Malware Analysis Report

2024-12-08 01:08

Sample ID 231111-mlfmnaee65
Target 9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c
SHA256 9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c
Tags
mystic redline taiga google paypal infostealer persistence phishing spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c

Threat Level: Known bad

The file 9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c was found to be: Known bad.

Malicious Activity Summary

mystic redline taiga google paypal infostealer persistence phishing spyware stealer

Detect Mystic stealer payload

RedLine payload

Detected google phishing page

RedLine

Mystic

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

Accesses cryptocurrency files/wallets, possible credential harvesting

AutoIT Executable

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

Drops file in Windows directory

Program crash

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 10:32

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 10:32

Reported

2023-11-11 10:35

Platform

win10-20231020-en

Max time kernel

150s

Max time network

161s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected google phishing page

phishing google

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3lw814gh.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\Total = "108" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2f3e48aa8a14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e0d261a08a14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.paypalobjects.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1ab5d0ac8a14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\recaptcha.net\NumberOfSubd = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.recaptcha.net C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 56dde97b8a14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steampowered.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steamcommunity.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steampowered.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\recaptcha.net\Total = "103" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steampowered.com\NumberOfS = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\paypal.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\newassets.hcaptcha.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\c.paypal.com\ = "108" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\NumberOfSubdomains = "2" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 528 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe
PID 528 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe
PID 528 wrote to memory of 1560 N/A C:\Users\Admin\AppData\Local\Temp\9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe
PID 1560 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe
PID 1560 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe
PID 1560 wrote to memory of 1168 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe
PID 1168 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3lw814gh.exe
PID 1168 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3lw814gh.exe
PID 1168 wrote to memory of 3908 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3lw814gh.exe
PID 1168 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe
PID 1168 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe
PID 1168 wrote to memory of 4048 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe
PID 4048 wrote to memory of 5928 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 5928 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 5928 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 5988 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 5988 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 5988 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 6056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 6056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 6056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 6056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 6056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 6056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 6056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 6056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 6056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4048 wrote to memory of 6056 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1560 wrote to memory of 6112 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe
PID 1560 wrote to memory of 6112 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe
PID 1560 wrote to memory of 6112 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe
PID 6112 wrote to memory of 5788 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6112 wrote to memory of 5788 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6112 wrote to memory of 5788 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6112 wrote to memory of 5788 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6112 wrote to memory of 5788 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6112 wrote to memory of 5788 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6112 wrote to memory of 5788 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6112 wrote to memory of 5788 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 528 wrote to memory of 5884 N/A C:\Users\Admin\AppData\Local\Temp\9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe
PID 528 wrote to memory of 5884 N/A C:\Users\Admin\AppData\Local\Temp\9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe
PID 528 wrote to memory of 5884 N/A C:\Users\Admin\AppData\Local\Temp\9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe
PID 4524 wrote to memory of 5128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4524 wrote to memory of 5128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4524 wrote to memory of 5128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4524 wrote to memory of 712 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4524 wrote to memory of 364 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4524 wrote to memory of 364 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 5884 wrote to memory of 6708 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5884 wrote to memory of 6708 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5884 wrote to memory of 6708 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5884 wrote to memory of 6708 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5884 wrote to memory of 6708 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5884 wrote to memory of 6708 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5884 wrote to memory of 6708 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5884 wrote to memory of 6708 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 5884 wrote to memory of 6708 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4524 wrote to memory of 4872 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4524 wrote to memory of 4872 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4524 wrote to memory of 712 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4524 wrote to memory of 2928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4524 wrote to memory of 4872 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4524 wrote to memory of 712 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4524 wrote to memory of 2928 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c.exe

"C:\Users\Admin\AppData\Local\Temp\9b190917c259353d90eda599a72044dce8585f57fdc48ca8ff6d20c5ad39255c.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3lw814gh.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3lw814gh.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 568

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 store.steampowered.com udp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 fbsbx.com udp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 3.210.187.106:443 www.epicgames.com tcp
US 3.210.187.106:443 www.epicgames.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 106.187.210.3.in-addr.arpa udp
US 8.8.8.8:53 238.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 174.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 18.239.104.165:80 ocsp.r2m02.amazontrust.com tcp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 165.104.239.18.in-addr.arpa udp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 182.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 103.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 192.229.221.25:443 t.paypal.com tcp
US 192.229.221.25:443 t.paypal.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 54.205.234.65:443 tracking.epicgames.com tcp
US 8.8.8.8:53 65.234.205.54.in-addr.arpa udp
US 192.229.221.25:443 t.paypal.com tcp
US 192.229.221.25:443 t.paypal.com tcp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 8.8.8.8:53 121.252.72.23.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 store.steampowered.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 104.208.16.94:443 watson.telemetry.microsoft.com tcp
US 104.208.16.94:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 c.paypal.com udp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 104.208.16.94:443 watson.telemetry.microsoft.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.103:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 8.8.8.8:53 numpersb.fun udp
US 151.101.1.35:443 c6.paypal.com tcp
US 151.101.1.35:443 c6.paypal.com tcp
US 8.8.8.8:53 killredls.pw udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 38.209.67.172.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.218.90:443 newassets.hcaptcha.com tcp
US 104.19.218.90:443 newassets.hcaptcha.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 api.hcaptcha.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 104.19.219.90:443 api.hcaptcha.com tcp
US 104.19.219.90:443 api.hcaptcha.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 136.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 172.67.209.38:80 killredls.pw tcp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 172.67.209.38:80 killredls.pw tcp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 183.2.85.104.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
US 20.189.173.20:443 watson.telemetry.microsoft.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
NL 142.250.179.182:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.21:443 watson.telemetry.microsoft.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
RU 5.42.92.51:19057 tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 9.173.189.20.in-addr.arpa udp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe

MD5 77619dc6a956711ea8acccf09762f8a7
SHA1 f674b5818243c902465f77c80d0c5f423546b80a
SHA256 6f46a49c58b312b40b35285a888bb1e76e11afe56b86f28beb2957666f4be407
SHA512 e37ade7e4ec101c12e7b8658e625a2c8f7a14a7effce3f58395cb5580c8f4830672405725201f9e8b31a9d9810adfa6d7c4d14b119ccb4caf0f00b9f3f530ae8

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ic0Pp88.exe

MD5 77619dc6a956711ea8acccf09762f8a7
SHA1 f674b5818243c902465f77c80d0c5f423546b80a
SHA256 6f46a49c58b312b40b35285a888bb1e76e11afe56b86f28beb2957666f4be407
SHA512 e37ade7e4ec101c12e7b8658e625a2c8f7a14a7effce3f58395cb5580c8f4830672405725201f9e8b31a9d9810adfa6d7c4d14b119ccb4caf0f00b9f3f530ae8

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe

MD5 470d3d70e96ac36be3225baeec7ccb07
SHA1 f3f7ffecb083675c9d8f2b831868dc208fbb0568
SHA256 c5f2a7fb5806f6f7aeeb55db7174743875365750a1f26c782f7bdf4ef91e0230
SHA512 003ce11c486e432422d28fce5acafc38371231b08afb1306e0ba15535352bd97a850c5a3e7a71e89bc2ffdc4a534a6d8eb7394d4dc9078d2dedbe52f0bd29f1b

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\jL7TB84.exe

MD5 470d3d70e96ac36be3225baeec7ccb07
SHA1 f3f7ffecb083675c9d8f2b831868dc208fbb0568
SHA256 c5f2a7fb5806f6f7aeeb55db7174743875365750a1f26c782f7bdf4ef91e0230
SHA512 003ce11c486e432422d28fce5acafc38371231b08afb1306e0ba15535352bd97a850c5a3e7a71e89bc2ffdc4a534a6d8eb7394d4dc9078d2dedbe52f0bd29f1b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3lw814gh.exe

MD5 126c4158164bbbd322af6883bb8bd3f3
SHA1 5d57e9cb5ba0d57b5d0584e012d9b839ece7c9a9
SHA256 6ca696ccd897bc7fb8e4df51526604aa01c787c4f72319e95d257f614d0f48fc
SHA512 d8398ecd316d2f2e4e318f9869de3888ef7ed0a36a427074e6c65990036ab57d8e489baf75e0c9b1baba969f85e9be3544d9c5fbb4c2f22ac6209d810f66babc

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3lw814gh.exe

MD5 126c4158164bbbd322af6883bb8bd3f3
SHA1 5d57e9cb5ba0d57b5d0584e012d9b839ece7c9a9
SHA256 6ca696ccd897bc7fb8e4df51526604aa01c787c4f72319e95d257f614d0f48fc
SHA512 d8398ecd316d2f2e4e318f9869de3888ef7ed0a36a427074e6c65990036ab57d8e489baf75e0c9b1baba969f85e9be3544d9c5fbb4c2f22ac6209d810f66babc

memory/4984-21-0x000002AB8A820000-0x000002AB8A830000-memory.dmp

memory/4984-37-0x000002AB8B100000-0x000002AB8B110000-memory.dmp

memory/4984-56-0x000002AB8A9B0000-0x000002AB8A9B2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe

MD5 4099f291f27ac65f80da1433935c3893
SHA1 bfe4ce6b98698e582ff8d953d1e5b7644e2ab7c4
SHA256 6eb11e8deb42157131bc616b791b63879cd69458efe4d0eaae00878ace9bcf61
SHA512 dae9477c32c66b54c8079ace694ca76ffb8cd02d053a938d84096cec1d2d9f4ed7c1afc41b8b6941152c0f554e7ff349e1ec0ffd7ec7b0bf5b07135bf6d98ff9

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Sr4xc0.exe

MD5 4099f291f27ac65f80da1433935c3893
SHA1 bfe4ce6b98698e582ff8d953d1e5b7644e2ab7c4
SHA256 6eb11e8deb42157131bc616b791b63879cd69458efe4d0eaae00878ace9bcf61
SHA512 dae9477c32c66b54c8079ace694ca76ffb8cd02d053a938d84096cec1d2d9f4ed7c1afc41b8b6941152c0f554e7ff349e1ec0ffd7ec7b0bf5b07135bf6d98ff9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 f51ce0c67ddeae39c102cfc28d10624f
SHA1 df5de921c8dd59ad49c19521c4bbb7f0f6fa79e0
SHA256 9bc45da4b18a454e3f40cedadaddbaaa75e10921cbfb6f28ade22226371cec6c
SHA512 ad8c1a3cbb4021ce196c99e929d08c0bcd91e45f07ab6e0353f365edac338b731a873c6d78befe017c9b663d0ed9bbbbf5621f4d9e12cb00a3773f3896cd3db1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 f51ce0c67ddeae39c102cfc28d10624f
SHA1 df5de921c8dd59ad49c19521c4bbb7f0f6fa79e0
SHA256 9bc45da4b18a454e3f40cedadaddbaaa75e10921cbfb6f28ade22226371cec6c
SHA512 ad8c1a3cbb4021ce196c99e929d08c0bcd91e45f07ab6e0353f365edac338b731a873c6d78befe017c9b663d0ed9bbbbf5621f4d9e12cb00a3773f3896cd3db1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 f51ce0c67ddeae39c102cfc28d10624f
SHA1 df5de921c8dd59ad49c19521c4bbb7f0f6fa79e0
SHA256 9bc45da4b18a454e3f40cedadaddbaaa75e10921cbfb6f28ade22226371cec6c
SHA512 ad8c1a3cbb4021ce196c99e929d08c0bcd91e45f07ab6e0353f365edac338b731a873c6d78befe017c9b663d0ed9bbbbf5621f4d9e12cb00a3773f3896cd3db1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a593888375c40e484e04447231a77443
SHA1 9e92150972da7ff5ad3f9495e769f9a9b3014b30
SHA256 34d373f214fb516667cd9c62d0237fd4f9d472ef8770e9a6d02c0c3f6e86beb5
SHA512 da7c82ee560dd7e7fd4925a9191a3815d36620a3c845609bcbe44c3d8004632d9e5c059cf9d0a6fe5b30896d6b8dd18c14779419fc07df30dafc557262c06b5f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 29b486efa1bc1f4a24a18f49e3f08836
SHA1 317bb316164004e94c0075b53dd33732a9550451
SHA256 754bbffc6a2da256963d5e432935dc8315e008ebdadf77a38c6f9b3cc378f319
SHA512 c5efcdbbb46d14a706bed4aaa7cde424ff50ddb0a4143a1656fc4b807a43668db7ce4605524632960285bf706c58cfb65f2d8fe917a7225075dcc1b634c33ae5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 a593888375c40e484e04447231a77443
SHA1 9e92150972da7ff5ad3f9495e769f9a9b3014b30
SHA256 34d373f214fb516667cd9c62d0237fd4f9d472ef8770e9a6d02c0c3f6e86beb5
SHA512 da7c82ee560dd7e7fd4925a9191a3815d36620a3c845609bcbe44c3d8004632d9e5c059cf9d0a6fe5b30896d6b8dd18c14779419fc07df30dafc557262c06b5f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 30d87461259a31bb18e0e7a8e8185397
SHA1 0db8f423a00a5f9c519b669b0c7564f4d7e03493
SHA256 5442d87682140573fe7df934066cffa9e68e979a3af5885d31cc1cc3062a852c
SHA512 4be00f477ea1f7db113f4616aa16b7116f8446386683709eb8ca8c4f025cd5f4eac9f425462c036d364ef2e02cc209276e77567d438b0e1a1e13a0ebfaec71d1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 30d87461259a31bb18e0e7a8e8185397
SHA1 0db8f423a00a5f9c519b669b0c7564f4d7e03493
SHA256 5442d87682140573fe7df934066cffa9e68e979a3af5885d31cc1cc3062a852c
SHA512 4be00f477ea1f7db113f4616aa16b7116f8446386683709eb8ca8c4f025cd5f4eac9f425462c036d364ef2e02cc209276e77567d438b0e1a1e13a0ebfaec71d1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 9c62db61df894a9e3aabcd038ba3cfaf
SHA1 42fd3e18332e035850d56534ed3c29f115b4d3c3
SHA256 dc8a922c6baef8a1d97c0561c3c3f0899f81a305bd2253b64782aff035fac546
SHA512 b6ab883f33cd18333ec2eef7864cdab0150c63608f04846f221297267851fa8544cd6f2ff53740ad540920d485027f781b357ec4f7a85be7bf08e79220663cb9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5WC5WFHU.cookie

MD5 043c05c52a927c345ec9a53824bcb568
SHA1 a38a4a108696e832e2f4c7fce96de7ea5d6ce547
SHA256 615dd84f72686ccfa4c13f111f3dcd7a5d29461531353ebb62b6bd56b9ba59e1
SHA512 a5fe584953679058b7ed4db09c87a8f4c80bf781017c61eb1733e5fc7a30ef7f61e8135928b55e5d2d6c8e4743d75274498a392c0a0c38f7b6258bde4a0d186f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OLM2RWIA.cookie

MD5 7a273708dcf92ad0de56b6c4be76300a
SHA1 033bc408d618760d139a6b739e0f7af8670c8ed2
SHA256 7e4890bd62d9984c33d1037bc7f2118bdb69c44038e8ed9415e86a4aa1b99f24
SHA512 d186a6b2450173c138fe8f9f73b91b09e75b9739d6e8028fc3f3145e5a40c3af066908cb63f09db4a01fc4e94f7ded61e77c3f030bebd93d5b6e7aada06829f5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\NX9VDZ7S.cookie

MD5 d13982f6f30006fb68747d7a3a3f7cf8
SHA1 95e8fe99a0fe3b03c837d3fd86bfa8ba1a5a174a
SHA256 115bc37f021b565743396529c393d98317f978593cb132895803c3ac69469ea4
SHA512 9df6da2492ba46d14f50204a94b38577ab9f1f32fc12db6c8495ce054a1fe0236a7c85f837841f2370d082c42a017cf9f88581755702ba70ed2452c6a670ad9d

memory/4908-197-0x00000260B16F0000-0x00000260B1710000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LAEF8105.cookie

MD5 9af4d80717d0df350d5e3416330fd78a
SHA1 e0134a55b2d1bc8f81eb468436eec81f2da60386
SHA256 edc0a597de6e4826a0efef5eb36714d8e7858cdc9e155ecb2edab33933754c82
SHA512 20d8c48354aa04fbf54948bb67059e1d604a992415fa8f9bf4422325e3d876fc5e4206febda06f47b3761c249f6deb4c0b2b57a74cd88a33f5b175ac80c0b09a

memory/6056-274-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe

MD5 46f5f08dd7f4b64e42bd7c8d040cfd37
SHA1 663f2fc72ff99c90dbd2a5d74cee68749044e5b3
SHA256 fa6701811ad7461f59e3f04303b7de2983d4f9d1507410ab5911f2474abe0217
SHA512 fd09fb3c239fe73a44d74ab687bb60307d0126a0681aab8c0dca1ea6b9dddaa08aad4d8f542b0c74bf26d277531e3901c311aa3807b82e9875ca3a425cc9613a

memory/6056-279-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6056-284-0x0000000000400000-0x0000000000433000-memory.dmp

memory/6056-287-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5GU68oF.exe

MD5 46f5f08dd7f4b64e42bd7c8d040cfd37
SHA1 663f2fc72ff99c90dbd2a5d74cee68749044e5b3
SHA256 fa6701811ad7461f59e3f04303b7de2983d4f9d1507410ab5911f2474abe0217
SHA512 fd09fb3c239fe73a44d74ab687bb60307d0126a0681aab8c0dca1ea6b9dddaa08aad4d8f542b0c74bf26d277531e3901c311aa3807b82e9875ca3a425cc9613a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 4c8aaddcaab19edf51cfe851e3f5e216
SHA1 5b2601360bbc7931746ed0972503a4f8d6d605d6
SHA256 d0c074a41244e211bd871b8794d04066030b202243f36d7338d4a9dbad7b9d2f
SHA512 d3add9bd4ffb02b6f0002aee51845aa19bbb3a7b847c4d619e42fa98a42003e3d60776ea99fd66c9e26a00243754adb62fefe37a2ad88de7193e137f50dae565

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 30d87461259a31bb18e0e7a8e8185397
SHA1 0db8f423a00a5f9c519b669b0c7564f4d7e03493
SHA256 5442d87682140573fe7df934066cffa9e68e979a3af5885d31cc1cc3062a852c
SHA512 4be00f477ea1f7db113f4616aa16b7116f8446386683709eb8ca8c4f025cd5f4eac9f425462c036d364ef2e02cc209276e77567d438b0e1a1e13a0ebfaec71d1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 29b486efa1bc1f4a24a18f49e3f08836
SHA1 317bb316164004e94c0075b53dd33732a9550451
SHA256 754bbffc6a2da256963d5e432935dc8315e008ebdadf77a38c6f9b3cc378f319
SHA512 c5efcdbbb46d14a706bed4aaa7cde424ff50ddb0a4143a1656fc4b807a43668db7ce4605524632960285bf706c58cfb65f2d8fe917a7225075dcc1b634c33ae5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VS1DKD16.cookie

MD5 81e88f5f3afc6b42e834d668dd8a787f
SHA1 8660ac9d74408eb2a22dbfa9171acce396b0ea87
SHA256 e73cb57b39fd4657266ee85222e59add8c8104a42e5071475f05071d15379692
SHA512 bb68a9acffcb96c982f4af9f3a2aa6bf29bfc3440f1dfbf542f59fad7f01cbf5cd9566c5fbd2d8971a7cdb3319465932784f4af17fcf34747f2297b8c82b09de

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 13d5ce5ffbbae375ac2479b9f14ae59a
SHA1 4a551b2a9c031479ae10638a0513e91878a0b7f3
SHA256 7ef84a2114417097acade4b6bc93af00d0f9a6ae4b4329deb0623e3705654c95
SHA512 39d4314109bbc6359f3bed9cfe2c0c998196187428598a612bab07aac0c19239b67c1dd9bf06b98a23b66892f6ba6b8e32997bbf23257e69ad949f1bd1c2888c

memory/4880-348-0x0000021DEE1A0000-0x0000021DEE1C0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OTIXFUYA.cookie

MD5 008a526db07342564ff3485f674841e8
SHA1 e84b07546da751fa732645185af7d2abec0e745f
SHA256 58b5dcaa27cb3a7239d19cee43951ed223a19e294c81ef1d05efd0a707dd3f1c
SHA512 8e73095fabec8c071895f510a1587093a14ed179f31233a5048eb35f0095a0f6934c1f0dc171987db61b8f98f20af6fbe6557c1e5db5a97879769dc53727320d

memory/5788-350-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JIS5Z3WR.cookie

MD5 38aaa62581170d757c7a711d2d3c8536
SHA1 3f3718dd1b93bd497e743407e854726d10383055
SHA256 bfd46477d8cb31ef0cbf58d9516dfb86fc87c6ac748f7b00d3b15b91f512a4de
SHA512 4605b479ef64d100c0471de8b9da497d8385c4912757c52a997d3f00e4e63a6b777de24c43dd9bb8704824a2f014996c2f437d6c88b085f375c901bda6143e26

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 b29d196bc97a40b9889770a282fcfe3e
SHA1 57025bb37872d0c76d72a30b698658acd4c33c69
SHA256 2d4d0297dbe49cd02cd3de6652d39ee667b426fe54e8f4bd769453f592717827
SHA512 5f0a4f66a24f95b7a743b7dbbd7260ae730e638d9fac2064d1710ca25f8adbfa336dc4617dbe931a83887970fab1b1a564e6a3ec6a0c60c99efc753072d6e684

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6gi855.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DXDFAGHU\buttons[1].css

MD5 b91ff88510ff1d496714c07ea3f1ea20
SHA1 9c4b0ad541328d67a8cde137df3875d824891e41
SHA256 0be99fd30134de50d457729cebd0e08342777af747caf503108178cb4c375085
SHA512 e82438186bfc3e9ca690af8e099aafbfbc71c9310f9d1c8cb87ffa9e7f0f11f33982c63a2dac95c9b83fef1aaa59178b73212fc76e895d13a1ffbbe3c1adfa4c

memory/5128-471-0x000002625D0D0000-0x000002625D0D2000-memory.dmp

memory/5128-474-0x000002625D0F0000-0x000002625D0F2000-memory.dmp

memory/5128-476-0x000002625D410000-0x000002625D412000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DXDFAGHU\shared_global[1].css

MD5 cfe7fa6a2ad194f507186543399b1e39
SHA1 48668b5c4656127dbd62b8b16aa763029128a90c
SHA256 723131aba2cf0edd34a29d63af1d7b4ff515b9a3a3e164b2493026132dd37909
SHA512 5c85bb6404d5be1871b0b2e2d2c9053716354acd69c7acca73d8ce8bf8f21645ae11f788f78ef624444016cb722ecbd6213e771bda36717725f2b60f53688c6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DXDFAGHU\shared_responsive[1].css

MD5 2ab2918d06c27cd874de4857d3558626
SHA1 363be3b96ec2d4430f6d578168c68286cb54b465
SHA256 4afb3e37bfdd549cc16ef5321faf3f0a3bf6e84c79fc4408bc6f157280636453
SHA512 3af59e0b16ef9d39c2f1c5ccdbd5c9ea35bd78571fde1b5bf01e51a675d5554e03225a2d7c04ed67e22569e9f43b16788105a0bf591ebba28ef917c961cc59e2

memory/2928-567-0x0000023DAE240000-0x0000023DAE340000-memory.dmp

memory/5128-560-0x000002625D980000-0x000002625D9A0000-memory.dmp

memory/5128-529-0x000002625D530000-0x000002625D550000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DXDFAGHU\tooltip[2].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DXDFAGHU\shared_responsive_adapter[1].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

memory/5788-592-0x0000000072E30000-0x000000007351E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DXDFAGHU\shared_global[1].js

MD5 f94199f679db999550a5771140bfad4b
SHA1 10e3647f07ef0b90e64e1863dd8e45976ba160c0
SHA256 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548
SHA512 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

memory/712-605-0x000001A574D20000-0x000001A574D40000-memory.dmp

memory/2608-615-0x0000021EF0B60000-0x0000021EF0B80000-memory.dmp

memory/712-642-0x000001A574C00000-0x000001A574C20000-memory.dmp

memory/4872-630-0x00000228F6CA0000-0x00000228F6CC0000-memory.dmp

memory/5788-651-0x000000000BD90000-0x000000000C28E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\K70QO3O0.cookie

MD5 077739bd52e1b6b276af6e1a445534e2
SHA1 47e4009bc42963dd769b43d77bc977cf317cd593
SHA256 33328774bc2b59bbcb94673428bc5ccba38a2a178ae36beebe24bb56a57aa00c
SHA512 7b8ddc94a82ed796f9151ee892f12d7fb4def514506ca106e97faaa8bd73bd23a9b00fce07a7c27a9bf6658300ba24738730cac170c031e416f3c3f5e5680b57

memory/5788-671-0x000000000B930000-0x000000000B9C2000-memory.dmp

memory/2928-669-0x0000023DC2540000-0x0000023DC2560000-memory.dmp

memory/4880-692-0x0000021DEF8A0000-0x0000021DEF8C0000-memory.dmp

memory/5788-709-0x000000000B8F0000-0x000000000B8FA000-memory.dmp

memory/2928-717-0x0000023DBFFC0000-0x0000023DBFFE0000-memory.dmp

memory/4880-751-0x0000021DEFC90000-0x0000021DEFD90000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2KM46ISY.cookie

MD5 fa994aa6cb936e33f2916ebfaa0d6d9a
SHA1 f546485f7c229873178ae532666b11de35f8f750
SHA256 ca76d2df2820e3651fc735a86acab56e6171a51864558b2d1dea2ec027663c74
SHA512 be53cbc43ebc7f3c80b68719aa8c8542f69d9e8abe263f1425896a1b5ac9bd900ec6ae02d11c0c30f23bdf295fabde93a2772a7588a66ec1ae22f7ae1b8f6ee5

memory/2928-756-0x0000023DC0500000-0x0000023DC0600000-memory.dmp

memory/5788-822-0x000000000C8A0000-0x000000000CEA6000-memory.dmp

memory/5788-829-0x000000000BC60000-0x000000000BD6A000-memory.dmp

memory/4880-843-0x0000021DF0440000-0x0000021DF0540000-memory.dmp

memory/5788-847-0x000000000BB50000-0x000000000BB62000-memory.dmp

memory/5788-855-0x000000000BB70000-0x000000000BBAE000-memory.dmp

memory/712-846-0x000001A574C60000-0x000001A574C80000-memory.dmp

memory/712-870-0x000001A574C40000-0x000001A574C60000-memory.dmp

memory/2928-878-0x0000023DC0BB0000-0x0000023DC0CB0000-memory.dmp

memory/5788-866-0x000000000BBB0000-0x000000000BBFB000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

memory/4984-954-0x000002AB92100000-0x000002AB92101000-memory.dmp

memory/4984-957-0x000002AB92110000-0x000002AB92111000-memory.dmp

memory/712-960-0x000001A574BB0000-0x000001A574BD0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\hf1i173\imagestore.dat

MD5 4cb8a4f703063af26116431a569b988f
SHA1 08ab65cab07462e2b6dd73050da54e4752f17fc7
SHA256 bb45c138f6b6929bf235a53506907709812ff8b088faea2b0257fc51cb0c9bc3
SHA512 e15112920da2696d308dc0095669ac1e44f1b9e1e17e098510483f78da093f92dbea9c51f9c9324407d0b600f0ac083f73ba3177a2519669a310fb6ea2cc506e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SPKFC8XR\favicon[1].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\49R0SUN6\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\49R0SUN6\B8BxsscfVBr[1].ico

MD5 e508eca3eafcc1fc2d7f19bafb29e06b
SHA1 a62fc3c2a027870d99aedc241e7d5babba9a891f
SHA256 e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a
SHA512 49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\49R0SUN6\favicon[1].ico

MD5 8940b31cce874aad9652fd43eb4ea90b
SHA1 75b817d23070af4638e4be9af12d74831adf20ce
SHA256 bad01d976d28b30d4c5864b8e60c91e04fca94ff1fd4433ab0bba72cb8514fe6
SHA512 eccb9a6b3e8d0415f6bfdb776146453b41843c71d3a5fc23c432bcbfc5c62b67625c473197149b05ad21ad7c8683fc8bb04c40d2969355b31db4bd5342c7cf9e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U32RZJBD\chunk~9229560c0[1].css

MD5 19a9c503e4f9eabd0eafd6773ab082c0
SHA1 d9b0ca3905ab9a0f9ea976d32a00abb7935d9913
SHA256 7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a
SHA512 0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HD5TT8J7\www.epicgames[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VKRMVXRL.cookie

MD5 9b734839e04d2ceab865425cbca9ca6b
SHA1 0a053f073d4d9fd4983123d4b1b6c21ae8af6a4a
SHA256 cf3222ee2bacb70070aa8b031709403290c2d10104d153d93dd38b2536333dc2
SHA512 5efb9d5c7f63629f30f35955ce8b1c57701dda34e50e099961bf4dc4bf287381855ee475bb0a4da42490a5ac61d5f73777706a847d4b6c4a875778a73a20079f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\MQH3GHPZ.cookie

MD5 f4d98632cb0245c66c0253caf494233e
SHA1 1710e417fa881b5e898aef6c98e8179e9829bcc1
SHA256 3dc17b45b1da525a191b68e5ddd64489960283efb24cd1041a2cd7ea704e8038
SHA512 4a63268a1acc5c12de010764c0d8545394e1939b08410fae6539ddb1402aaa61a0e5d3121d315f749a23aba6dd213be1f2fc9ed8330a9df5b669ef5a64d4ecc6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8G3AN32G.cookie

MD5 6930e3bfd05de577038d72a9f88dc893
SHA1 edbc08c8c56693001c6bc9f652bfaeedf4d4525f
SHA256 7241c2253b5a02d5f5d5795b7b5ed7822e79e501ea1d886f841676e6e9083359
SHA512 f3d0ca91d6d9f5f3fb76cd3e4bb6ef2ee149edef91f5ec1cb13f2e6f2fff9372b7e2a1d2de7f07deef1be1a29917cb2d0b6c16f44108d157cf9fd83ba0ca8914

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\E2YXNV2R.cookie

MD5 774864b5780ae737f417ac708b0462c0
SHA1 ecac44819ec83600253c6ebc69a73aeca311c660
SHA256 7933eb8114cf32254277233c6bfa63bc0d70bd9417db8faece1f3ad10bead645
SHA512 a9611dc57a189751ca8caeb771d4083335183359aa15c53a26c41260fe34c9530865b938c5deb9452be602f32b95f271c90866c0785f87fb71b1ef6763dfd3ef

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

MD5 f4264ddabc96212f54533c49ae7b46dc
SHA1 5c92bfaf0a8e700428cb338eb69fb8ee4e3fda55
SHA256 4a5d88b0867433d40cab69134a301b77c0762a4cd43e12e03710c653c3355ed3
SHA512 47cdaa11b38be0c9a574461dbcda8d6136074e40e3981f0253b03df0594c3c1d834a61e971a21e4ea75638b027a7a84c011dfe62f24c51f2e6bb6f89eed9386c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

MD5 46c247391b7e4f48e0266314197c58ec
SHA1 efeedc1080c043e67af734ccb1a391eeaf8108a9
SHA256 4600d03290a5d05fa72fdfc9370c016f016e2eaa953fd24790676b1fdb8cffca
SHA512 eb6d239b0056858c5a3fef5edc4f48a1d1abd2ebcce0cd74fbae1bfba81b925446aadf60b09045f4ccd123621e1a724c9fe2ce8194d1f4b1eeb8e9149eb4be1f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\V96ZMEN6.cookie

MD5 0fb7bef8ff80666e1da2d59760ee6ba6
SHA1 bdd65d6925e94701d0f5258cd487a490723e333c
SHA256 1fc620e8c53664eb0383d52014ccedb67219d61ae7826fb484ec8932743f7249
SHA512 c4690e272d3cbddf10e03460344a3f895e0a17fc3205186be5e1840d861ac7c8ab0047132b668a4440445638420162dabcc0a94569fbd14dbf5686650fef34be

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\W5MWRNLP\epic-favicon-96x96[1].png

MD5 c94a0e93b5daa0eec052b89000774086
SHA1 cb4acc8cfedd95353aa8defde0a82b100ab27f72
SHA256 3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775
SHA512 f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\EMOY8DS8\recaptcha__en[1].js

MD5 fbeedf13eeb71cbe02bc458db14b7539
SHA1 38ce3a321b003e0c89f8b2e00972caa26485a6e0
SHA256 09ed391c987b3b27df5080114e00377ff1a748793cb417a809b33f22d737fe55
SHA512 124b9f53a53ef596a54c6c04ab3be2b25d33d1ce915978ec03da8f9f294db91d41ee9091b722e462722f51f9d9455ce480e1a0cb57c2f3248c7a3a9e3b9dac58

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HD5TT8J7\www.recaptcha[1].xml

MD5 8ba0b0456615f893c5db3f138955cd8f
SHA1 e6d9424b09baa4e4bf3c475cb1bec8235f73baf9
SHA256 5a491d437a613c096cc888d5cbfab4b82f173e2b242fed7e789baf4c2c51905a
SHA512 20be8b00e4c81d52cd1df7355d3f788d5f5ddcdfdfe50ba13d9c977a1e4ac6e39c6ba18f7b55d3f34a62ca7cf21f2cb7ad01350283a7fdaa351dd356a3b7d5a2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\D3N0K4LX.cookie

MD5 ea7d98706d8a343186cc6c7fc4052855
SHA1 2af3cdbf30ccff268d21571b51046108f25fedb3
SHA256 fa9f704325a4cb1b6b95b72c9cad0c111cc7817e461fddaa823f5e8e505a242f
SHA512 08fea0fabb9721c7a8ace8de507694092fe680faf8e883a4c1e5bfdc6f04bc3d4c69b36bbfee7b48b3465cdd9a8cebd62ad9ed739de462edecbf4ac8237b0a3c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\P9ZPJYCO.cookie

MD5 5b46de4ece693db093101c10ec080816
SHA1 23e2b56e10797fcf8cf362d3a5a820518113d76e
SHA256 4d7bb1ae24980c41f9013e202ace1b87bab1558dcaf207f5f740590ca527f6c6
SHA512 442ba53d98fe5dcdcb298c4b562475e4cba8b6929e0073b02056c7c462099e4d3db64a5b600aa6876f8f886b9ed355a6027d4a1b88fced3971174cf9a81aa28b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\QOVQFMMO.cookie

MD5 e328c8655a8bb6519a836750328df58e
SHA1 fb82e0a8fa4122837903d231df397e1598cd6919
SHA256 4ecba0d66a51ce1b9fbe1b11efaf9150e35f8c2a374c24c60ca635e52b5d360e
SHA512 cd2597fd4b9a6bb5bf23d42717554474553110debd7deb1c173551fe2a17f724cee7a173ef016c5edef291809e1399dff748fee8338980851ce5614aee5c2f25

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8RYYA7EB.cookie

MD5 463182a3da482f6bdbfcbe2c75dc840f
SHA1 8331427268b83da7e825bd1e807ec9fdf42a53d3
SHA256 c21b911e46049befd9db1c8600706bf9078324720680f913150305008ac2421f
SHA512 0caa3e021996284cf98dcf9c2f8419c0ef08e4c849d496972b4f7864544dabf03bc8a717bacab372c86fa00a483e4aa59d726d78cc7c69757b21f873c9d55a96

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Q3GFD81U.cookie

MD5 561fd9cf6f0f700f3d17fa58d7996d6d
SHA1 17087e5222dc4402db8df9cfdb4c11ae24c3e353
SHA256 5c3473fefe9152b03811c75d07d1fb30224bfb366b50412d02b720af67b79e03
SHA512 4982c89d780b837a7d7186ce2e3a76e395e54e3186c0724ca194dd48700192783a70a6c6c982940ca63344d19d9e50b65c5c11ca8e60cb4351d0f9c0e5723f1e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DXDFAGHU\hcaptcha[1].js

MD5 c2a59891981a9fd9c791bbff1344df52
SHA1 1bd69409a50107057b5340656d1ecd6f5726841f
SHA256 6beec8b04234097105f5d7a88af9c27552b27021446c9dbe029d908d1ff8599f
SHA512 f9d556e0f7e95e603881c5196cc2aa736eb24ed62086d09d36a9e1d6b4fec9f4c1dfb125a66bec301f57230a4242108c7c255e6aa3c6f08a3a0d75e0cf288afe

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5MA4WZO9.cookie

MD5 37bcf47206b10b4b7ba853c81f64a372
SHA1 a825afc2b905e9b549de53fb834e43155a8d89c6
SHA256 8342eab10e3a029b819d86a569e3306427215457bda450d22c757250b299f895
SHA512 bb51b25b0f1e736c178700fdc7d9a8ae39554bc2e22d6c1caa5f8411e7081e112e80b2e71a2527306dfb205042100ce34095d2040d8ab307ee5577664efa7ed1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SE8CJDIO.cookie

MD5 3e8ac6964e038e20fdfe26835c55aac6
SHA1 3180d2412d18982b9ce43e067282a9039badf161
SHA256 44a69037eace66bdc7c4351422a8cd3d7353850a9f28b9cabfb3a222b87ea39c
SHA512 0cda731ebbe2a6ca4b9903420047b6c86fe4bf7a0b4237e2e4109b469a527c6b25513fe59681d6139747b6600694ecac2cf295549f72199f47cb3c06ac3a3fb0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\EMEEALKS.cookie

MD5 8db87d64de504848a5e7f3f510e37706
SHA1 fa16a6fff1b8039b9f15fea6aede5c84e874da55
SHA256 7378febf227bbbea0aa4a008e49402fab56e6250ef733cf99f32698c3b2cb4c8
SHA512 171d838c9aadc2bc9a598e6cf1d9c1bad5fab052a134c4a9f6a08b3d0720ccd156639cb443be0a9f99fd8f99c568b5741d4bea037597af9b0b0ab6c2db066a99

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U32RZJBD\m=_b,_tp[1].js

MD5 0b3be5461821c195b402fd37b85b85ba
SHA1 f39b54e7f89fdf4fd9df3cd3b34226aadd9e2926
SHA256 f2ba85cd8a91593d7087cd5c495bebbe5c50cd08d39d55887afcac75fb7e7237
SHA512 da4c2726131df98d610b179505cd9b477ccaa00f8809bd32fbe5b13650aa85830f12cb7f9a2ca6b2486f67a5d9a1bd76505f4dec2cec41b7c37b14555f6d67d6

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TCMH1DO0\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LYTU5EXE.cookie

MD5 0e884ef844f30182199607b7ef31394f
SHA1 07b39b3060002b82278db9f6e57efb5eff117116
SHA256 4049add142048f4b822df6b2c40be6f78c4820d887482afbf47a2dd74460b4ab
SHA512 b60592b571899b11f509601aecfa3e9e9c9c3659777dff19857894365ae45489e71803008208bd09bce916a1e3d3db1c7db75e9a8e33ae544486f84705043346

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

MD5 f995fbc24a8b5c5bcdcac7ccd135721e
SHA1 03e4d5797a4774ee5105252e64e38f960e6bdda3
SHA256 9f2d9f774682c5346032ca6a08f245c788891c0df92752b35ef56f50b8ad283e
SHA512 2cae6b25e58d301786ac468c8599470b9aa3657c09072416e9da1cbd36e23b4f99ea75057c0f5d4acde0f596341c9c3436ae1f02d07237f4bc388a314894c8d0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

MD5 6bbdd813cea7daa398c265cacf46479a
SHA1 f6031d312330216a2885dbebf136d427528a7e99
SHA256 1b8dff42857164a584215127c79becf49498fea0a6f0350c5afd64fd6e3c54d4
SHA512 99cffe8cc11cd0ec62418d15ceee7f643f1038ffadc9310491605f7e1915e8758fc6ef5df6b1073c0bb3329bb7becdc2878ba75c538d0b6bcc727b1b5d4a8e97

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\DXDFAGHU\web-animations-next-lite.min[1].js

MD5 cb9360b813c598bdde51e35d8e5081ea
SHA1 d2949a20b3e1bc3e113bd31ccac99a81d5fa353d
SHA256 e0cbfda7bfd7be1dcb66bbb507a74111fc4b2becbc742cd879751c3b4cbfa2f0
SHA512 a51e7374994b6c4adc116bc9dea60e174032f7759c0a4ff8eef0ce1a053054660d205c9bb05224ae67a64e2b232719ef82339a9cad44138b612006975578783c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SPKFC8XR\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

memory/5788-3154-0x0000000072E30000-0x000000007351E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF9D163C1608D74048.TMP

MD5 863293a0245e6be9088377937b360f1f
SHA1 74f4245942178053a47f3a52e83b063a4ff9db2f
SHA256 8a9b9ec7ce3fcd8acccf3f217436ceb965654bb53ed2a982b6f16dd3c99ff837
SHA512 e321cc56fc8d3deea13bfc11a5633167ccd3012eca2a03eb0fda0f31725777b7b93b881ad38bce59ee07c082d930f930628d1b1bcf1f92068c7cf228d8184a38