Malware Analysis Report

2024-12-08 00:56

Sample ID 231111-nztbcafe79
Target a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0
SHA256 a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0
Tags
glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor google paypal discovery dropper infostealer loader persistence phishing rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0

Threat Level: Known bad

The file a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0 was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline sectoprat smokeloader zgrat pixelnew2.0 taiga up3 backdoor google paypal discovery dropper infostealer loader persistence phishing rat spyware stealer trojan

Glupteba

RedLine payload

SectopRAT

SectopRAT payload

RedLine

Mystic

Detected google phishing page

SmokeLoader

ZGRat

Detect ZGRat V1

Glupteba payload

Detect Mystic stealer payload

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Adds Run key to start application

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Detected potential entity reuse from brand paypal.

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious behavior: MapViewOfSection

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Modifies registry class

Checks SCSI registry key(s)

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 11:50

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 11:50

Reported

2023-11-11 11:53

Platform

win10-20231025-en

Max time kernel

115s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

Detected google phishing page

phishing google

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1JT88ve1.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe N/A

Checks installed software on the system

discovery

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Detected potential entity reuse from brand paypal.

phishing paypal

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7lA05Vx.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7lA05Vx.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7lA05Vx.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steampowered.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 509b194c9514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000a2173b00dc5fa2f834334d573fb55a15023bf8f7b085fdb8b111c4bdb7299d10aaad7b0ac7bdd2c364b965e80d72ac0ef61670dd7188cb811b2b065e C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a47880619514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hcaptcha.com\NumberOfSubdomai = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8a480e4e9514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\NumberOfSubdomains = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8ea4d36c9514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\paypalobjects.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 4068e6b3c714da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 68eeab4b9514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\epicgames.com\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steamcommunity.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 48b2c4529514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "211" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\recaptcha.net C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.recaptcha.net\ = "60" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypalobjects.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1103464d9514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 66f713559514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\Total = "108" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 27615c4c9514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "34" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "15" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "326" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9f9cb7669514da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2852493121-870915337-2715324265-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7lA05Vx.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7lA05Vx.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7lA05Vx.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2600 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe
PID 2600 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe
PID 2600 wrote to memory of 4904 N/A C:\Users\Admin\AppData\Local\Temp\a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe
PID 4904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe
PID 4904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe
PID 4904 wrote to memory of 4568 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe
PID 4568 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe
PID 4568 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe
PID 4568 wrote to memory of 3744 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe
PID 3744 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1JT88ve1.exe
PID 3744 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1JT88ve1.exe
PID 3744 wrote to memory of 3700 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1JT88ve1.exe
PID 3744 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe
PID 3744 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe
PID 3744 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe
PID 4476 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4476 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4476 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4476 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4476 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4476 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4476 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4476 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4476 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4476 wrote to memory of 4504 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4568 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7lA05Vx.exe
PID 4568 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7lA05Vx.exe
PID 4568 wrote to memory of 4292 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7lA05Vx.exe
PID 652 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 652 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 652 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 652 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 652 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 652 wrote to memory of 4348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 652 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 652 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 652 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 652 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 652 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4904 wrote to memory of 6084 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe
PID 4904 wrote to memory of 6084 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe
PID 4904 wrote to memory of 6084 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe
PID 652 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 652 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 652 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 6084 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6084 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6084 wrote to memory of 796 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6084 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6084 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6084 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6084 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6084 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6084 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6084 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6084 wrote to memory of 6012 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 2600 wrote to memory of 6092 N/A C:\Users\Admin\AppData\Local\Temp\a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9CB1AI5.exe
PID 2600 wrote to memory of 6092 N/A C:\Users\Admin\AppData\Local\Temp\a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9CB1AI5.exe
PID 2600 wrote to memory of 6092 N/A C:\Users\Admin\AppData\Local\Temp\a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9CB1AI5.exe
PID 652 wrote to memory of 4532 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 6092 wrote to memory of 6764 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9CB1AI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6092 wrote to memory of 6764 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9CB1AI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6092 wrote to memory of 6764 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9CB1AI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6092 wrote to memory of 6764 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9CB1AI5.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Processes

C:\Users\Admin\AppData\Local\Temp\a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0.exe

"C:\Users\Admin\AppData\Local\Temp\a0fc5f62e019f652d408c67b8eb8336963836e3c86a1de511099ee2a9ff2a4f0.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1JT88ve1.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1JT88ve1.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7lA05Vx.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7lA05Vx.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 588

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9CB1AI5.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9CB1AI5.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\D0F7.exe

C:\Users\Admin\AppData\Local\Temp\D0F7.exe

C:\Users\Admin\AppData\Local\Temp\D202.exe

C:\Users\Admin\AppData\Local\Temp\D202.exe

C:\Users\Admin\AppData\Local\Temp\43D7.exe

C:\Users\Admin\AppData\Local\Temp\43D7.exe

C:\Users\Admin\AppData\Local\Temp\4772.exe

C:\Users\Admin\AppData\Local\Temp\4772.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\4772.exe

C:\Users\Admin\AppData\Local\Temp\4772.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 fbsbx.com udp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 8.8.8.8:53 171.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 abs.twimg.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 54.157.100.4:443 www.epicgames.com tcp
US 54.157.100.4:443 www.epicgames.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 98.49.222.23.in-addr.arpa udp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.100.157.54.in-addr.arpa udp
US 8.8.8.8:53 192.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 18.239.104.165:80 ocsp.r2m02.amazontrust.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 165.104.239.18.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 22.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 214.168.217.172.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 44.214.245.214:443 tracking.epicgames.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 214.245.214.44.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 api.steampowered.com udp
NL 23.222.49.98:443 api.steampowered.com tcp
NL 23.222.49.98:443 api.steampowered.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 c.paypal.com udp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 136.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 www.recaptcha.net udp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.22:443 static-assets-prod.unrealengine.com tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 8.8.8.8:53 steamcommunity.com udp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 c6.paypal.com udp
US 104.21.53.57:80 killredls.pw tcp
US 151.101.1.35:443 c6.paypal.com tcp
US 151.101.1.35:443 c6.paypal.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
NL 23.222.49.98:443 steamcommunity.com tcp
NL 23.222.49.98:443 steamcommunity.com tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
NL 172.217.168.214:443 i.ytimg.com tcp
NL 172.217.168.214:443 i.ytimg.com tcp
US 104.19.218.90:443 newassets.hcaptcha.com tcp
US 104.19.218.90:443 newassets.hcaptcha.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 104.19.219.90:443 api2.hcaptcha.com tcp
US 104.19.219.90:443 api2.hcaptcha.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 104.21.53.57:80 killredls.pw tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 194.49.94.72:80 tcp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 20.189.173.22:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 20.42.73.29:443 watson.telemetry.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 98.142.81.104.in-addr.arpa udp
US 204.79.197.200:443 www.bing.com tcp
US 204.79.197.200:443 www.bing.com tcp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
US 194.49.94.11:80 tcp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
MD 176.123.9.142:37637 tcp
US 8.8.8.8:53 142.9.123.176.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 194.49.94.11:80 tcp
NL 157.240.247.35:443 www.facebook.com tcp
NL 157.240.247.35:443 www.facebook.com tcp
RU 5.42.92.190:80 5.42.92.190 tcp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 185.174.136.219:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
US 194.49.94.11:80 tcp
RU 5.42.92.51:19057 tcp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe

MD5 7521ce18fa827b49c52428ab6968728f
SHA1 b4ef4c42abf943e03716a47177152268fe03ec93
SHA256 6650eea5fb391ce1128591cebc156375e4fd1e1605952579305594065007a283
SHA512 ae35b2f3b14bccba3bde175290fd313168b4cd39b684dc346ccd0af0bc3ecc4bbdf8ebb74cc1151601380361e782b946e4d7f373573e2f8f34f0a2d1e89d626e

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\WV8Cz78.exe

MD5 7521ce18fa827b49c52428ab6968728f
SHA1 b4ef4c42abf943e03716a47177152268fe03ec93
SHA256 6650eea5fb391ce1128591cebc156375e4fd1e1605952579305594065007a283
SHA512 ae35b2f3b14bccba3bde175290fd313168b4cd39b684dc346ccd0af0bc3ecc4bbdf8ebb74cc1151601380361e782b946e4d7f373573e2f8f34f0a2d1e89d626e

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe

MD5 3141780b01d5019350080d4b605ab7b9
SHA1 a36d7120a458d88a5f6caace196f076f319a5558
SHA256 c24a364a7152168fe740b98101b32fad8705903f2681d0a201669cd2ee873eb9
SHA512 fa7dcd819db3e5048fcddd63df6fed7c8b0ca81fc71898d58c7cde619ea2a4e4025e58a31d676dd9e11470e6fdba21e9409a800eea4c0b9e4ca6cf632c3a09e0

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ss8fz99.exe

MD5 3141780b01d5019350080d4b605ab7b9
SHA1 a36d7120a458d88a5f6caace196f076f319a5558
SHA256 c24a364a7152168fe740b98101b32fad8705903f2681d0a201669cd2ee873eb9
SHA512 fa7dcd819db3e5048fcddd63df6fed7c8b0ca81fc71898d58c7cde619ea2a4e4025e58a31d676dd9e11470e6fdba21e9409a800eea4c0b9e4ca6cf632c3a09e0

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe

MD5 f50bddfd63499b2c2aa2fbebe730f646
SHA1 4cab75d1e8ca468ac46f0613d675db74f251ab72
SHA256 27cbbab640cea6a1acdc4089115576890b2783352ebbfc77915ce903f2afcfb3
SHA512 e7d7e9b22865f1b3f0ee8e333fe26da44b27d20074c22a7ea5d22df7b3c266a7bbe4a632c60ecbe1cb9cf85b08185479344ff9e80791924c820010aec4e2bc2f

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\RM3gW08.exe

MD5 f50bddfd63499b2c2aa2fbebe730f646
SHA1 4cab75d1e8ca468ac46f0613d675db74f251ab72
SHA256 27cbbab640cea6a1acdc4089115576890b2783352ebbfc77915ce903f2afcfb3
SHA512 e7d7e9b22865f1b3f0ee8e333fe26da44b27d20074c22a7ea5d22df7b3c266a7bbe4a632c60ecbe1cb9cf85b08185479344ff9e80791924c820010aec4e2bc2f

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1JT88ve1.exe

MD5 c3fbcc7679853f7d2bbb665a546e5e29
SHA1 25dab5bcac4553dc45f75e93e1ae8626aa7b33c9
SHA256 dff3844a0854a792f07f8f30048f7e95c53f0ced72ffb9d0d47f6a1fc8ca5599
SHA512 b7e5f7de5c63fb4c11415c0665d36f922157b0953975fa6021ffc3189b64682b76b4a4fd6ef92e02aa5833f160e91e5f6ee14477f6f732050f55d04aca4e4e8b

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1JT88ve1.exe

MD5 c3fbcc7679853f7d2bbb665a546e5e29
SHA1 25dab5bcac4553dc45f75e93e1ae8626aa7b33c9
SHA256 dff3844a0854a792f07f8f30048f7e95c53f0ced72ffb9d0d47f6a1fc8ca5599
SHA512 b7e5f7de5c63fb4c11415c0665d36f922157b0953975fa6021ffc3189b64682b76b4a4fd6ef92e02aa5833f160e91e5f6ee14477f6f732050f55d04aca4e4e8b

memory/3108-28-0x0000024A81F20000-0x0000024A81F30000-memory.dmp

memory/3108-44-0x0000024A82500000-0x0000024A82510000-memory.dmp

memory/3108-63-0x0000024A869D0000-0x0000024A869D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe

MD5 5a8e00eb288de7c69fa1a65709bec9e1
SHA1 81c4f16246eef0a09bd21d7fc4590ef56ac69dc5
SHA256 310140f5047263fa933a5ac2715932e47ae6ec9e2584835e57585cef1117447b
SHA512 d738f128f29be2182eb48158bfbfc70b41899758f56cca0d76fedcc34c8ae9232bcb889bc95a157d2de7576a34234dc43fab6b3c8ea2e9834f6fcacfec2a4a68

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2ND5907.exe

MD5 5a8e00eb288de7c69fa1a65709bec9e1
SHA1 81c4f16246eef0a09bd21d7fc4590ef56ac69dc5
SHA256 310140f5047263fa933a5ac2715932e47ae6ec9e2584835e57585cef1117447b
SHA512 d738f128f29be2182eb48158bfbfc70b41899758f56cca0d76fedcc34c8ae9232bcb889bc95a157d2de7576a34234dc43fab6b3c8ea2e9834f6fcacfec2a4a68

memory/4504-92-0x0000000000400000-0x0000000000433000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 29b486efa1bc1f4a24a18f49e3f08836
SHA1 317bb316164004e94c0075b53dd33732a9550451
SHA256 754bbffc6a2da256963d5e432935dc8315e008ebdadf77a38c6f9b3cc378f319
SHA512 c5efcdbbb46d14a706bed4aaa7cde424ff50ddb0a4143a1656fc4b807a43668db7ce4605524632960285bf706c58cfb65f2d8fe917a7225075dcc1b634c33ae5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 596fe9a541b3e4cc5ad3c039c0e96ecc
SHA1 8c566492756280f47b8c8656f83e60094f986d72
SHA256 c54e35fce33d7a26d5d7191ed4aa14b7d97772f415e38e26f12b762919099f7f
SHA512 1d94dabd73debdbea4864fc5cc4f52e75dbffc2462a3a55f525aa6e2c6737f9ab72c74c29c7ccf50d34f5a17904e239edfcd464158f73f802dac1d471e7ba32f

memory/4504-99-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4504-100-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4504-103-0x0000000000400000-0x0000000000433000-memory.dmp

memory/4292-105-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7lA05Vx.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 cd011dd2fe8789e4130341f9be3557e4
SHA1 e32a92b0c4daa0d8c102a6995213923e5888f3e0
SHA256 16f9a1842959110397e840bdb4b875d4663a5dc52537738485a76b55dc30def0
SHA512 004dca5cc5a6a012eb345bb3eb7a0418202de46473a498138f48cbe28b751ee38796e64503ad90e1e5a2e75cfeb3448d19ee0ae48ca223fe7377ed5ec80a3ede

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7lA05Vx.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 512efc86ad030a9f7699232254b7dc91
SHA1 b020f69657c8f9f6f31bac79eb9731fc65a7edea
SHA256 8378bc432890d6865c27fd76c1daacedc5d6ab322eea880873f7acd9a85eee28
SHA512 47eac50cafea502714868bd9004f90b9699cc883141407ec17ad4e165e1c6caffee12739381370cb37c9e12f389c5f2046465bedf977924a5fe5e3b51b6a91af

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 77067a26552a11bf8087ecfc3383ea65
SHA1 da1168f9994623938bd145859fc4c7bfd8a826fb
SHA256 2ccb6f429d3f8f99e71b301a6f06146790ac68548979e865f4e934899300436c
SHA512 5447367378d0e46185f01d074103a54b5f2a3b61e94c8e8a7f2a35a9f728f7c29e685c58db4f18fdc84a99fe9742ac1d670596194007529f4dad459503381f6c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WNXILENP.cookie

MD5 d774688d6d4c304a8fccdc345a37ccef
SHA1 2cba97f0d5b53af91ac93b91ff54c0364bd012d6
SHA256 547fad09b48456ac8d371a4ebb9cff63293fc3891827fb1c606aefcb59b354f9
SHA512 1c6a72077ede9d93a1ab0fd2e15b1d3844e106f08d863a22e119ba08fdd805ae1d2cf644e734a6ce0df1f8a2cf4953a46bb46c2343443910d30f80eaf6483f7f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GS9OLTKU.cookie

MD5 45b94c41c02d7f1a33f36c899bb54846
SHA1 9641f05f5fa68f2d4168f29f8a406c57998898c9
SHA256 ea2c93f72e7d9fef9c5eba3d1032553dd3022b96f7d226bccff7417dc2eacc18
SHA512 9c1a63d65808df851108991ae3b4a5d6c5a251e85f6265dbf084b418ffc59839ab8c8c1e42b3f4b43e902ba12b29297075fd62c695b12c2999b7bf781d11aa22

memory/2184-295-0x000001F56FE30000-0x000001F56FE50000-memory.dmp

memory/4348-314-0x00000282B90F0000-0x00000282B90F2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 da5225e21ee26bedd2d417314b7fe470
SHA1 fccc1b84dc2cadb932b1aa597bc1eb986dd17ca6
SHA256 5fd206adb699332e85188384b6f574929732b0c20325d7ed1348db64567f1d5e
SHA512 5adcf7324f014d449b012c6ae477330a61802c3d9d556d888455ec750312d1b15eec088c7e2772928bbe28746d99035676737ffdf5e30afadd6f1474fbde9edf

memory/4348-321-0x00000282C9BF0000-0x00000282C9BF2000-memory.dmp

memory/4348-324-0x00000282C9D20000-0x00000282C9D22000-memory.dmp

memory/4348-326-0x00000282C9D80000-0x00000282C9D82000-memory.dmp

memory/4348-329-0x00000282C9DA0000-0x00000282C9DA2000-memory.dmp

memory/4348-331-0x00000282C9DC0000-0x00000282C9DC2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 971d9b1fdb74b21ca65a65e8929ea1ce
SHA1 04d38fa531cf42788da28319d905b48418681200
SHA256 988c2bb28d82dfc6631fe53851d9b5347de6647a8c340a8e3033c9a885f4015a
SHA512 360a7570b29cd71b63d0f8712c8d64580817817ff8f143889a90ee72b6e10efa01c4d2c99914d84ec0026619334e0220ea6b6472f97d1c99d09d7b48cb4ff466

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1I4631YO.cookie

MD5 6d71b2cdc71faa98ab726b15e5872c90
SHA1 332e7a896655901bbab8022776bc83c4aac3d3ce
SHA256 2b5c9ad2e75bbe0a15eb0736ef4aa305f087aec447986bb5d00dd17bce56ea22
SHA512 1f7a920e8bff6fb8434bb76d291c404a34335bb112ad82c58cbfe8483934ba8381fe3968eae2945d1d63a3f9c8842670719f531cec8f2dffd4fb5b1c340d3c29

memory/4532-396-0x0000028A46080000-0x0000028A460A0000-memory.dmp

memory/4532-412-0x0000028A469A0000-0x0000028A469C0000-memory.dmp

memory/4532-428-0x0000028A34CC0000-0x0000028A34CC2000-memory.dmp

memory/4532-438-0x0000028A34D70000-0x0000028A34D72000-memory.dmp

memory/4292-446-0x0000000000400000-0x000000000040B000-memory.dmp

memory/3120-442-0x0000000000BC0000-0x0000000000BD6000-memory.dmp

memory/2184-452-0x000001F571690000-0x000001F5716B0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KNIF3S9S.cookie

MD5 18f7f8fb793426c48f0ea44c0184de6f
SHA1 417fd6dd05aa23fcb3afd007f7b7df75ad1f7ae0
SHA256 90f7a1f885ee40a5ef750017202636783341d2f389252fdd47f9ced6e074ed43
SHA512 1ce162a2519c9be1b2ed591334c7140517d2fd1c0901fa568f64e0caf6456b92895135e186684327d4716b1478613b335a36d97d03fdb04ac92cb309ee802180

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe

MD5 bb3dc78b4e0ace361bb0442ce25a88a8
SHA1 2bbca8fdb4252526a03a826fca5a4dc5029d8a95
SHA256 f90df8d14215959e093dae4cb48a60493db2c64749e7bec620f5a7d513181eee
SHA512 5ba5a01d59875e41a5e01785d0588a5608b0614470ca3d37b6d678b247637783ee942ac45082c26b5a83244b719ab2ff09dec69b1844529eb08230115bb5271a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 7a14ecb62a57a40927aa7a8ed8cfef84
SHA1 124afedf5e70b8244b9f9a4fef1b50a8b5141765
SHA256 05b040ccb2f4e85c555d8274f27715f591442b2b661f1d0c2ef8a4f401fdaf7c
SHA512 d0ab14f6e1bfcf71eabffde9e4a34178f7dfdd140f857116d8c78439239f416941f2bee7fec852ddc3f5f5070d3d0e34f1056b1b739ae42fb619215e46900b91

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8lv914Ix.exe

MD5 bb3dc78b4e0ace361bb0442ce25a88a8
SHA1 2bbca8fdb4252526a03a826fca5a4dc5029d8a95
SHA256 f90df8d14215959e093dae4cb48a60493db2c64749e7bec620f5a7d513181eee
SHA512 5ba5a01d59875e41a5e01785d0588a5608b0614470ca3d37b6d678b247637783ee942ac45082c26b5a83244b719ab2ff09dec69b1844529eb08230115bb5271a

memory/6012-497-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9CB1AI5.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

memory/6012-518-0x00000000729F0000-0x00000000730DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9CB1AI5.exe

MD5 cfa3da6c69ff6f176c2c3d08072db258
SHA1 7e7884daa427e39591e1e18a3500232e2866f551
SHA256 09967c60e38b7de30828f102018afe51228269ed5ec114af959e309a28096acd
SHA512 04122e7892efd262d90c047c7cfcaba6128a4b0de1958505a4ee230a190b38c8e26e940333ed9daa4aaa99a4758d55b7e4357b914bd3a959b84f4870a829a0c5

memory/6012-526-0x000000000B730000-0x000000000BC2E000-memory.dmp

memory/3108-536-0x0000024A89AE0000-0x0000024A89AE1000-memory.dmp

memory/6012-537-0x000000000B2D0000-0x000000000B362000-memory.dmp

memory/3108-534-0x0000024A89AD0000-0x0000024A89AD1000-memory.dmp

memory/2184-541-0x000001F571E00000-0x000001F571F00000-memory.dmp

memory/6012-547-0x0000000008E20000-0x0000000008E2A000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NKLP5L0P\favicon[1].ico

MD5 630d203cdeba06df4c0e289c8c8094f6
SHA1 eee14e8a36b0512c12ba26c0516b4553618dea36
SHA256 bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
SHA512 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

memory/6012-568-0x000000000C240000-0x000000000C846000-memory.dmp

memory/6012-572-0x000000000B600000-0x000000000B70A000-memory.dmp

memory/6012-573-0x000000000B290000-0x000000000B2A2000-memory.dmp

memory/6012-577-0x000000000B470000-0x000000000B4AE000-memory.dmp

memory/6012-579-0x000000000B4F0000-0x000000000B53B000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NKLP5L0P\B8BxsscfVBr[1].ico

MD5 e508eca3eafcc1fc2d7f19bafb29e06b
SHA1 a62fc3c2a027870d99aedc241e7d5babba9a891f
SHA256 e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a
SHA512 49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

memory/2184-606-0x000001F572300000-0x000001F572400000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\2s458cu\imagestore.dat

MD5 22edad9f3e3b5c3b1c944b74f37958c0
SHA1 6237c801a2bb80b72b651c2445a9223f293cb3f7
SHA256 4baf5f25666af5af778c1c520f01c5abcc1bfe15654891cb93259aeed0dc03fe
SHA512 8ae80b4e99fcd20f093f54df4063e53d188625c3e54de315add87024cb90034a52ce4dde12948eddecec3bc9050599519cb4ed5f237948a77553611365c2af4d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\N7Y6BM62\favicon[1].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\0XQ517QS\www.epicgames[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BGWS2II5\shared_global[2].css

MD5 cfe7fa6a2ad194f507186543399b1e39
SHA1 48668b5c4656127dbd62b8b16aa763029128a90c
SHA256 723131aba2cf0edd34a29d63af1d7b4ff515b9a3a3e164b2493026132dd37909
SHA512 5c85bb6404d5be1871b0b2e2d2c9053716354acd69c7acca73d8ce8bf8f21645ae11f788f78ef624444016cb722ecbd6213e771bda36717725f2b60f53688c6b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LB7R8WOH\buttons[1].css

MD5 b91ff88510ff1d496714c07ea3f1ea20
SHA1 9c4b0ad541328d67a8cde137df3875d824891e41
SHA256 0be99fd30134de50d457729cebd0e08342777af747caf503108178cb4c375085
SHA512 e82438186bfc3e9ca690af8e099aafbfbc71c9310f9d1c8cb87ffa9e7f0f11f33982c63a2dac95c9b83fef1aaa59178b73212fc76e895d13a1ffbbe3c1adfa4c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BD6TUGHT\shared_responsive[1].css

MD5 2ab2918d06c27cd874de4857d3558626
SHA1 363be3b96ec2d4430f6d578168c68286cb54b465
SHA256 4afb3e37bfdd549cc16ef5321faf3f0a3bf6e84c79fc4408bc6f157280636453
SHA512 3af59e0b16ef9d39c2f1c5ccdbd5c9ea35bd78571fde1b5bf01e51a675d5554e03225a2d7c04ed67e22569e9f43b16788105a0bf591ebba28ef917c961cc59e2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VT2NSLXN\shared_global[1].js

MD5 f94199f679db999550a5771140bfad4b
SHA1 10e3647f07ef0b90e64e1863dd8e45976ba160c0
SHA256 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548
SHA512 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VT2NSLXN\tooltip[1].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VT2NSLXN\shared_responsive_adapter[1].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BD6TUGHT\m=_b,_tp[1].js

MD5 bb99196a40ef3e0f4a22d14f94763a4c
SHA1 740a293152549a0a4b4720625ea7d25ac900f159
SHA256 28e8a65ccc3cd8656831f57b38e965f68a304ebecd3642981733a4b2aad06636
SHA512 fdddc0752eff7c25afdc62f7ce699bc3718346c1d87f2cac604b5320f6671f036edc989e6c67859d97d0ed5fc17fbae65076605f77814f537c8537842ebf6915

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OKLMEJHE.cookie

MD5 bdbf2145cfa71c80ec9bdd2e2264b8ea
SHA1 f6c0270daddbbc9bdb1517bc894b2d6fc450c561
SHA256 6335e21bf74fb02c08ab92a8075b1a7fea5e5e6ea932e073806e1458591d5fb9
SHA512 fed262d8559cd0d0564ca4cc65e1d7574545bb51ea525473d7b9df3e05f5a855e35743d91ae2cfa8a8aad2b3de0901f003cfabec82cb9ddfd0b3a61bb1af6f54

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HMG5QVJ9.cookie

MD5 3582737baa326794d25bee9edc04eef0
SHA1 09995177aa8a7ae7b7424ef035eb4ef2171c740e
SHA256 6ac612722860a7e01a4b912cba6a222f4b533c56367e485e137d4b4d860f2fbd
SHA512 d1eda972103261a3ec6d6c19db7571259c9bcf6375e8a106e705c8c3a873b0472b6d0e28b5998aafdadd911194724010a1c19e2a67a1fc5f42302bc3122574f7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XRGN43WF.cookie

MD5 c9d9f5f990a69fd9a2968d8f255485ac
SHA1 96eb27dc123d5d4bf187f8d9a3e493266e1e4579
SHA256 09c9400d6297e6ba865ef788fb024221ed4f999f1ad140a3e0fcec3f481c22e9
SHA512 023fec2f69fd7d7714962c4666c53f7f3d27ec50a1d1fc9129a2d255df994e6647605ee42e2db92eb6b5e8b651b2784495ddbbab0ab8848ceab3ed91331a337e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\A0D9D46V.cookie

MD5 fafbec7bc1dc5bcab9f78864be5c5c90
SHA1 8ca5e3ef72663d0f412531ac6a964d0ea599d1b1
SHA256 bc498d652b321917501b063566cab13ab3471558e499e131e690f9b17f6b3efa
SHA512 d37eb8069b74950d20bfec4e55b8ac275596730a1090189f71c2beb5a89d137f9a7ffbe603ad72a53e6ee928f05a8af04117c96d808edcfd36cfa5fa13e0b811

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CUNR67SM.cookie

MD5 65b90edd2ff4171b0287650ee9427f9e
SHA1 0d22047e0834c56a4e1e271bbfe9ca1226963899
SHA256 a617cde809b3df99952dd32dd7c078a2f1c67542e9bfc4c088fe1e10cb7db95b
SHA512 ffe7374be8ebf96b786f1cdd7111dfcc90965ed9d08aa36051e694e6165c5864725a5a5b30a9eb87dcd25bd9e42836eed72f2aa736a60690a403cc75629e48da

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JRH08IVE.cookie

MD5 662efddd2e043a6b12c9e049e7897436
SHA1 5d6ca743303e415741570aa525053ea2b28fb503
SHA256 a92fff2a07bfd738c3032c2adf216d03126cda06cbf4ffa17d0f63e09679a0f9
SHA512 b18a76b09f0fd24eba368a4228026c8feb967d9c074df14c39b278f19629ec52e0353bf1cb42a89f21fea863e409cd715f66d427135750973d72d809e6e1e542

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9KE0E9G2.cookie

MD5 1aa0608daac4441abf8ec5564904f29e
SHA1 a2ec17fe518005812485e8b81f75ed7334db5ba3
SHA256 15a498c9aee89b2dce1ae1f79a059273df9f38232593f8fa941ce5a7cd832124
SHA512 c375de7d0a41cb78ff899832711ec8a1b2c2c69d55a642b8500cf252c94213e6499cf1f0c4b76052bf9e7f5bfdf9e91df8da8bc292346616a61cafd460a2ac5f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BGWS2II5\chunk~f036ce556[1].css

MD5 19a9c503e4f9eabd0eafd6773ab082c0
SHA1 d9b0ca3905ab9a0f9ea976d32a00abb7935d9913
SHA256 7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a
SHA512 0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\I8Z88VLD.cookie

MD5 e5764aeb2281f6aa01119fb4a10e52f6
SHA1 5337aca8ebcda5dd2a03a8d5aaf5a7e5ace91364
SHA256 cd87b5c0706180098c6c35669bd4cda30d60711d22d1ee3e50097e1a106090eb
SHA512 7321a2d0bc528f28360eb748c81124b1e3a2f36c89367d152762667dc1660df9ce751507c73eae71a34c1aac6b0932f792d037108f25619deb209a796ac4d245

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\BRHVA1DN.cookie

MD5 2aaceac9efd413d31ae56fdf07c0a149
SHA1 864120615dbc1119b7cce21f375f07c8df169af7
SHA256 eb68a3c408ce11e232069079c9c17c353f49a34c04573b428a1a189f82e2a577
SHA512 0a7e85692cf60845b6daf2f7224cf91488f940787cfc2897d3c127ffafe346416ee96a32a44a318e5cce80d7f560276e3eaa7337930aa04bcf85222061e06fc1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YT257SN1.cookie

MD5 865cbf13423bec5ed24ebe4013c30a9f
SHA1 7504aff09f102ba63427397f617fd8a8c1c249cc
SHA256 20c33c17ca6b7c1e479eb25733b78d599a9d46622db0e92693fe12b857c48bd9
SHA512 e9800efea6d066def72917d035712447023887477bc24d5aa283a0f6e869d29e12bbdf4e2027956c5e0ed500320b43d2c2b9efba83c20411fb486eba73392b63

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3OD2ZJJ2\epic-favicon-96x96[1].png

MD5 c94a0e93b5daa0eec052b89000774086
SHA1 cb4acc8cfedd95353aa8defde0a82b100ab27f72
SHA256 3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775
SHA512 f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\GO3P7O74.cookie

MD5 46c844546de7df1a40dfec2fbd479f3c
SHA1 55365819658befc855f8aa5daa005d89fa8f675a
SHA256 f042502c038172071eb074670515a8a745960a5c25e71334a492c92a42c24085
SHA512 0bbdfac9425897448e43a316cb007f8f5af2677747039f5aa643b91ac0e30f4fd6adb18e146013d3f386144479cac9375c9bb84707297562f9a3cccdef86e2f2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\9S41XY13\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

MD5 f4264ddabc96212f54533c49ae7b46dc
SHA1 5c92bfaf0a8e700428cb338eb69fb8ee4e3fda55
SHA256 4a5d88b0867433d40cab69134a301b77c0762a4cd43e12e03710c653c3355ed3
SHA512 47cdaa11b38be0c9a574461dbcda8d6136074e40e3981f0253b03df0594c3c1d834a61e971a21e4ea75638b027a7a84c011dfe62f24c51f2e6bb6f89eed9386c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57DB0353F73BFEAADC2A8A5ECA70ACE8

MD5 2086fb90bc57358a219c1262f85549d9
SHA1 aaf3340d9a090a682ac0c1d46804f60656d463ef
SHA256 6df0bc9f9a16ffb87eb600ca5e1a113af5284195f6ef626847c11e0572a85329
SHA512 5d559ed81337e1d0012662fb94b392ba293f889dd1349f3298e76f5b762baf1d18fc12321c87d2505dc9a409308e40ade10fcc2c04dbda75d41856d0632474b6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\5MT67BWB.cookie

MD5 b7f47a19736799ef7607e9cb5048b668
SHA1 31b06dd7d803340d698a6e83835c22020f8dd6f1
SHA256 12bd91259819ba989471b750de4e79cd51594923dbe92ac0e516df75a954ca9b
SHA512 73954520f76a106caf4b4f4891b81ca0c912fda4cea5886cd78e9190ddf17a29e481bf99a5f84ddcfb3cd9571bd3227e4d0483d16b8460adab3c0dfcfb894f70

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\50GMY1VK.cookie

MD5 3fc8a6e79a1c164dda131264b48422b6
SHA1 dbabd18f5f297dd64ca930cbd9a5324b56b6b237
SHA256 1ba1a139aa0b0f7721ee117ffb4979f02b3ec44469cd8e69b343a5bb3d72ff7c
SHA512 6dee7f407a26e246d3a5714d70f6693bb4f6f41b42b3345e67deb9afb8667cdb165ad7459bfb2815060bc956530ad8ee260d5f462a9211e90d708c1cbe69c5ee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\FU4JK5W8\c.paypal[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LB7R8WOH\recaptcha__en[1].js

MD5 fbeedf13eeb71cbe02bc458db14b7539
SHA1 38ce3a321b003e0c89f8b2e00972caa26485a6e0
SHA256 09ed391c987b3b27df5080114e00377ff1a748793cb417a809b33f22d737fe55
SHA512 124b9f53a53ef596a54c6c04ab3be2b25d33d1ce915978ec03da8f9f294db91d41ee9091b722e462722f51f9d9455ce480e1a0cb57c2f3248c7a3a9e3b9dac58

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TH18OIKZ\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LHJ72E9N.cookie

MD5 1fb6e1607c5fddaa41a7dd917687a499
SHA1 7cf9ed585e1721d5c85585b7e89163e48a949400
SHA256 26bca1e1f07818c4c08a9209d0b1881e613d3d1960827ed71e5fde416a05e2a4
SHA512 42b1b1ff959d64dddeb8ce1a209b1f95fc73942bfe1e78e2fe14a3b061b2f21ec09f6cd0737b523356d234e3a2e48e368158b05fafd49ec541abf39f42a71176

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3TMIDSML.cookie

MD5 1f222e9c65b389d3949bee879a2aaa6d
SHA1 f2c5bb822f73c8a99c81b5bd1ef4d421b6447362
SHA256 6f8944af90587f6ddcedbe909813b0d880854b186d2a3bf8e7957e5e735a9780
SHA512 a2821d11ed7f81563c0f74eadac1324c797c0049ae48764228f5e113faa06f8ea3990ff941081618a639abac04f208ecb433a100ccb111f8cf03b51f1ef1cd96

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3UNN2PEC.cookie

MD5 5b22d4de82994be834ef4b7ead06dc3d
SHA1 de8032ea2abb24a1b09d123bba7d37cc6a835a9f
SHA256 b4af109af805b5abd0f11197bd490cbb9323cc0b0ee97f9f6c8effa6c5ec7a06
SHA512 8adfbd77e1294c2100a6307ca6f3b8e2b06c53793a67f2c8cbb1e5e2aa63b21b246ce6d44baa034b32aa4754c93e33dce7849bc00031e90bc610cf8733508822

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

MD5 f995fbc24a8b5c5bcdcac7ccd135721e
SHA1 03e4d5797a4774ee5105252e64e38f960e6bdda3
SHA256 9f2d9f774682c5346032ca6a08f245c788891c0df92752b35ef56f50b8ad283e
SHA512 2cae6b25e58d301786ac468c8599470b9aa3657c09072416e9da1cbd36e23b4f99ea75057c0f5d4acde0f596341c9c3436ae1f02d07237f4bc388a314894c8d0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_11314361DFE3E655E02EC2E7F9346EC1

MD5 274008b9bf788d3abb6e2845de11054b
SHA1 0d425c9c6a3009daea87cd97920263f006611a83
SHA256 6edf1daaaeab2f6597c215d7338744a3f544847c9ec897ec14e88031389397e7
SHA512 b4510044f68ebdac1ae4ae2ce30a6d17fb8dfc29ddd189c966019b2577ac1aac791b2b197f14c9abd83208833cbcdedfbda146826388cb7c45c81f645bcbdd43

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BGWS2II5\webcomponents-ce-sd[1].js

MD5 58b49536b02d705342669f683877a1c7
SHA1 1dab2e925ab42232c343c2cd193125b5f9c142fa
SHA256 dea31a0a884a91f8f34710a646d832bc0edc9fc151ffd9811f89c47a3f4a6d7c
SHA512 c7a70bdefd02b89732e12605ad6322d651ffa554e959dc2c731d817f7bf3e6722b2c5d479eb84bd61b6ee174669440a5fa6ac4083a173b6cf5b30d14388483d4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BD6TUGHT\network[1].js

MD5 d954c2a0b6bd533031dab62df4424de3
SHA1 605df5c6bdc3b27964695b403b51bccf24654b10
SHA256 075b233f5b75cfa6308eacc965e83f4d11c6c1061c56d225d2322d3937a5a46b
SHA512 4cbe104db33830405bb629bf0ddceee03e263baeb49afbfb188b941b3431e3f66391f7a4f5008674de718b5f8af60d4c5ee80cfe0671c345908f247b0cfaa127

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BD6TUGHT\spf[1].js

MD5 892335937cf6ef5c8041270d8065d3cd
SHA1 aa6b73ca5a785fa34a04cb46b245e1302a22ddd3
SHA256 4d6a0c59700ff223c5613498f31d94491724fb29c4740aeb45bd5b23ef08cffa
SHA512 b760d2a1c26d6198e84bb6d226c21a501097ee16a1b535703787aaef101021c8269ae28c0b94d5c94e0590bf50edaff4a54af853109fce10b629fa81df04d5b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VT2NSLXN\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LB7R8WOH\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BD6TUGHT\www-tampering[1].js

MD5 d0a5a9e10eb7c7538c4abf5b82fda158
SHA1 133efd3e7bb86cfb8fa08e6943c4e276e674e3a6
SHA256 a82008d261c47c8ca436773fe8d418c5e32f48fe25a30885656353461e84bbbc
SHA512 a50f80003b377dbc6a22ef6b1d6ad1843ef805d94bafb1fcab8e67c3781ae671027a89c06bf279f3fd81508e18257740165a4fea3b1a7082b38ec0dc3d122c2f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VT2NSLXN\scheduler[1].js

MD5 3403b0079dbb23f9aaad3b6a53b88c95
SHA1 dc8ca7a7c709359b272f4e999765ac4eddf633b3
SHA256 f48cc70897719cf69b692870f2a85e45ecf0601fd672afcd569495faa54f6e48
SHA512 1b7f23639fd56c602a4027f1dd53185e83e3b1fa575dc29310c0590dd196dc59864407495b8cc9df23430a0f2709403d0aa6ec6d234cce09f89c485add45b40e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BD6TUGHT\web-animations-next-lite.min[1].js

MD5 cb9360b813c598bdde51e35d8e5081ea
SHA1 d2949a20b3e1bc3e113bd31ccac99a81d5fa353d
SHA256 e0cbfda7bfd7be1dcb66bbb507a74111fc4b2becbc742cd879751c3b4cbfa2f0
SHA512 a51e7374994b6c4adc116bc9dea60e174032f7759c0a4ff8eef0ce1a053054660d205c9bb05224ae67a64e2b232719ef82339a9cad44138b612006975578783c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VT2NSLXN\css2[1].css

MD5 16b81ad771834a03ae4f316c2c82a3d7
SHA1 6d37de9e0da73733c48b14f745e3a1ccbc3f3604
SHA256 1c8b1cfe467de6b668fb6dce6c61bed5ef23e3f7b3f40216f4264bd766751fb9
SHA512 9c3c27ba99afb8f0b82bac257513838b1652cfe81f12cca1b34c08cc53d3f1ebd9a942788ada007f1f9f80d9b305a8b6ad8e94b79a30f1d7c594a2395cf468a2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VT2NSLXN\www-onepick[1].css

MD5 5306f13dfcf04955ed3e79ff5a92581e
SHA1 4a8927d91617923f9c9f6bcc1976bf43665cb553
SHA256 6305c2a6825af37f17057fd4dcb3a70790cc90d0d8f51128430883829385f7cc
SHA512 e91ecd1f7e14ff13035dd6e76dfa4fa58af69d98e007e2a0d52bff80d669d33beb5fafefe06254cbc6dd6713b4c7f79c824f641cb704142e031c68eccb3efed3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LB7R8WOH\www-main-desktop-home-page-skeleton[1].css

MD5 770c13f8de9cc301b737936237e62f6d
SHA1 46638c62c9a772f5a006cc8e7c916398c55abcc5
SHA256 ec532fc053f1048f74abcf4c53590b0802f5a0bbddcdc03f10598e93e38d2ab6
SHA512 15f9d4e08c8bc22669da83441f6e137db313e4a3267b9104d0cc5509cbb45c5765a1a7080a3327f1f6627ddeb7e0cf524bd990c77687cb21a2e9d0b7887d4b6d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VT2NSLXN\hcaptcha[1].js

MD5 c2a59891981a9fd9c791bbff1344df52
SHA1 1bd69409a50107057b5340656d1ecd6f5726841f
SHA256 6beec8b04234097105f5d7a88af9c27552b27021446c9dbe029d908d1ff8599f
SHA512 f9d556e0f7e95e603881c5196cc2aa736eb24ed62086d09d36a9e1d6b4fec9f4c1dfb125a66bec301f57230a4242108c7c255e6aa3c6f08a3a0d75e0cf288afe

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NKLP5L0P\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

memory/6012-3008-0x00000000729F0000-0x00000000730DE000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF5C9F5049887CD8F9.TMP

MD5 411b6f70d836fa60f0bc1146fae296a7
SHA1 03114a6f87588f926c8ffa2bfd852fca3a848a86
SHA256 3cfd9e0c0c5c02419ee69a989ad783fe505e2e93f723aae439c5f3728c6fa654
SHA512 9fc002c433e925f7967c40381c6c2c2de81e4aa4f7d879d0d4005c33ae2179db7ce41e354dd2ec0f94c20a87f7563256c4ccf032e46011996e22d300d1620b95

memory/4644-3021-0x0000000000B10000-0x0000000000B2E000-memory.dmp

memory/4644-3022-0x00000000729F0000-0x00000000730DE000-memory.dmp

memory/4644-3024-0x0000000005360000-0x0000000005370000-memory.dmp

memory/6032-3027-0x0000000000400000-0x000000000046F000-memory.dmp

memory/6032-3029-0x00000000005A0000-0x00000000005FA000-memory.dmp

memory/6032-3030-0x00000000729F0000-0x00000000730DE000-memory.dmp

memory/6032-3031-0x0000000007560000-0x0000000007570000-memory.dmp

memory/6032-3032-0x0000000007FB0000-0x0000000008016000-memory.dmp

memory/6032-3033-0x0000000008890000-0x0000000008906000-memory.dmp

memory/6032-3034-0x0000000008940000-0x000000000895E000-memory.dmp

memory/6032-3035-0x0000000008B60000-0x0000000008D22000-memory.dmp

memory/6032-3036-0x0000000008D30000-0x000000000925C000-memory.dmp

memory/6032-3037-0x0000000006910000-0x0000000006960000-memory.dmp

memory/6032-3050-0x00000000729F0000-0x00000000730DE000-memory.dmp

memory/4644-3055-0x00000000729F0000-0x00000000730DE000-memory.dmp

memory/4644-3056-0x0000000005360000-0x0000000005370000-memory.dmp

memory/7136-3068-0x00000000729F0000-0x00000000730DE000-memory.dmp

memory/7136-3069-0x0000000000CB0000-0x000000000194A000-memory.dmp

memory/3168-3073-0x000001C5A6010000-0x000001C5A60FE000-memory.dmp

memory/3168-3081-0x000001C5C0680000-0x000001C5C0760000-memory.dmp

memory/3168-3079-0x000001C5C0530000-0x000001C5C0610000-memory.dmp

memory/3168-3083-0x00007FFBD8C00000-0x00007FFBD95EC000-memory.dmp

memory/3168-3086-0x000001C5C0520000-0x000001C5C0530000-memory.dmp

memory/3168-3089-0x000001C5C0760000-0x000001C5C0828000-memory.dmp

memory/3168-3092-0x000001C5C0930000-0x000001C5C09F8000-memory.dmp

memory/7136-3094-0x00000000729F0000-0x00000000730DE000-memory.dmp

memory/4216-3096-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

memory/3168-3095-0x000001C5C0A00000-0x000001C5C0A4C000-memory.dmp

memory/3276-3099-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/3276-3100-0x000001E8A7B50000-0x000001E8A7C34000-memory.dmp

memory/3276-3103-0x000001E8A7C40000-0x000001E8A7C50000-memory.dmp

memory/3276-3102-0x00007FFBD8C00000-0x00007FFBD95EC000-memory.dmp

memory/3168-3101-0x00007FFBD8C00000-0x00007FFBD95EC000-memory.dmp

memory/4180-3146-0x00000000007F0000-0x00000000008F0000-memory.dmp

memory/4180-3147-0x0000000000930000-0x0000000000939000-memory.dmp

memory/7128-3152-0x0000000000400000-0x0000000000409000-memory.dmp

memory/6764-3163-0x0000000002B90000-0x0000000002F8B000-memory.dmp

memory/6764-3165-0x0000000002F90000-0x000000000387B000-memory.dmp

memory/6764-3170-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/7128-3555-0x0000000000400000-0x0000000000409000-memory.dmp

memory/5020-3598-0x00000000729F0000-0x00000000730DE000-memory.dmp

memory/5020-3600-0x0000000004E50000-0x0000000004E86000-memory.dmp

memory/4216-3601-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

memory/5020-3604-0x0000000007120000-0x0000000007130000-memory.dmp

memory/3276-3607-0x00007FFBD8C00000-0x00007FFBD95EC000-memory.dmp

memory/5020-3609-0x0000000007760000-0x0000000007D88000-memory.dmp

memory/5020-3608-0x0000000007120000-0x0000000007130000-memory.dmp

memory/5020-3622-0x00000000075C0000-0x00000000075E2000-memory.dmp

memory/5020-3628-0x00000000076D0000-0x0000000007736000-memory.dmp

memory/5020-3631-0x0000000007F70000-0x00000000082C0000-memory.dmp

memory/5020-3645-0x0000000008320000-0x000000000833C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rtn0emhq.20r.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/5020-3703-0x00000000093C0000-0x00000000093FC000-memory.dmp