e021ece2ec16a5a8bb3a150
SHA1 a35daca908e9b32ac0b80bc9d7895553b6976619
SHA256 92098fcdfc8cee180e587586e5b3c099a9074d774f9f7257cac63cdae362ea88
SHA512 a9ddc73b224116d213e9b9dcd69a27fbbb7f4a7c63ae798cc8f0875384ee4c2602fd5065a41752fe550c3174390cd627fff944513c48c63cf7e5de96f25e959f

memory/5608-2137-0x00000213A86F0000-0x00000213A8744000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

memory/2904-2149-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/7152-2154-0x0000000073680000-0x0000000073D6E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7C1F.exe

MD5 d497d6f5d3b74379d1ca2e1abde20281
SHA1 937aac5cf9191e833724edda2742ed115a5237c7
SHA256 a1765648a41eea21fd942776cba9b50705673d8f7564ae7f8c9751eda9e2e564
SHA512 bdb28622542e3b34e40b37a189a967b6136963200fec616c6147fd36bb543b94a7d64128d5fbd65a5358b1131dc265c7cbdb1240fece3e8c09652b97c4c025a6

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

MD5 bc3354a4cd405a2f2f98e8b343a7d08d
SHA1 4880d2a987354a3163461fddd2422e905976c5b2
SHA256 fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b
SHA512 fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b

memory/6112-2163-0x00007FF943620000-0x00007FF94400C000-memory.dmp

memory/2904-2171-0x00007FF943620000-0x00007FF94400C000-memory.dmp

memory/2904-2160-0x0000025BFD600000-0x0000025BFD610000-memory.dmp

memory/2904-2167-0x0000025BFD4B0000-0x0000025BFD594000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\T0LFYOW2\recaptcha__en[1].js

MD5 fbeedf13eeb71cbe02bc458db14b7539
SHA1 38ce3a321b003e0c89f8b2e00972caa26485a6e0
SHA256 09ed391c987b3b27df5080114e00377ff1a748793cb417a809b33f22d737fe55
SHA512 124b9f53a53ef596a54c6c04ab3be2b25d33d1ce915978ec03da8f9f294db91d41ee9091b722e462722f51f9d9455ce480e1a0cb57c2f3248c7a3a9e3b9dac58

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\8142WVGP\epic-favicon-96x96[1].png

MD5 c94a0e93b5daa0eec052b89000774086
SHA1 cb4acc8cfedd95353aa8defde0a82b100ab27f72
SHA256 3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775
SHA512 f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2CLT7A90\styles__ltr[1].css

MD5 eb4bc511f79f7a1573b45f5775b3a99b
SHA1 d910fb51ad7316aa54f055079374574698e74b35
SHA256 7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
SHA512 ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

memory/5608-2260-0x00007FF943620000-0x00007FF94400C000-memory.dmp

memory/5976-2265-0x0000000005170000-0x0000000005180000-memory.dmp

memory/5608-2270-0x000002138E520000-0x000002138E530000-memory.dmp

memory/4120-2275-0x0000000001050000-0x0000000001051000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TH18OIKZ\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a