Analysis Overview
SHA256
95138aff147ef1ed718a7f1d3b2c00718744376b7d3c4d4ea575bea9da8b355c
Threat Level: Known bad
The file 95138aff147ef1ed718a7f1d3b2c00718744376b7d3c4d4ea575bea9da8b355c was found to be: Known bad.
Malicious Activity Summary
RedLine payload
Detect Mystic stealer payload
Mystic
Detected google phishing page
RedLine
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Suspicious use of SetThreadContext
AutoIT Executable
Drops file in Windows directory
Program crash
Unsigned PE
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Modifies registry class
Modifies Internet Explorer settings
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 10:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 10:50
Reported
2023-11-11 10:53
Platform
win10-20231020-en
Max time kernel
149s
Max time network
158s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected google phishing page
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tf6ZR43.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11Hr1918.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12RF318.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\95138aff147ef1ed718a7f1d3b2c00718744376b7d3c4d4ea575bea9da8b355c.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tf6ZR43.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4420 set thread context of 5988 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11Hr1918.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 5656 set thread context of 756 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12RF318.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Drops file in Windows directory
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\epicgames.com\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000e7e0a7600f58a118814ed099f8566173df790486335d080c2ccf642c382587af0f1f2947943d18740fbefbccb6f1e5d9e0c87e654c0c800b26eb | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "34" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\epicgames.com\NumberOfSubd = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\store.steampowered.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steamcommunity.com\NumberOfSu = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6c483ee58c14da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = aca8faed8c14da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hcaptcha.com | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hcaptcha.com\NumberOfSubdomai = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\newassets.hcaptcha.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\epicgames.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "405861941" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\store.steampowered.com\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1534848907-968546671-3000393597-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\95138aff147ef1ed718a7f1d3b2c00718744376b7d3c4d4ea575bea9da8b355c.exe
"C:\Users\Admin\AppData\Local\Temp\95138aff147ef1ed718a7f1d3b2c00718744376b7d3c4d4ea575bea9da8b355c.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tf6ZR43.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tf6ZR43.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11Hr1918.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11Hr1918.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 568
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12RF318.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12RF318.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5480 -s 3440
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 44.212.121.244:443 | www.epicgames.com | tcp |
| US | 44.212.121.244:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 244.121.212.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.15.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | 80.41.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocsp.r2m02.amazontrust.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 18.238.246.206:80 | ocsp.r2m02.amazontrust.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | community.cloudflare.steamstatic.com | udp |
| US | 172.64.145.151:443 | community.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | community.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 157.240.5.35:443 | fbsbx.com | tcp |
| US | 157.240.5.35:443 | fbsbx.com | tcp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.246.238.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 54.205.234.65:443 | tracking.epicgames.com | tcp |
| US | 54.205.234.65:443 | tracking.epicgames.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 103.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.234.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | watson.telemetry.microsoft.com | udp |
| US | 52.182.143.212:443 | watson.telemetry.microsoft.com | tcp |
| US | 52.182.143.212:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:53 | 212.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 182.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | watson.telemetry.microsoft.com | udp |
| US | 20.42.65.92:443 | watson.telemetry.microsoft.com | tcp |
| US | 20.42.65.92:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| US | 20.42.65.92:443 | watson.telemetry.microsoft.com | tcp |
| US | 20.42.65.92:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 104.19.218.90:443 | newassets.hcaptcha.com | tcp |
| US | 104.19.218.90:443 | newassets.hcaptcha.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 90.218.19.104.in-addr.arpa | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 104.19.219.90:443 | api.hcaptcha.com | tcp |
| US | 104.19.219.90:443 | api.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | watson.telemetry.microsoft.com | udp |
| US | 20.189.173.22:443 | watson.telemetry.microsoft.com | tcp |
| US | 20.189.173.22:443 | watson.telemetry.microsoft.com | tcp |
| US | 20.189.173.22:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:53 | 22.173.189.20.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | watson.telemetry.microsoft.com | udp |
| US | 20.189.173.22:443 | watson.telemetry.microsoft.com | tcp |
| US | 20.189.173.22:443 | watson.telemetry.microsoft.com | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 183.2.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.1.85.104.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| RU | 5.42.92.51:19057 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tf6ZR43.exe
| MD5 | 6973e122969c4cb87fdfc9571a1718a4 |
| SHA1 | 52b75c7a520c79cfab59637bc24809c4542d0077 |
| SHA256 | a7988eba4c20e21a51699cf04b63263529a81e7df31de0a89433f56dbfadd6b6 |
| SHA512 | d5ea49871d6613dbf315c3941531c6bac4b0e9efb6eec4cc4e4dbe18b109ecc623c339a67b2b252a9a28a14a788fef11b26555a18ce3e3329181d95a3085f3e8 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tf6ZR43.exe
| MD5 | 6973e122969c4cb87fdfc9571a1718a4 |
| SHA1 | 52b75c7a520c79cfab59637bc24809c4542d0077 |
| SHA256 | a7988eba4c20e21a51699cf04b63263529a81e7df31de0a89433f56dbfadd6b6 |
| SHA512 | d5ea49871d6613dbf315c3941531c6bac4b0e9efb6eec4cc4e4dbe18b109ecc623c339a67b2b252a9a28a14a788fef11b26555a18ce3e3329181d95a3085f3e8 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe
| MD5 | ef90dbfcc3dac95d400dfb1d50cf81c7 |
| SHA1 | 71ad2a2b5400f1b15bd075365fe4d1d272410520 |
| SHA256 | 7ee4490a56870aa7a4f5694065b95703a2231ecedb4f035809dcb8403ec0e252 |
| SHA512 | 9ea3124e7da72189a8cc2db227ea8afe5f3384dbf9e2ef04b5d38a03da09391f2800d4a6e0e6eab15d04676dd03bca56902f47e58309bb578880c3d7918da1e6 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10Zr48Ix.exe
| MD5 | ef90dbfcc3dac95d400dfb1d50cf81c7 |
| SHA1 | 71ad2a2b5400f1b15bd075365fe4d1d272410520 |
| SHA256 | 7ee4490a56870aa7a4f5694065b95703a2231ecedb4f035809dcb8403ec0e252 |
| SHA512 | 9ea3124e7da72189a8cc2db227ea8afe5f3384dbf9e2ef04b5d38a03da09391f2800d4a6e0e6eab15d04676dd03bca56902f47e58309bb578880c3d7918da1e6 |
memory/2336-14-0x0000029FAA100000-0x0000029FAA110000-memory.dmp
memory/2336-30-0x0000029FAAF00000-0x0000029FAAF10000-memory.dmp
memory/2336-49-0x0000029FAABF0000-0x0000029FAABF2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11Hr1918.exe
| MD5 | b7ac66059b30012a4c1204455312b27b |
| SHA1 | 052492d890d915e66f2d8904d228d0b92a4e593f |
| SHA256 | a6f5164822d18121e776c34dd5d42082fc77ec2c044da02c5c4e99adbef461b8 |
| SHA512 | 792ae1a3c300e4dd3992c9b7ae8810bfac46d03885a643f63522209a60aacde56c5065c8df2f8539a7ee4e4ce2fe4a189ca9e31ca3fc6ae4708ebb17d9fc5f47 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11Hr1918.exe
| MD5 | b7ac66059b30012a4c1204455312b27b |
| SHA1 | 052492d890d915e66f2d8904d228d0b92a4e593f |
| SHA256 | a6f5164822d18121e776c34dd5d42082fc77ec2c044da02c5c4e99adbef461b8 |
| SHA512 | 792ae1a3c300e4dd3992c9b7ae8810bfac46d03885a643f63522209a60aacde56c5065c8df2f8539a7ee4e4ce2fe4a189ca9e31ca3fc6ae4708ebb17d9fc5f47 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 29b486efa1bc1f4a24a18f49e3f08836 |
| SHA1 | 317bb316164004e94c0075b53dd33732a9550451 |
| SHA256 | 754bbffc6a2da256963d5e432935dc8315e008ebdadf77a38c6f9b3cc378f319 |
| SHA512 | c5efcdbbb46d14a706bed4aaa7cde424ff50ddb0a4143a1656fc4b807a43668db7ce4605524632960285bf706c58cfb65f2d8fe917a7225075dcc1b634c33ae5 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 2e71c9773b476e1eb5854ace3bf613db |
| SHA1 | c935a5a20079f2dd6dd92e804535999cabf710dd |
| SHA256 | c5daaf35f3bfd6208907e4d4630ec6b11ab31b668070163021f348017b511c4d |
| SHA512 | 9377590c7014715789f7094e31c8b7215080b0726b8b325cf6def15d76b7182c5338864e4e3d5a87dac3b32da4d2425194eaf5ab541126c564c4d8084e2496b8 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 963c5cc2c46c3889d01caa0b47cd1b25 |
| SHA1 | 0a2c388c67f14aa34fcea75a427a8c9f70247e3f |
| SHA256 | cadb34f0672cecb37e5c15371351107b94af56d6358fd884eb6478fa833d2499 |
| SHA512 | 271dedc47c67f74f1bd126e13f5ebd327ad6da1aaad311b263a0eee23679e86c01b7dde63f754804d4d4f48daf3ce7621fbc4e0889d7811beea3c08f690f8128 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC
| MD5 | 512efc86ad030a9f7699232254b7dc91 |
| SHA1 | b020f69657c8f9f6f31bac79eb9731fc65a7edea |
| SHA256 | 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28 |
| SHA512 | 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC
| MD5 | a87a896a8f09e2c4da2017897b5aca7a |
| SHA1 | 22251d88cc6c8205443ab0fc92d78fa8f59bf643 |
| SHA256 | 444f2b3bcfc718be45ebc5bd42b0c34722dfe0a12d725b1652ea7755d85728f5 |
| SHA512 | d4f8ffac6d37acf643f4057c91076d685cb22e6cbada026c91589c128af40e19227462032ea826fb2d362e8c28bd1c00404548d981d810f3696306da79043f73 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC
| MD5 | a87a896a8f09e2c4da2017897b5aca7a |
| SHA1 | 22251d88cc6c8205443ab0fc92d78fa8f59bf643 |
| SHA256 | 444f2b3bcfc718be45ebc5bd42b0c34722dfe0a12d725b1652ea7755d85728f5 |
| SHA512 | d4f8ffac6d37acf643f4057c91076d685cb22e6cbada026c91589c128af40e19227462032ea826fb2d362e8c28bd1c00404548d981d810f3696306da79043f73 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ETHDE1T8.cookie
| MD5 | eba6a946a0dcb61314ccb9f606d4c75b |
| SHA1 | a4835b6080e608afcbd7bfd0fde7ab9ed1477a8a |
| SHA256 | 31bfcf4f52d12cee44ae29c5cf084c08e6ae304a33fb65f8f6bc4002686c8fec |
| SHA512 | b77e98e36c4e51205081e874966962e9fca236d3fecebc0c5c8f65a34ad4b3e2158ef53569252a7db76190695167cf5800ab609ffc6429be48fa6e43899d5a63 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RCQ64F4C.cookie
| MD5 | 39fe12e2c3dfbc7a3c6c61deed025ebe |
| SHA1 | 1ce835ae927a1f8fda6d53d4b05a2666d59a269f |
| SHA256 | 2a859ca6cca8890cf6266a0b713c9c33725eb43d05a0ee4197928c43bd981686 |
| SHA512 | 91337e97574aecea7dd76c21ef0299c35822feacd463728d668bbc3ab28bc3980a312e19891f580c85184bbd36bbea37bc379948c4a26b8f2fe7fa7784b4b920 |
memory/3404-115-0x0000028675840000-0x0000028675860000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
| MD5 | 1cc5e4741b035c76a0f89b289b807073 |
| SHA1 | f8ea4db61aa06bb05257dee1a39e1820959035a3 |
| SHA256 | 0a9f04e12ee8e30f6c0a16a209a12913e702a7ae41e96b3e506ebf5f8c1cf7b7 |
| SHA512 | 6efe93253f352fa9602dfa65cbd4c134fc6bd9de193834b46be2810e52874d37e5742d00a2c26edd0c0ca79f102f8358213f3f9bb9e6433b8a641b8c54dfa941 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
| MD5 | 80144ac74f3b6f6d6a75269bdc5d5a60 |
| SHA1 | 6707bb0c8a3e92d1fd4765e10781535433036196 |
| SHA256 | d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285 |
| SHA512 | c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
| MD5 | 35e1df68f41902e719af7135d80a9ae0 |
| SHA1 | d5d7e11cbc54df74df47275ec3ebe616963d4d5b |
| SHA256 | 502382748c3c5f957cb0200c43053b21b219ac5754308ebd3c8558a2457a0d3a |
| SHA512 | c05c33958004de832247fad434bae878bfb2ea6e612f47ffc239c10879ea783006273696fa91c2b130ca2f1f518192795d82a088c8cfc79246f0b8403fe64676 |
memory/5988-200-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5988-208-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5988-210-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5988-214-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | bdf769c8208a45b9af522a1cdb0bd663 |
| SHA1 | 97eaac2c1d06a55ef38ca08dc4b5806024f47335 |
| SHA256 | 96506c88f556ac645d16c169670d91ca956d864b5341afd4e13b7a34931788b8 |
| SHA512 | c2df35f020e63c20448edb1bb7c224ee7eca6d6e48dc1f1ee6e0b6608db55abcb523167ae9a5b81bff299c1cedc8aa19d386f6138442a49db5f0beaf543e6b7d |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
| MD5 | bbf0e29268ddfd99bde03e58039df96a |
| SHA1 | 3ba0542fed7734b1fcb484d73df8583d4c1cb11d |
| SHA256 | ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4 |
| SHA512 | 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12RF318.exe
| MD5 | 94d89416da51399e74a12a2791bf9b21 |
| SHA1 | b9e2a2b707796bcf2d7eb107404d7e6a1e1194de |
| SHA256 | 221b5c3dafee24b0ae4617b664812095aa011ef8a425162afe9e18c640cc0dc5 |
| SHA512 | e9d12cc4a62e62049cb3421e69ac82d995b4f2f58a508316e765931f7663e8304ab79c90942fff9a85cc702bba4a1f0f801077cb61dff622c41d3a9b715a887f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12RF318.exe
| MD5 | 94d89416da51399e74a12a2791bf9b21 |
| SHA1 | b9e2a2b707796bcf2d7eb107404d7e6a1e1194de |
| SHA256 | 221b5c3dafee24b0ae4617b664812095aa011ef8a425162afe9e18c640cc0dc5 |
| SHA512 | e9d12cc4a62e62049cb3421e69ac82d995b4f2f58a508316e765931f7663e8304ab79c90942fff9a85cc702bba4a1f0f801077cb61dff622c41d3a9b715a887f |
memory/2288-277-0x0000025935A40000-0x0000025935A60000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BACU1K87.cookie
| MD5 | 2be7114edc28d0522caefe965c876998 |
| SHA1 | fbc4fc11694d0707fd479ad24e81e40d32b948a3 |
| SHA256 | e3104cb2a1b322d19943a23356cffa3c2b6873dcffc41ea8215565fec70996fb |
| SHA512 | 23cbef2167b929dabb631d2c79d35e5a1c2f829453b1896db3848a57c75592fd74173c4efa7f01f7f1778b0eef446c682e9ce66b7127f362161656d032fd11b3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC
| MD5 | a87a896a8f09e2c4da2017897b5aca7a |
| SHA1 | 22251d88cc6c8205443ab0fc92d78fa8f59bf643 |
| SHA256 | 444f2b3bcfc718be45ebc5bd42b0c34722dfe0a12d725b1652ea7755d85728f5 |
| SHA512 | d4f8ffac6d37acf643f4057c91076d685cb22e6cbada026c91589c128af40e19227462032ea826fb2d362e8c28bd1c00404548d981d810f3696306da79043f73 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | ac89a852c2aaa3d389b2d2dd312ad367 |
| SHA1 | 8f421dd6493c61dbda6b839e2debb7b50a20c930 |
| SHA256 | 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45 |
| SHA512 | c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
| MD5 | 3331d73636aa00cf962a052185a6a35b |
| SHA1 | 2c1cdcdc0b5c5c097fccca62afdeb71a04292e25 |
| SHA256 | dee75890c8eeea05cea39caa4140a3657e7f80e7add54d85e6b38d0aec3ea955 |
| SHA512 | 3cd8ffb260e15639a7a21a3217d2f32f8012929fece37b51d86d13bd64b8897b860af9b526eef55953d3c81673467b1be13ba373d357fe2c0aca8fad9939745d |
memory/2288-334-0x0000025936300000-0x0000025936400000-memory.dmp
memory/2288-331-0x0000025936300000-0x0000025936400000-memory.dmp
memory/2288-337-0x0000025937270000-0x0000025937290000-memory.dmp
memory/2336-355-0x0000029FB0DE0000-0x0000029FB0DE1000-memory.dmp
memory/2336-356-0x0000029FB0DF0000-0x0000029FB0DF1000-memory.dmp
memory/2288-366-0x0000025936BC0000-0x0000025936CC0000-memory.dmp
memory/2288-370-0x0000025936BC0000-0x0000025936CC0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OEAUNGQE\favicon[1].ico
| MD5 | 630d203cdeba06df4c0e289c8c8094f6 |
| SHA1 | eee14e8a36b0512c12ba26c0516b4553618dea36 |
| SHA256 | bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902 |
| SHA512 | 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c |
memory/2288-385-0x0000025936800000-0x0000025936820000-memory.dmp
memory/1956-393-0x0000016667D80000-0x0000016667D82000-memory.dmp
memory/2288-400-0x00000259386A0000-0x00000259387A0000-memory.dmp
memory/1956-399-0x0000016667DB0000-0x0000016667DB2000-memory.dmp
memory/2288-398-0x00000259386A0000-0x00000259387A0000-memory.dmp
memory/2288-404-0x00000259386A0000-0x00000259387A0000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9AGF4I0T.cookie
| MD5 | a0e381726bdf7f329ce60de85b0d2bd3 |
| SHA1 | 9d0ad8a54db99313956e24b0ef8aaeace4217e0e |
| SHA256 | 596b5d0add3a690a3cce0f5639b3914f5350a607482177b86f053b201550f77a |
| SHA512 | e6f2e7f51d07ff997f204a8d7b2b9515ed58daf8dd741bf2225d3334774cbd4f00d6116c23d9652e630cbb885e33f256454c54004100b447f04a6499c89bc16a |
memory/2288-458-0x0000025937830000-0x0000025937850000-memory.dmp
memory/2288-464-0x0000025937870000-0x0000025937970000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JRHI820P\www.epicgames[1].xml
| MD5 | 4ae004112513fc16ac39a1a3aa5744e8 |
| SHA1 | e31a315df620a7836184f7f732bd513727967809 |
| SHA256 | ffe3621db4f7d7f49016603201792c727bf0a9ebf9d66032db5dd9d4256c79ab |
| SHA512 | 07ab94c61da4c85e2fae69b938d61054b3c07c1e840f7cd3bb38d1d788dde9e2a1944d89a8596e329f9f98864a455a301f4cde8d69f80c062ef88b006fa6c42a |
memory/5048-587-0x00000296FA800000-0x00000296FA820000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XTZFSEWA\buttons[1].css
| MD5 | b91ff88510ff1d496714c07ea3f1ea20 |
| SHA1 | 9c4b0ad541328d67a8cde137df3875d824891e41 |
| SHA256 | 0be99fd30134de50d457729cebd0e08342777af747caf503108178cb4c375085 |
| SHA512 | e82438186bfc3e9ca690af8e099aafbfbc71c9310f9d1c8cb87ffa9e7f0f11f33982c63a2dac95c9b83fef1aaa59178b73212fc76e895d13a1ffbbe3c1adfa4c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSRN0P01\shared_global[1].css
| MD5 | cfe7fa6a2ad194f507186543399b1e39 |
| SHA1 | 48668b5c4656127dbd62b8b16aa763029128a90c |
| SHA256 | 723131aba2cf0edd34a29d63af1d7b4ff515b9a3a3e164b2493026132dd37909 |
| SHA512 | 5c85bb6404d5be1871b0b2e2d2c9053716354acd69c7acca73d8ce8bf8f21645ae11f788f78ef624444016cb722ecbd6213e771bda36717725f2b60f53688c6b |
memory/756-603-0x0000000000400000-0x000000000043C000-memory.dmp
memory/3340-616-0x00000208BDE40000-0x00000208BDE60000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XTZFSEWA\shared_responsive[1].css
| MD5 | 2ab2918d06c27cd874de4857d3558626 |
| SHA1 | 363be3b96ec2d4430f6d578168c68286cb54b465 |
| SHA256 | 4afb3e37bfdd549cc16ef5321faf3f0a3bf6e84c79fc4408bc6f157280636453 |
| SHA512 | 3af59e0b16ef9d39c2f1c5ccdbd5c9ea35bd78571fde1b5bf01e51a675d5554e03225a2d7c04ed67e22569e9f43b16788105a0bf591ebba28ef917c961cc59e2 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
| MD5 | 80144ac74f3b6f6d6a75269bdc5d5a60 |
| SHA1 | 6707bb0c8a3e92d1fd4765e10781535433036196 |
| SHA256 | d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285 |
| SHA512 | c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619
| MD5 | 35e1df68f41902e719af7135d80a9ae0 |
| SHA1 | d5d7e11cbc54df74df47275ec3ebe616963d4d5b |
| SHA256 | 502382748c3c5f957cb0200c43053b21b219ac5754308ebd3c8558a2457a0d3a |
| SHA512 | c05c33958004de832247fad434bae878bfb2ea6e612f47ffc239c10879ea783006273696fa91c2b130ca2f1f518192795d82a088c8cfc79246f0b8403fe64676 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XTZFSEWA\tooltip[2].js
| MD5 | 72938851e7c2ef7b63299eba0c6752cb |
| SHA1 | b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e |
| SHA256 | e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661 |
| SHA512 | 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1 |
memory/756-666-0x0000000072E40000-0x000000007352E000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSRN0P01\shared_global[1].js
| MD5 | f94199f679db999550a5771140bfad4b |
| SHA1 | 10e3647f07ef0b90e64e1863dd8e45976ba160c0 |
| SHA256 | 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548 |
| SHA512 | 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XTZFSEWA\shared_responsive_adapter[1].js
| MD5 | a52bc800ab6e9df5a05a5153eea29ffb |
| SHA1 | 8661643fcbc7498dd7317d100ec62d1c1c6886ff |
| SHA256 | 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e |
| SHA512 | 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e |
memory/756-687-0x000000000B830000-0x000000000BD2E000-memory.dmp
memory/756-694-0x000000000B330000-0x000000000B3C2000-memory.dmp
memory/1220-710-0x0000021ABE5E0000-0x0000021ABE5E2000-memory.dmp
memory/1220-712-0x0000021ABE700000-0x0000021ABE702000-memory.dmp
memory/1220-714-0x0000021ABE7C0000-0x0000021ABE7C2000-memory.dmp
memory/756-731-0x00000000067B0000-0x00000000067BA000-memory.dmp
memory/756-782-0x000000000C340000-0x000000000C946000-memory.dmp
memory/756-788-0x000000000B650000-0x000000000B75A000-memory.dmp
memory/756-796-0x00000000069B0000-0x00000000069C2000-memory.dmp
memory/756-799-0x0000000008F60000-0x0000000008F9E000-memory.dmp
memory/756-818-0x000000000B490000-0x000000000B4DB000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OEAUNGQE\epic-favicon-96x96[1].png
| MD5 | c94a0e93b5daa0eec052b89000774086 |
| SHA1 | cb4acc8cfedd95353aa8defde0a82b100ab27f72 |
| SHA256 | 3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775 |
| SHA512 | f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JRHI820P\www.epicgames[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KVH9LTJV.cookie
| MD5 | 0124e7566499337de9fb5fc6a958ca5e |
| SHA1 | 04346efd709f22a503481d08e6c2c6c267b151aa |
| SHA256 | 7890a6876e3e1e0d6060f358744527d78fec6e6ff1c8c308472a0693844c3bdf |
| SHA512 | 229de0bd5ba465d6e3df6c0fdd1df75f3727ab2feccdde2cbad49d6ff90fe014ef0a532721e2935597cf769829883f7f7418e872793387edbec7de11193fe1fa |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CAIYCXKY.cookie
| MD5 | 32f39833df6ca5f192aa7b5e1a92f2d6 |
| SHA1 | 918c1fed53e990fba7a982142681d414ebe07bb9 |
| SHA256 | e70cfa16eb7c3e3dfba56bfaf24e34f6326bc127e6c7b6f7070fb6aa59b785b0 |
| SHA512 | cb653cc6019442ef46092982503f9e30c788ded0912b5cffbfb3d9328436fe0916072d068ce83ebe74e0d8caed30c7d4d614c667d962c6655b84eaadc2d7dae4 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSRN0P01\chunk~f036ce556[1].css
| MD5 | 19a9c503e4f9eabd0eafd6773ab082c0 |
| SHA1 | d9b0ca3905ab9a0f9ea976d32a00abb7935d9913 |
| SHA256 | 7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a |
| SHA512 | 0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RLS75XM1\B8BxsscfVBr[1].ico
| MD5 | e508eca3eafcc1fc2d7f19bafb29e06b |
| SHA1 | a62fc3c2a027870d99aedc241e7d5babba9a891f |
| SHA256 | e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a |
| SHA512 | 49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q7XHBS89\favicon[1].ico
| MD5 | 231913fdebabcbe65f4b0052372bde56 |
| SHA1 | 553909d080e4f210b64dc73292f3a111d5a0781f |
| SHA256 | 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad |
| SHA512 | 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\6ewm39d\imagestore.dat
| MD5 | 066d21d3bc26baae31c22375628cf3a0 |
| SHA1 | 23ccaa642b4373d643475963dcba7ea57604d167 |
| SHA256 | 65e70edf2a781e5ed1902be823ce1aa21e71e9d47f3575f30d49add23c849c5a |
| SHA512 | 15129c8f35f6b047c8cb286547e8f69067b06444ca13d5d8ed19cdd0ff1037e8b31afcd02aa67bf964c053edd0e78d9d1e966fb206176e42f265d943ab9d5cb3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\E58TH137.cookie
| MD5 | 64bca1bea1e1b8cdc9e58862ee2998b8 |
| SHA1 | da0e29452e55cc767ac0fbaf0725d5684e0bb4b3 |
| SHA256 | 04ae3d575db649cc9e686c26add603d35ffca2fa806cdf3758125c7ec7cfa99e |
| SHA512 | 7e077709d66d0245aca6ac73e86199cafbb3ae25caae52472f4169010c2fa7a629b77416808f9b7b12be9449d654cf3008c4f8a5458e26149669caf41f7756a3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\EBN4BBKC.cookie
| MD5 | 1e4d11025426a478999abce28510b75e |
| SHA1 | b9d08edf14af00700ac1e68a2c9cb64eccaa023a |
| SHA256 | 707646a2d208268a8cf9667c967cf41ace6abf05358a00af129446ce3e3f5499 |
| SHA512 | 2c8a5f2a0b3204fc2392e659152ca64739f2cc1a8329de6c2fa481c3f0e118d958dd69dd17c45a683b8d0d226220fb8dbcbd1bc321b6598e95451aa64a343be2 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GML0ORWD.cookie
| MD5 | 961bb31efb119b02763dda0bd5fa3d00 |
| SHA1 | db41823aeb9fa45a44068f83e4efd179036e109a |
| SHA256 | c7462145bf1012126dc1fb678f7b9606a19f26c6ab412290bb2814df8bfe2629 |
| SHA512 | f266af9e1185b2527d91bb1480d2140b97e53d6501e9ea26541442b36107a0f17b49ec041cf91165c90cfa2d6707a3996464e26f20a80c68311bb8d4cd2f2ab4 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\075ENTJT.cookie
| MD5 | 3e3c8c820e5ce84a6c308337ca89cc18 |
| SHA1 | f37d1074828e1790c01e8621fc795bc80b1ef0ee |
| SHA256 | 6ae8d6f67da748f8f5e2aebb4c812da36c97f4d8a124848ca2e0d13bd2d15a9b |
| SHA512 | d2527605f40251450b016384e6a795a13b4a578432653d978e3f3d27c16065f189cdd480981a0cb0d244e9a6381f6e478f9a2eff2a3972520c6f104ef4123fe3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8
| MD5 | 62af9c5cbd44f7789f17303ede9f2d34 |
| SHA1 | 2ed6660c0e90da2add7d9e962a105843842cb976 |
| SHA256 | dcc8e588249ebf52a7fff5077aab4a1b1089e861d073f343564e1cc46aa4db2c |
| SHA512 | 26e4a1496e4e82756a0b21be8adf377bbc7388120ff474bba7ead5a0df4d783c91b7db9e2bf846bf4af0bafbf1aa4786c8d57d606ac872a38047ab33e1188b42 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8
| MD5 | f4264ddabc96212f54533c49ae7b46dc |
| SHA1 | 5c92bfaf0a8e700428cb338eb69fb8ee4e3fda55 |
| SHA256 | 4a5d88b0867433d40cab69134a301b77c0762a4cd43e12e03710c653c3355ed3 |
| SHA512 | 47cdaa11b38be0c9a574461dbcda8d6136074e40e3981f0253b03df0594c3c1d834a61e971a21e4ea75638b027a7a84c011dfe62f24c51f2e6bb6f89eed9386c |
C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VLDO4PNE.cookie
| MD5 | aa604ff8fb4c8ba46e9c64d1d7fd807c |
| SHA1 | 8c3dfd69df0fd3e6c930aafe3fb115adf5de2f0b |
| SHA256 | 755f5e51f7cb120d8ed4c5259780cb57a9d578f4c03472320a1bd0af66ea7561 |
| SHA512 | 6d8522a777d03d800f46f52656a0a5281bdd2576c54ec7560a2962433fd097d035ba38b6ebdbffa6bf659245545a2973ef3cf57ea25b86c7517813dd6991943d |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1
| MD5 | 6458ca599ab977209321c4fdf9d68bed |
| SHA1 | 4758bbc03c14c80427d4f066e8a51f6c22faa4a0 |
| SHA256 | 1690972a78dbf8e4a26e1c5ec93eaafe853d5e9b8a5c0983e43b55e00c37391d |
| SHA512 | 43cc3bce564fe7c7a88b0f53fd418c54aabc171476900bbaca2bb711e89d17d2c755cd38de3610c06e7fa0c2bc736b646437aa9b0be9d5f042744e3404d1c7af |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1
| MD5 | f995fbc24a8b5c5bcdcac7ccd135721e |
| SHA1 | 03e4d5797a4774ee5105252e64e38f960e6bdda3 |
| SHA256 | 9f2d9f774682c5346032ca6a08f245c788891c0df92752b35ef56f50b8ad283e |
| SHA512 | 2cae6b25e58d301786ac468c8599470b9aa3657c09072416e9da1cbd36e23b4f99ea75057c0f5d4acde0f596341c9c3436ae1f02d07237f4bc388a314894c8d0 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IUSW1DDP\hcaptcha[1].js
| MD5 | c2a59891981a9fd9c791bbff1344df52 |
| SHA1 | 1bd69409a50107057b5340656d1ecd6f5726841f |
| SHA256 | 6beec8b04234097105f5d7a88af9c27552b27021446c9dbe029d908d1ff8599f |
| SHA512 | f9d556e0f7e95e603881c5196cc2aa736eb24ed62086d09d36a9e1d6b4fec9f4c1dfb125a66bec301f57230a4242108c7c255e6aa3c6f08a3a0d75e0cf288afe |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3UNPF029\webcomponents-ce-sd[1].js
| MD5 | 58b49536b02d705342669f683877a1c7 |
| SHA1 | 1dab2e925ab42232c343c2cd193125b5f9c142fa |
| SHA256 | dea31a0a884a91f8f34710a646d832bc0edc9fc151ffd9811f89c47a3f4a6d7c |
| SHA512 | c7a70bdefd02b89732e12605ad6322d651ffa554e959dc2c731d817f7bf3e6722b2c5d479eb84bd61b6ee174669440a5fa6ac4083a173b6cf5b30d14388483d4 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IUSW1DDP\www-tampering[1].js
| MD5 | d0a5a9e10eb7c7538c4abf5b82fda158 |
| SHA1 | 133efd3e7bb86cfb8fa08e6943c4e276e674e3a6 |
| SHA256 | a82008d261c47c8ca436773fe8d418c5e32f48fe25a30885656353461e84bbbc |
| SHA512 | a50f80003b377dbc6a22ef6b1d6ad1843ef805d94bafb1fcab8e67c3781ae671027a89c06bf279f3fd81508e18257740165a4fea3b1a7082b38ec0dc3d122c2f |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IUSW1DDP\spf[1].js
| MD5 | 892335937cf6ef5c8041270d8065d3cd |
| SHA1 | aa6b73ca5a785fa34a04cb46b245e1302a22ddd3 |
| SHA256 | 4d6a0c59700ff223c5613498f31d94491724fb29c4740aeb45bd5b23ef08cffa |
| SHA512 | b760d2a1c26d6198e84bb6d226c21a501097ee16a1b535703787aaef101021c8269ae28c0b94d5c94e0590bf50edaff4a54af853109fce10b629fa81df04d5b3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSRN0P01\www-i18n-constants[1].js
| MD5 | f3356b556175318cf67ab48f11f2421b |
| SHA1 | ace644324f1ce43e3968401ecf7f6c02ce78f8b7 |
| SHA256 | 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd |
| SHA512 | a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSRN0P01\scheduler[1].js
| MD5 | 3403b0079dbb23f9aaad3b6a53b88c95 |
| SHA1 | dc8ca7a7c709359b272f4e999765ac4eddf633b3 |
| SHA256 | f48cc70897719cf69b692870f2a85e45ecf0601fd672afcd569495faa54f6e48 |
| SHA512 | 1b7f23639fd56c602a4027f1dd53185e83e3b1fa575dc29310c0590dd196dc59864407495b8cc9df23430a0f2709403d0aa6ec6d234cce09f89c485add45b40e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XTZFSEWA\intersection-observer.min[1].js
| MD5 | 936a7c8159737df8dce532f9ea4d38b4 |
| SHA1 | 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5 |
| SHA256 | 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9 |
| SHA512 | 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSRN0P01\rs=AGKMywEfXGDvhU0fuylcqyTdvtelWk4BrA[1].css
| MD5 | 7e867744b135de2f1198c0992239e13b |
| SHA1 | 0e9cf25a9fb8e65fe4eacb4b85cb9e61e03cf16f |
| SHA256 | bc730ba2cb39047efdd61ba2e5b285f0f186f46d0541676cf366a1f65349cbc2 |
| SHA512 | ec27a603d574cafa0d0cfa3ebf2fc99671ea9e3288a00375c34d3fced024d78e1bd9ca9d3b68d317f53a31095ce6864b7f6470a9633204720700850e2454f39d |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IUSW1DDP\desktop_polymer_css_polymer_serving_disabled[1].js
| MD5 | c5f7a6b8f08c25ee673c9b73ce51249d |
| SHA1 | 9a97323a8733cae3f6f6d9ac4e158e6d01133916 |
| SHA256 | 4d67427a0c349986f83055c64b17c89847543a003c54dff18b2704625417a1e0 |
| SHA512 | 4643d44b3295fa1a2723b57212ddf938c26fa15cc3ca759be60c4182b1959c5d7a0df614b4c6ab419b78524312277630b12a528da6698d038b6931155250fa78 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3UNPF029\www-onepick[1].css
| MD5 | 5306f13dfcf04955ed3e79ff5a92581e |
| SHA1 | 4a8927d91617923f9c9f6bcc1976bf43665cb553 |
| SHA256 | 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc |
| SHA512 | e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3UNPF029\www-main-desktop-home-page-skeleton[1].css
| MD5 | 770c13f8de9cc301b737936237e62f6d |
| SHA1 | 46638c62c9a772f5a006cc8e7c916398c55abcc5 |
| SHA256 | ec532fc053f1048f74abcf4c53590b0802f5a0bbddcdc03f10598e93e38d2ab6 |
| SHA512 | 15f9d4e08c8bc22669da83441f6e137db313e4a3267b9104d0cc5509cbb45c5765a1a7080a3327f1f6627ddeb7e0cf524bd990c77687cb21a2e9d0b7887d4b6d |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OSRN0P01\css2[1].css
| MD5 | 16b81ad771834a03ae4f316c2c82a3d7 |
| SHA1 | 6d37de9e0da73733c48b14f745e3a1ccbc3f3604 |
| SHA256 | 1c8b1cfe467de6b668fb6dce6c61bed5ef23e3f7b3f40216f4264bd766751fb9 |
| SHA512 | 9c3c27ba99afb8f0b82bac257513838b1652cfe81f12cca1b34c08cc53d3f1ebd9a942788ada007f1f9f80d9b305a8b6ad8e94b79a30f1d7c594a2395cf468a2 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XTZFSEWA\network[1].js
| MD5 | d954c2a0b6bd533031dab62df4424de3 |
| SHA1 | 605df5c6bdc3b27964695b403b51bccf24654b10 |
| SHA256 | 075b233f5b75cfa6308eacc965e83f4d11c6c1061c56d225d2322d3937a5a46b |
| SHA512 | 4cbe104db33830405bb629bf0ddceee03e263baeb49afbfb188b941b3431e3f66391f7a4f5008674de718b5f8af60d4c5ee80cfe0671c345908f247b0cfaa127 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3UNPF029\web-animations-next-lite.min[1].js
| MD5 | cb9360b813c598bdde51e35d8e5081ea |
| SHA1 | d2949a20b3e1bc3e113bd31ccac99a81d5fa353d |
| SHA256 | e0cbfda7bfd7be1dcb66bbb507a74111fc4b2becbc742cd879751c3b4cbfa2f0 |
| SHA512 | a51e7374994b6c4adc116bc9dea60e174032f7759c0a4ff8eef0ce1a053054660d205c9bb05224ae67a64e2b232719ef82339a9cad44138b612006975578783c |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XTZFSEWA\www-main-desktop-watch-page-skeleton[1].css
| MD5 | 2344d9b4cd0fa75f792d298ebf98e11a |
| SHA1 | a0b2c9a2ec60673625d1e077a95b02581485b60c |
| SHA256 | 682e83c4430f0a5344acb1239a9fce0a71bae6c0a49156dccbf42f11de3d007d |
| SHA512 | 7a1ac40ad7c8049321e3278749c8d1474017740d4221347f5387aa14c5b01563bc6c7fd86f4d29fda8440deba8929ab7bb69334bb5400b0b8af436d736e08fab |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_26971925776788617818974D91697792
| MD5 | 6293fc5eaaed8df7afcac06f55276c56 |
| SHA1 | 9ba81b982f35eeee0d9aff03491063769dbd2c30 |
| SHA256 | 9454dc1a0257f4e36d2e6ed3e42b023453d474b8d6d2a0d94e4bf47ccad2ba88 |
| SHA512 | d6bb25647b97121e6cf7e4283ddfcd601dd3d517399658155e89af0b45bace1b1c58572604783fda8d1c2e6f437015494a7e88ad7041ccea530a1ada89971b15 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_26971925776788617818974D91697792
| MD5 | ce130ae6e825decd62ec12d387651491 |
| SHA1 | 0f60fe502b7b32b6dbd6c2d6ab264877e12bfc18 |
| SHA256 | 19791d9b74e9ce0d9ed198ebc8bb081c948705369a58c308722e11da3f33ead2 |
| SHA512 | b1322c6dd03d2b607afccfb5b36250334ee411ce0e8216c6e9686d7f163b486b3ef11ea0ffad173a09e2a749b2b6d97f293e72c59d9842fe2c0f1fcb5f04bcd4 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZK0XU7I9.cookie
| MD5 | 15a4368fad1db2aa035bc9c641d20415 |
| SHA1 | 2c693b3570a5b632ebf8d4678db1e6e84891d2fc |
| SHA256 | 2d9a1ef2963a9670a37b2e65855115b20a2a5d2f3e7589059a8049732875c518 |
| SHA512 | adbad8bac6b63a4810811347f0c90e7fe3fe845b08662c360247e8939ca725799ec13a379af41c552c058e99b13db1f9a9b2387a96e852e91569b934897cdca5 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ESG30BTZ.cookie
| MD5 | fce2980c772f98457a793d8558905d42 |
| SHA1 | 5646b2cbe941f0b33b21bc084182a34966503931 |
| SHA256 | 4a35ba9be75680dbe9aec6c570234c9711fa192d51127feccb20ecf2d7211311 |
| SHA512 | 8c667a0b3476510e54e64b8bb44e6e48a5ab7bac08209fa72bfcf49f0b536d1eb25a6e36a96f6c80f7f66f537f633d20e3c8669e16528de44e59b807d0c7735d |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF64E623DECEAA25E4.TMP
| MD5 | 5cd729f70cc8f1dcbae486e39be065e7 |
| SHA1 | 1eee9e51bc0f4219251fee8f6986a00bb0048e47 |
| SHA256 | 9c2edc2f281cb954673fc255aa5ab1d8adba00072f65e022c081289d649cf93b |
| SHA512 | fc21dfbeeb4354041df5e737ec53504bf9f00c866939fee67113f2b9e4e004d991891351193f6f9b350c4690854a915831a82928ac40ae2aa2919a3eba7ac841 |
memory/756-2175-0x0000000072E40000-0x000000007352E000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OEAUNGQE\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |