Malware Analysis Report

2024-11-13 19:10

Sample ID 231111-y61zwacb58
Target cf86047a6c29310a534143fb2686d621f8e581d9c709edb80245a71a7ade165e
SHA256 cf86047a6c29310a534143fb2686d621f8e581d9c709edb80245a71a7ade165e
Tags
glupteba mystic redline smokeloader zgrat taiga up3 backdoor dropper evasion infostealer loader persistence rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

cf86047a6c29310a534143fb2686d621f8e581d9c709edb80245a71a7ade165e

Threat Level: Known bad

The file cf86047a6c29310a534143fb2686d621f8e581d9c709edb80245a71a7ade165e was found to be: Known bad.

Malicious Activity Summary

glupteba mystic redline smokeloader zgrat taiga up3 backdoor dropper evasion infostealer loader persistence rat stealer trojan

Glupteba

SmokeLoader

Mystic

Detect ZGRat V1

RedLine payload

RedLine

Detect Mystic stealer payload

Glupteba payload

ZGRat

Modifies Windows Firewall

Stops running service(s)

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

AutoIT Executable

Suspicious use of SetThreadContext

Launches sc.exe

Drops file in Windows directory

Program crash

Unsigned PE

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-11 20:24

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-11 20:24

Reported

2023-11-11 20:27

Platform

win10-20231020-en

Max time kernel

13s

Max time network

159s

Command Line

"C:\Users\Admin\AppData\Local\Temp\cf86047a6c29310a534143fb2686d621f8e581d9c709edb80245a71a7ade165e.exe"

Signatures

Detect Mystic stealer payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A

Glupteba

loader dropper glupteba

Glupteba payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Mystic

stealer mystic

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

SmokeLoader

trojan backdoor smokeloader

ZGRat

rat zgrat

Downloads MZ/PE file

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\netsh.exe N/A

Stops running service(s)

evasion

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SC09eI3.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\cf86047a6c29310a534143fb2686d621f8e581d9c709edb80245a71a7ade165e.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A
N/A N/A C:\Windows\System32\sc.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7yd61dL.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7yd61dL.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7yd61dL.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 29cc4623dd14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0e53e821dd14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7568bd21dd14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3a651a22dd14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 03357324dd14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a48c0222dd14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = dda37d23dd14da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-459651055-4136032345-1270294931-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7yd61dL.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7yd61dL.exe N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeShutdownPrivilege N/A N/A N/A
Token: SeCreatePagefilePrivilege N/A N/A N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 808 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\cf86047a6c29310a534143fb2686d621f8e581d9c709edb80245a71a7ade165e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe
PID 808 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\cf86047a6c29310a534143fb2686d621f8e581d9c709edb80245a71a7ade165e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe
PID 808 wrote to memory of 4496 N/A C:\Users\Admin\AppData\Local\Temp\cf86047a6c29310a534143fb2686d621f8e581d9c709edb80245a71a7ade165e.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe
PID 4496 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe
PID 4496 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe
PID 4496 wrote to memory of 4684 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe
PID 4684 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe
PID 4684 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe
PID 4684 wrote to memory of 4476 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe
PID 4476 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SC09eI3.exe
PID 4476 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SC09eI3.exe
PID 4476 wrote to memory of 3192 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SC09eI3.exe
PID 4476 wrote to memory of 196 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe
PID 4476 wrote to memory of 196 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe
PID 4476 wrote to memory of 196 N/A C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe
PID 196 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 196 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 196 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 196 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 196 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 196 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 196 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 196 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 196 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 196 wrote to memory of 3936 N/A C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4684 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7yd61dL.exe
PID 4684 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7yd61dL.exe
PID 4684 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7yd61dL.exe
PID 4496 wrote to memory of 6108 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe
PID 4496 wrote to memory of 6108 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe
PID 4496 wrote to memory of 6108 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe
PID 6108 wrote to memory of 5612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6108 wrote to memory of 5612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6108 wrote to memory of 5612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6108 wrote to memory of 5612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6108 wrote to memory of 5612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6108 wrote to memory of 5612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6108 wrote to memory of 5612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 6108 wrote to memory of 5612 N/A C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 1100 wrote to memory of 3196 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1100 wrote to memory of 3196 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1100 wrote to memory of 3196 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\cf86047a6c29310a534143fb2686d621f8e581d9c709edb80245a71a7ade165e.exe

"C:\Users\Admin\AppData\Local\Temp\cf86047a6c29310a534143fb2686d621f8e581d9c709edb80245a71a7ade165e.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SC09eI3.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SC09eI3.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7yd61dL.exe

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7yd61dL.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 568

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9sG1SP3.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9sG1SP3.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\344A.exe

C:\Users\Admin\AppData\Local\Temp\344A.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\8691.exe

C:\Users\Admin\AppData\Local\Temp\8691.exe

C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Users\Admin\AppData\Local\Temp\9279.exe

C:\Users\Admin\AppData\Local\Temp\9279.exe

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\Broom.exe

C:\Users\Admin\AppData\Local\Temp\latestX.exe

"C:\Users\Admin\AppData\Local\Temp\latestX.exe"

C:\Users\Admin\AppData\Local\Temp\9279.exe

C:\Users\Admin\AppData\Local\Temp\9279.exe

C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\1372.exe

C:\Users\Admin\AppData\Local\Temp\1372.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"

C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"

C:\Users\Admin\AppData\Local\Temp\8E50.exe

C:\Users\Admin\AppData\Local\Temp\8E50.exe

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

C:\Users\Admin\AppData\Local\Temp\91DB.exe

C:\Users\Admin\AppData\Local\Temp\91DB.exe

C:\Windows\System32\sc.exe

sc stop UsoSvc

C:\Users\Admin\AppData\Local\Temp\940F.exe

C:\Users\Admin\AppData\Local\Temp\940F.exe

C:\Windows\System32\sc.exe

sc stop WaaSMedicSvc

C:\Windows\System32\sc.exe

sc stop wuauserv

C:\Windows\System32\sc.exe

sc stop bits

C:\Windows\System32\sc.exe

sc stop dosvc

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }

C:\Windows\System32\cmd.exe

C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -hibernate-timeout-dc 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-ac 0

C:\Windows\System32\powercfg.exe

powercfg /x -standby-timeout-dc 0

C:\Windows\System32\schtasks.exe

C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"

C:\Program Files\Google\Chrome\updater.exe

"C:\Program Files\Google\Chrome\updater.exe"

C:\Windows\System32\cmd.exe

C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"

C:\Windows\system32\netsh.exe

netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

powershell -nologo -noprofile

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 163.252.72.23.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 136.252.72.23.in-addr.arpa udp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 101.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 113.106.207.23.in-addr.arpa udp
US 8.8.8.8:53 10.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 52.7.192.127:443 www.epicgames.com tcp
US 52.7.192.127:443 www.epicgames.com tcp
US 8.8.8.8:53 community.cloudflare.steamstatic.com udp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 facebook.com udp
US 157.240.5.35:443 facebook.com tcp
US 157.240.5.35:443 facebook.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 172.64.145.151:443 community.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 127.192.7.52.in-addr.arpa udp
US 8.8.8.8:53 151.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 136.145.250.142.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 35.5.240.157.in-addr.arpa udp
US 8.8.8.8:53 store.cloudflare.steamstatic.com udp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 104.18.42.105:443 store.cloudflare.steamstatic.com tcp
US 8.8.8.8:53 fbcdn.net udp
US 157.240.5.35:443 fbcdn.net tcp
US 157.240.5.35:443 fbcdn.net tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 105.42.18.104.in-addr.arpa udp
US 8.8.8.8:53 192.15.239.18.in-addr.arpa udp
US 8.8.8.8:53 80.41.65.18.in-addr.arpa udp
US 8.8.8.8:53 fbsbx.com udp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 157.240.5.35:443 fbsbx.com tcp
US 157.240.5.35:443 fbsbx.com tcp
US 8.8.8.8:53 www.paypalobjects.com udp
US 18.238.246.206:80 ocsp.r2m02.amazontrust.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 206.246.238.18.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 tracking.epicgames.com udp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 34.195.142.151:443 tracking.epicgames.com tcp
US 8.8.8.8:53 73.36.239.18.in-addr.arpa udp
US 8.8.8.8:53 151.142.195.34.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 numpersb.fun udp
US 8.8.8.8:53 killredls.pw udp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 157.240.5.10:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 57.53.21.104.in-addr.arpa udp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 192.229.221.25:443 www.paypalobjects.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
NL 104.85.0.101:443 store.steampowered.com tcp
NL 104.85.0.101:443 store.steampowered.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
JP 23.207.106.113:443 steamcommunity.com tcp
JP 23.207.106.113:443 steamcommunity.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 c.paypal.com udp
US 192.229.221.25:443 c.paypal.com tcp
US 192.229.221.25:443 c.paypal.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 www.recaptcha.net udp
NL 172.217.168.227:443 www.recaptcha.net tcp
NL 172.217.168.227:443 www.recaptcha.net tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 227.168.217.172.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 18.239.36.73:443 static-assets-prod.unrealengine.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 b.stats.paypal.com udp
US 104.21.53.57:80 killredls.pw tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
RU 5.42.92.190:80 5.42.92.190 tcp
NL 194.169.175.118:80 194.169.175.118 tcp
US 8.8.8.8:53 api.steampowered.com udp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
US 8.8.8.8:53 190.92.42.5.in-addr.arpa udp
US 8.8.8.8:53 118.175.169.194.in-addr.arpa udp
JP 23.207.106.113:443 api.steampowered.com tcp
JP 23.207.106.113:443 api.steampowered.com tcp
RU 5.42.65.80:80 5.42.65.80 tcp
US 8.8.8.8:53 80.65.42.5.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 194.49.94.80:42359 tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 80.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 104.21.53.57:80 killredls.pw tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 8.8.8.8:53 c6.paypal.com udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 151.101.1.35:443 c6.paypal.com tcp
US 151.101.1.35:443 c6.paypal.com tcp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
US 104.21.53.57:80 killredls.pw tcp
RU 5.42.92.51:19057 tcp
US 104.21.53.57:80 killredls.pw tcp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.219.90:443 newassets.hcaptcha.com tcp
US 104.19.219.90:443 newassets.hcaptcha.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 api.hcaptcha.com udp
US 104.19.218.90:443 api.hcaptcha.com tcp
US 104.19.218.90:443 api.hcaptcha.com tcp
US 8.8.8.8:53 1.202.248.87.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
IT 185.196.9.161:80 185.196.9.161 tcp
US 8.8.8.8:53 161.9.196.185.in-addr.arpa udp
RU 5.42.64.16:443 tcp
US 8.8.8.8:53 16.64.42.5.in-addr.arpa udp
US 8.8.8.8:53 83.121.18.2.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
RU 5.42.64.16:443 tcp
RU 5.42.92.51:19057 tcp
US 8.8.8.8:53 bluepablo.fun udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 41.18.21.104.in-addr.arpa udp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
NL 157.240.201.35:443 www.facebook.com tcp
NL 157.240.201.35:443 www.facebook.com tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 254.7.248.8.in-addr.arpa udp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp
US 8.8.8.8:53 host-file-host6.com udp
US 8.8.8.8:53 host-host-file8.com udp
US 95.214.26.28:80 host-host-file8.com tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 28.26.214.95.in-addr.arpa udp
RU 5.42.92.190:80 5.42.92.190 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 194.49.94.72:80 194.49.94.72 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 8.8.8.8:53 72.94.49.194.in-addr.arpa udp
RU 5.42.92.51:19057 tcp
US 104.21.18.41:80 bluepablo.fun tcp
US 194.49.94.11:80 194.49.94.11 tcp
NL 194.169.175.235:42691 tcp
US 8.8.8.8:53 11.94.49.194.in-addr.arpa udp
US 8.8.8.8:53 235.175.169.194.in-addr.arpa udp
US 8.8.8.8:53 api.ip.sb udp
US 172.67.75.172:443 api.ip.sb tcp
US 8.8.8.8:53 172.75.67.172.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe

MD5 37da02464675654e81f038d49ee97cc5
SHA1 57c3ee97e3f0f0eedfa5b38482ce6eb98bd90873
SHA256 69aa74b75c3d7148d9c5735cf8dcdb05a78ebcbb360712aad1aaf7a8fdbe7fbc
SHA512 e025d3965d36c1d9eae5815c5d246e862e47e1c900ee6d0b88937bcdc9f0ff3a9d30ddb8baa91bfa90cb7e80a5fdf87116810505b581a95f3525a51f8d3d83b4

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Tr8pf00.exe

MD5 37da02464675654e81f038d49ee97cc5
SHA1 57c3ee97e3f0f0eedfa5b38482ce6eb98bd90873
SHA256 69aa74b75c3d7148d9c5735cf8dcdb05a78ebcbb360712aad1aaf7a8fdbe7fbc
SHA512 e025d3965d36c1d9eae5815c5d246e862e47e1c900ee6d0b88937bcdc9f0ff3a9d30ddb8baa91bfa90cb7e80a5fdf87116810505b581a95f3525a51f8d3d83b4

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe

MD5 c7789e9e5821b2560c85cf7d31024b2d
SHA1 03eade6f25bfdaadbe5cdaa2d7a4e0f0b80ad87b
SHA256 38a166e08c89abaeb27de152295caf3e4f9b6b330c6db7536c811b5fa2c4811d
SHA512 a7f24eec6fa92c72190a42187b5e46952b81033b5946007b545077097d037d411b59ed5a127a2ed98557388d7556806289db8a30f15a96596894a37a13359676

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\lK9VD88.exe

MD5 c7789e9e5821b2560c85cf7d31024b2d
SHA1 03eade6f25bfdaadbe5cdaa2d7a4e0f0b80ad87b
SHA256 38a166e08c89abaeb27de152295caf3e4f9b6b330c6db7536c811b5fa2c4811d
SHA512 a7f24eec6fa92c72190a42187b5e46952b81033b5946007b545077097d037d411b59ed5a127a2ed98557388d7556806289db8a30f15a96596894a37a13359676

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe

MD5 6c00b84343032c0a1a46bcebe9aa66aa
SHA1 0bbcf4a1b0f4749468b5f8210393759e3e4c5c93
SHA256 28fc15d4ed38d0cdcdb768dfe3c3a39cfcab8f5d9d25c2ff24c604d941559086
SHA512 53583df000f7ea3c2474554ba058496a96e82742cbdb7a14a23a355eef286435a245cb11c65ed8698c610cb955c82754b7905ca6e0efdb7b578f6c08fbf7ea95

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lw2cC22.exe

MD5 6c00b84343032c0a1a46bcebe9aa66aa
SHA1 0bbcf4a1b0f4749468b5f8210393759e3e4c5c93
SHA256 28fc15d4ed38d0cdcdb768dfe3c3a39cfcab8f5d9d25c2ff24c604d941559086
SHA512 53583df000f7ea3c2474554ba058496a96e82742cbdb7a14a23a355eef286435a245cb11c65ed8698c610cb955c82754b7905ca6e0efdb7b578f6c08fbf7ea95

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SC09eI3.exe

MD5 4f429efcc579e5e72593a05754c00a18
SHA1 2008f9e1333f118c5bdf8f38641f30d7befd5c35
SHA256 d350a034854b1966b1f754d53510552d27d04f084ca53ec73071a85eb057d420
SHA512 759cf45c03f9247ef16d94166d32bff0807f15ca386876f56703e4c61f2b417dbfb48c492093067082e4c9be681682c1a6e923fd48a99a6b3e42c41003aa5329

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1SC09eI3.exe

MD5 4f429efcc579e5e72593a05754c00a18
SHA1 2008f9e1333f118c5bdf8f38641f30d7befd5c35
SHA256 d350a034854b1966b1f754d53510552d27d04f084ca53ec73071a85eb057d420
SHA512 759cf45c03f9247ef16d94166d32bff0807f15ca386876f56703e4c61f2b417dbfb48c492093067082e4c9be681682c1a6e923fd48a99a6b3e42c41003aa5329

memory/3064-28-0x00000180E4D20000-0x00000180E4D30000-memory.dmp

memory/3064-44-0x00000180E5600000-0x00000180E5610000-memory.dmp

memory/3064-63-0x00000180E5190000-0x00000180E5192000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe

MD5 8ea81a3bdbba88c4f2bc38daa5df97d7
SHA1 d651c3d9a1d911886f718aee2c3f5cb04e701e41
SHA256 c4064246af1a40d87231dc85abaaa740c701bf37bddc2454b7628a8e752befa5
SHA512 1bcffb2565204db32411583ce94880df90229d01b34b964c848a9557028b162c331e534a198a6cde519af2dfb1f27e6920dad5060c86a954bd6af6dc83d1ed86

C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2JY3608.exe

MD5 8ea81a3bdbba88c4f2bc38daa5df97d7
SHA1 d651c3d9a1d911886f718aee2c3f5cb04e701e41
SHA256 c4064246af1a40d87231dc85abaaa740c701bf37bddc2454b7628a8e752befa5
SHA512 1bcffb2565204db32411583ce94880df90229d01b34b964c848a9557028b162c331e534a198a6cde519af2dfb1f27e6920dad5060c86a954bd6af6dc83d1ed86

memory/3936-73-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3936-77-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3936-78-0x0000000000400000-0x0000000000433000-memory.dmp

memory/3936-81-0x0000000000400000-0x0000000000433000-memory.dmp

memory/2780-85-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7yd61dL.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7yd61dL.exe

MD5 b938034561ab089d7047093d46deea8f
SHA1 d778c32cc46be09b107fa47cf3505ba5b748853d
SHA256 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161
SHA512 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 66259b6b1db333db19598185996e00f2
SHA1 3f99a4f7be7bb75a03c029cd09a339ce6f57b514
SHA256 ee481a77d0e73018888044ccc9322dcc8c82bc25738003a27b4054bba895f1e3
SHA512 44e65537d82093c6ae4bfe3b6d2c4299c9c6af67d109c72c62a5aedbe33d48265d141c4c1a5844a625df12bb96e7376e467b692c579ac35fcbfc3d7798406f69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 66259b6b1db333db19598185996e00f2
SHA1 3f99a4f7be7bb75a03c029cd09a339ce6f57b514
SHA256 ee481a77d0e73018888044ccc9322dcc8c82bc25738003a27b4054bba895f1e3
SHA512 44e65537d82093c6ae4bfe3b6d2c4299c9c6af67d109c72c62a5aedbe33d48265d141c4c1a5844a625df12bb96e7376e467b692c579ac35fcbfc3d7798406f69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 66259b6b1db333db19598185996e00f2
SHA1 3f99a4f7be7bb75a03c029cd09a339ce6f57b514
SHA256 ee481a77d0e73018888044ccc9322dcc8c82bc25738003a27b4054bba895f1e3
SHA512 44e65537d82093c6ae4bfe3b6d2c4299c9c6af67d109c72c62a5aedbe33d48265d141c4c1a5844a625df12bb96e7376e467b692c579ac35fcbfc3d7798406f69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 33b295182a2f2cc6f0b1edd7a3e8c79e
SHA1 7e05a14bf1bc0f08d14cd0dfa58051373701b375
SHA256 baf987bac8333074c4bbddafeca67be00066f3c189cec9f0c3062f1597ef874d
SHA512 cd624b07dd1895878f0b1514d86c24edec0195806f4c8d08eed52153797b6d0bed022890e87fa7afb3fd2cf18105bdfec326bd6bdcb448098dc10c2ce992b905

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 33b295182a2f2cc6f0b1edd7a3e8c79e
SHA1 7e05a14bf1bc0f08d14cd0dfa58051373701b375
SHA256 baf987bac8333074c4bbddafeca67be00066f3c189cec9f0c3062f1597ef874d
SHA512 cd624b07dd1895878f0b1514d86c24edec0195806f4c8d08eed52153797b6d0bed022890e87fa7afb3fd2cf18105bdfec326bd6bdcb448098dc10c2ce992b905

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 80144ac74f3b6f6d6a75269bdc5d5a60
SHA1 6707bb0c8a3e92d1fd4765e10781535433036196
SHA256 d746128fdb817742cb812c74fb8aa543191116feda6dfcfc59d74becf482a285
SHA512 c61d3847bdc0c4a4b8cd94b2d9a3a474b985b974776ca2ef4caf78e5fb82e4d4f65c477dec1cdf080f9d397f3d0dfe035adc267f9b4fe9b75c82e399f20bc6b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 bbf0e29268ddfd99bde03e58039df96a
SHA1 3ba0542fed7734b1fcb484d73df8583d4c1cb11d
SHA256 ccb67510824670f69ce2ed17ba72455f2be26d053ab13b2d04e8c4bbc2a456a4
SHA512 4eac0c845359016b7045100c146d83b3c5e94ca7d319e4bcde9c19f880b89d33630aadbfbeb21c85295388826e046857aafba5b55fd22397537761586af0df35

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

MD5 b2c0d1915f33170967d482cfcaec79d6
SHA1 ed7a90770e45c60a7abfe711242966b57ba6e3ea
SHA256 307c8aa3e04fa3dc670c5d4824b8f0c37c846a23421445bcbd796c32f5fbacd9
SHA512 d941981285efa04041095e5499f716b86d249ac442464450351b60b69798b6afeca8f4843dab7753d665e531f6f9902b204a025ec6c6380c990fc346725e0145

memory/3156-206-0x0000000002CF0000-0x0000000002D06000-memory.dmp

memory/2780-207-0x0000000000400000-0x000000000040B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8hv129YK.exe

MD5 6c48bad9513b4947a240db2a32d3063a
SHA1 a5b9b870ce2d3451572d88ff078f7527bd3a954a
SHA256 984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8
SHA512 7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

memory/5612-245-0x0000000000400000-0x000000000043C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LW832BJW.cookie

MD5 c374f5f0536b13860af81bdd8797c27c
SHA1 80c575117a4bcff750d207b14d2b8fec9e20bba4
SHA256 48ea83d92242bafa3104e6271c4a473213092540ce8528add67ce70641b72380
SHA512 489f9e282a9c4afd44411f5ab70b8b4b1632fbb0311fff448ebff83389a02b62f8454cf0e4008f6996e4701710afdfa96ed202196ecc4920dd19e734ce185889

memory/5612-274-0x00000000726F0000-0x0000000072DDE000-memory.dmp

memory/5612-288-0x000000000B2A0000-0x000000000B79E000-memory.dmp

memory/5612-294-0x000000000ADA0000-0x000000000AE32000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

memory/3196-309-0x000001F3601A0000-0x000001F3601A2000-memory.dmp

memory/3196-314-0x000001F3601E0000-0x000001F3601E2000-memory.dmp

memory/3196-318-0x000001F3604E0000-0x000001F3604E2000-memory.dmp

memory/5612-323-0x000000000AE50000-0x000000000AE5A000-memory.dmp

memory/4976-326-0x0000019DEA0B0000-0x0000019DEA0D0000-memory.dmp

memory/4168-334-0x0000028646C00000-0x0000028646D00000-memory.dmp

memory/5612-383-0x000000000BDB0000-0x000000000C3B6000-memory.dmp

memory/5612-390-0x000000000B190000-0x000000000B29A000-memory.dmp

memory/5612-394-0x000000000B000000-0x000000000B012000-memory.dmp

memory/3064-397-0x00000180EC3D0000-0x00000180EC3D1000-memory.dmp

memory/3064-402-0x00000180EC3E0000-0x00000180EC3E1000-memory.dmp

memory/5612-395-0x000000000B080000-0x000000000B0BE000-memory.dmp

memory/5612-410-0x000000000B0C0000-0x000000000B10B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9sG1SP3.exe

MD5 ac23e4f46890d64e50075d58a6528c75
SHA1 f3d29355a99247c91b82aba2f8380039ffed942f
SHA256 684858fc9457e3874090956dd6b8fa6a5be07b20feb73830eeeb38d4213b1112
SHA512 43879720f92ec8d93c07fcf43e90aefa2d7385a193e9687dabf1d8769d8fdbe18098641b9b6ed7d05168db881089f2acd0a0f5c0d5c377bb6ae73168c161bc59

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9sG1SP3.exe

MD5 ac23e4f46890d64e50075d58a6528c75
SHA1 f3d29355a99247c91b82aba2f8380039ffed942f
SHA256 684858fc9457e3874090956dd6b8fa6a5be07b20feb73830eeeb38d4213b1112
SHA512 43879720f92ec8d93c07fcf43e90aefa2d7385a193e9687dabf1d8769d8fdbe18098641b9b6ed7d05168db881089f2acd0a0f5c0d5c377bb6ae73168c161bc59

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SPHIVZL9\shared_global[1].css

MD5 eec4781215779cace6715b398d0e46c9
SHA1 b978d94a9efe76d90f17809ab648f378eb66197f
SHA256 64f61829703eca976c04cf194765a87c5a718e98597df2cb3eae9cf3150e572e
SHA512 c1f8164eb3a250a8edf8b7cb3b8c30396861eff95bcc4ed9a0c92a9dcde8fd7cd3a91b8f4fd8968c4fdafd18b51d20541bcc07a0643e55c8f6b12ceb67d7805d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TWL0BD5C\buttons[1].css

MD5 84524a43a1d5ec8293a89bb6999e2f70
SHA1 ea924893c61b252ce6cdb36cdefae34475d4078c
SHA256 8163d25cb71da281079b36fcde6d9f6846ff1e9d70112bbe328cae5ffb05f2bc
SHA512 2bf17794d327b4a9bdbae446dd086354b6b98ac044a8ee0b85bd72c3ab22d93b43f3542df03d64f997d1df6fc6cac5c5e258c4ec82b998f3a40b50c2fde99b5a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\IUY34RJV\favicon[1].ico

MD5 630d203cdeba06df4c0e289c8c8094f6
SHA1 eee14e8a36b0512c12ba26c0516b4553618dea36
SHA256 bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
SHA512 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

memory/5728-440-0x0000000000400000-0x0000000000488000-memory.dmp

memory/5728-447-0x0000000000400000-0x0000000000488000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NK1M3ZEM\shared_responsive[2].css

MD5 086f049ba7be3b3ab7551f792e4cbce1
SHA1 292c885b0515d7f2f96615284a7c1a4b8a48294a
SHA256 b38fc1074ef68863c2841111b9e20d98ea0305c1e39308dc7ad3a6f3fd39117a
SHA512 645f23b5598d0c38286c2a68268cb0bc60db9f6de7620297f94ba14afe218d18359d124ebb1518d31cd8960baed7870af8fd6960902b1c9496d945247fbb2d78

memory/5728-471-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3196-479-0x000001F3623B0000-0x000001F3623B2000-memory.dmp

memory/5728-522-0x0000000000400000-0x0000000000488000-memory.dmp

memory/3196-521-0x000001F3623D0000-0x000001F3623D2000-memory.dmp

memory/60-526-0x000002755F5A0000-0x000002755F5A2000-memory.dmp

memory/3196-531-0x000001F362510000-0x000001F362512000-memory.dmp

memory/3196-535-0x000001F362710000-0x000001F362712000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3ZEBW4G4\tooltip[1].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3ZEBW4G4\shared_global[1].js

MD5 f94199f679db999550a5771140bfad4b
SHA1 10e3647f07ef0b90e64e1863dd8e45976ba160c0
SHA256 26c013d87a0650ece1f28cdc42d7995ad1a57e5681e30c4fd1c3010d995b7548
SHA512 66aef2dda0d8b76b68fd4a90c0c8332d98fe6d23590954a20317b0129a39feb9cd3bd44e0c57e6b309227d912c6c07b399302a5e680615e05269769b7e750036

memory/4168-565-0x0000028657460000-0x0000028657480000-memory.dmp

memory/4976-571-0x0000019DEAA60000-0x0000019DEAB60000-memory.dmp

memory/524-554-0x00000229B8160000-0x00000229B8180000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9

MD5 923f6e4d45a5884f0abbfe60aaf2a972
SHA1 b77ca54adace5c1e34615832c53f9f7f3ee02887
SHA256 45c2b4583dd60ac1d507af81ee09b636d4605f246c7596526e26d1a8d4af4df1
SHA512 72f0bfdb3dd6a0b9f8dd9a14e7f6f410f16ff7e516f110266bd8c87d7a81a27e6174a3ccabd80c828e50867e129d895ff93de1c45b1cdb70e2024139c14efa98

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9

MD5 923f6e4d45a5884f0abbfe60aaf2a972
SHA1 b77ca54adace5c1e34615832c53f9f7f3ee02887
SHA256 45c2b4583dd60ac1d507af81ee09b636d4605f246c7596526e26d1a8d4af4df1
SHA512 72f0bfdb3dd6a0b9f8dd9a14e7f6f410f16ff7e516f110266bd8c87d7a81a27e6174a3ccabd80c828e50867e129d895ff93de1c45b1cdb70e2024139c14efa98

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9

MD5 a481144dcd0cdcd1c95ce374bdc85bb6
SHA1 e1d6f42e25902ad10745c2a6882ef0a8b9667b01
SHA256 5db8fbd757fcaca52bde890b2b0bfcf0ad94e0baf001cf32ac2f215c58684206
SHA512 b1c7fd2056514678f44f53f4d12eb12ad9f9c819c9dec01b8c97d84ae801d5602fc4d7f88a5dbf6e69b75fe3dac5ea6e9a1fcb69c8a4915b0e1317f65c8448dc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9

MD5 a481144dcd0cdcd1c95ce374bdc85bb6
SHA1 e1d6f42e25902ad10745c2a6882ef0a8b9667b01
SHA256 5db8fbd757fcaca52bde890b2b0bfcf0ad94e0baf001cf32ac2f215c58684206
SHA512 b1c7fd2056514678f44f53f4d12eb12ad9f9c819c9dec01b8c97d84ae801d5602fc4d7f88a5dbf6e69b75fe3dac5ea6e9a1fcb69c8a4915b0e1317f65c8448dc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9

MD5 923f6e4d45a5884f0abbfe60aaf2a972
SHA1 b77ca54adace5c1e34615832c53f9f7f3ee02887
SHA256 45c2b4583dd60ac1d507af81ee09b636d4605f246c7596526e26d1a8d4af4df1
SHA512 72f0bfdb3dd6a0b9f8dd9a14e7f6f410f16ff7e516f110266bd8c87d7a81a27e6174a3ccabd80c828e50867e129d895ff93de1c45b1cdb70e2024139c14efa98

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9

MD5 8127f420960b8e109d76037805374a63
SHA1 c60755c6d42ab866ed48c4df8f18db570c605467
SHA256 9d28191669a8da80fa3237a528aba235ed0521946e7dc6472417064862e7d43d
SHA512 0acdd248945e90c545ab9631672f8920b553631874fd084a5cea903434b923d962674470b27111f48948eca01ecafe288cc6bc0147c412a405c9755d03b210e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9

MD5 8127f420960b8e109d76037805374a63
SHA1 c60755c6d42ab866ed48c4df8f18db570c605467
SHA256 9d28191669a8da80fa3237a528aba235ed0521946e7dc6472417064862e7d43d
SHA512 0acdd248945e90c545ab9631672f8920b553631874fd084a5cea903434b923d962674470b27111f48948eca01ecafe288cc6bc0147c412a405c9755d03b210e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZYB1I8SM.cookie

MD5 48897562e3acd9061afbaf083b4e2a28
SHA1 35ec22b6e311925c3508a806d95ba5fde733a4f8
SHA256 b8fa97a3a7f954c371884059558eae3a851e44423145e8414106d7cdf08d43bb
SHA512 1dfa556cecafdd07184d0e08dcfe0b5b1fede72279e5ac2caf57a3d2b2ae364abd063b9d659b11d4fa862809c14c70b3a2386e62573656557c0147dba7d018e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZHH1F16X.cookie

MD5 a9f66f3e3d3ff9badb9ac51f466076cf
SHA1 e9b4dbc9d00e8cfaae31ad421207e6cb70d41b46
SHA256 ad605eb3f10ef0852e26bc147ad1263cb92ee48a868be30b024a72001b19aa1a
SHA512 df2fdb9a00fc06c1b40da18047f9ceeb1e7393998ef0487bc6fc75b88ef43e254f929aac3bb86518365c781b2b176f54befc67b651d59bed83d1d07b3106c1ae

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\8OXXRGX0.cookie

MD5 e9d0d80591269cbb8149099df8ae7191
SHA1 fbe3c60fe0554391b76621f65114e1ecdb766027
SHA256 c52b05c5d56412871c4088f13a4a6081e25c74203d5ef43f81652588e3630c90
SHA512 9034bb1ca8f9b7d4aa2dc47104e29dd260ec2535888778a45f8f7e9eded9ff4142f22acebe67b4180c064698f0e7a45bc54eaf5cf60b697f71c0155dfb15ea99

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 4a2bed4bdad7e05a6c9a791a8f204ab6
SHA1 498dfc82d5c09b798b37176d4ee94714bf8b3cd4
SHA256 d5590697178df9845e765827bdb1acd9199b0f3a5300f59fe5ba402d9657daf5
SHA512 1e56b27404bc33bf936d75b19f431de41bc23e0b8efec211cae35f216cf04ea6bc14c36dea58b8ad2c6f8900f3e19cc54fe3ec994d49602486e2309b7dadef48

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3ZEBW4G4\shared_responsive_adapter[1].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 06a769ee925d4ec7e7a45ecd0941e8ba
SHA1 80ec2fa2fa25778eb3c25d3b6177ecd51663b451
SHA256 23b90a5d59d8f31d5d79b53af5af64d863fbc287b61fdc701d2869af9e5da0a2
SHA512 ab34e4d3e682aedc0848e1d76ead7090f986caf9e28399830f5adb9f8313bc02003f97761646f05b480f045c31977fcbbf5ae9b0f8ddd0b034d31d8867da667c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 06a769ee925d4ec7e7a45ecd0941e8ba
SHA1 80ec2fa2fa25778eb3c25d3b6177ecd51663b451
SHA256 23b90a5d59d8f31d5d79b53af5af64d863fbc287b61fdc701d2869af9e5da0a2
SHA512 ab34e4d3e682aedc0848e1d76ead7090f986caf9e28399830f5adb9f8313bc02003f97761646f05b480f045c31977fcbbf5ae9b0f8ddd0b034d31d8867da667c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 06a769ee925d4ec7e7a45ecd0941e8ba
SHA1 80ec2fa2fa25778eb3c25d3b6177ecd51663b451
SHA256 23b90a5d59d8f31d5d79b53af5af64d863fbc287b61fdc701d2869af9e5da0a2
SHA512 ab34e4d3e682aedc0848e1d76ead7090f986caf9e28399830f5adb9f8313bc02003f97761646f05b480f045c31977fcbbf5ae9b0f8ddd0b034d31d8867da667c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 df26803bd741cd8337ebbee4c99100c7
SHA1 0c773c5482f47ed25356739cfae0e0d1f1655d73
SHA256 fd20571a9005f781b6452d345b8ea3e90c9cc88156795a3521cc16fae542355e
SHA512 6648aa7a8c307467e3174b50928aa19aa133f42a87b6332ef02aad85fe1b48b848145daba50ef220eb075699268547eb7a731874cdb197d89cd229f4cc962886

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 b822fdb708ad22f063f0886198e7caa4
SHA1 3ff1fb0ce6ee6d4b8a15285e5615149acc65df10
SHA256 5b3b539c6a62625dbf8be1f8128255733f0750e54a99b83d39a5536c16dc038c
SHA512 e2d6d5e4b55f520f4dd0fcfe251133a24013450df65eb000e3c35753fe8d452e62b66779b71dfe944a1ab177990b7f2557eba92cb35e902871903aacd793649d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 b822fdb708ad22f063f0886198e7caa4
SHA1 3ff1fb0ce6ee6d4b8a15285e5615149acc65df10
SHA256 5b3b539c6a62625dbf8be1f8128255733f0750e54a99b83d39a5536c16dc038c
SHA512 e2d6d5e4b55f520f4dd0fcfe251133a24013450df65eb000e3c35753fe8d452e62b66779b71dfe944a1ab177990b7f2557eba92cb35e902871903aacd793649d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 df26803bd741cd8337ebbee4c99100c7
SHA1 0c773c5482f47ed25356739cfae0e0d1f1655d73
SHA256 fd20571a9005f781b6452d345b8ea3e90c9cc88156795a3521cc16fae542355e
SHA512 6648aa7a8c307467e3174b50928aa19aa133f42a87b6332ef02aad85fe1b48b848145daba50ef220eb075699268547eb7a731874cdb197d89cd229f4cc962886

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_57CE1AECC398AD2C94DD1A683EAD09FC

MD5 8fde3c5f3c8a5d9a3e283fd2dbfab3ce
SHA1 ac8f0c13c6b3ac5d6aa33f1f08e2b63f6cb4abf1
SHA256 2d2dc524deb4d37b0ea8ea6e23c3f9536f9d23407f2dac962c8e4454341dda62
SHA512 5425afd720d567f7c9c8cf33e3f10f2bec3d22c159baae0a9d0815444a9747a1bf6ff94e54719e373b0a2f71eb16ad802c7b4e7348a81984ad2410c7920762d5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\IUY34RJV\B8BxsscfVBr[1].ico

MD5 e508eca3eafcc1fc2d7f19bafb29e06b
SHA1 a62fc3c2a027870d99aedc241e7d5babba9a891f
SHA256 e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a
SHA512 49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\W78G4VAI\store.steampowered[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\38NH14NM.cookie

MD5 949888233a5647b2f60e1cd48b412675
SHA1 1fb80a7a21ec27e6fea0745deefec472e9dff612
SHA256 fc1e6f9306aec299d825b57c8deb40a3b60bc9215187ec74547238c48408b21d
SHA512 00827bc295b33562bff21df6018ddeba189c1b3fe2e316a3310cb96aa298a03154064bc7339649fea58898ac98c0d5eee5e74de91cac30004a7245cfe1e87459

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\16MF0V38\favicon[1].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6AQAH254\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RRHCSV66.cookie

MD5 eaea524cee99839b2210783aefed8f43
SHA1 6414af9c9655649edbfae7148c8070e22eee8e91
SHA256 267ddd11edff67329a91eeb7f0a018018f30c8ef54123ac863f3998884a26ab5
SHA512 7053b63c82ef6522555bdbd39ec1b3bf22aa418e306cddda1f408229ca68b6428e2c0a7d526aea80f9d5ba3c763f50045e98baa2f0694d429a3628ab8a91b84e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 11a0ca21b92ed4d7f7adc6d0f8a07bba
SHA1 a692a30c4f272d4a180e72b73c84ff0be578ff34
SHA256 54a55ce8ceb8646faf41bdf1370eed1fa58170bbddc42a57f7f3155f00a53224
SHA512 7af397fc375f3d67b9b0cc8b7b371a62d812606001d9406d072594476b291ffd4a3db9d2bacfd4e37e985fe8a50830a109359817d14c6b2c0cc1658b7eae196d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9

MD5 923f6e4d45a5884f0abbfe60aaf2a972
SHA1 b77ca54adace5c1e34615832c53f9f7f3ee02887
SHA256 45c2b4583dd60ac1d507af81ee09b636d4605f246c7596526e26d1a8d4af4df1
SHA512 72f0bfdb3dd6a0b9f8dd9a14e7f6f410f16ff7e516f110266bd8c87d7a81a27e6174a3ccabd80c828e50867e129d895ff93de1c45b1cdb70e2024139c14efa98

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9

MD5 bbf523dbf1307f9bca2501d97c29e6c6
SHA1 7e3faddbc91ad9cda3d114cc0f5d0246c9464a44
SHA256 3ed8ccbe113221aefb0cd1fce96e5bcefc0ef47c2f2c8bcdea247d48c2edc142
SHA512 5b5da40f04352591b2b883709c4ad1f98f92bfa835ae347cb9f405525965696a236912fe24fc4750202c25c1beb2105bd7c1b2b2a66cf944c537b4a4e733bcb6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\v33qv5q\imagestore.dat

MD5 6fb41791613006aa6e22e03d982bc92d
SHA1 167eb3dee35f6573b71998ce748452903c10812f
SHA256 3fb27ff2e37e8f68c6a644af32470afe19bb7c6128f94862d1953e6cd573d8ed
SHA512 4e43a2d5892528a5e5b9e7558f2ebee78c874efe9beb9db8162d2d3b17a758a04d49f343f9e9c5fd11070831f7de2509d929fc225b8cac1d6f7179bc5b29aacc

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\C6CTHERZ.cookie

MD5 ca9c8285d3a36a22047b6fe3d7f423cc
SHA1 5dcc07c5dde9d72131b1770f48b2548809205f0a
SHA256 648824babd07b0428d52d49b9a114dca4f6cdf970ebee6b1aaa12140cc11482f
SHA512 84a338f10dc8f08944ff56146e982c6703a95e73634f9e5e4e45171a9d828f08f15b6420045e4c77c937b7e4b7c374477a7129c09ef5894e24da0820cca512ef

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NK1M3ZEM\chunk~f036ce556[1].css

MD5 19a9c503e4f9eabd0eafd6773ab082c0
SHA1 d9b0ca3905ab9a0f9ea976d32a00abb7935d9913
SHA256 7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a
SHA512 0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0HAXS5NC.cookie

MD5 305fa771755480ad31eeb6eaddba4156
SHA1 7479d1088b4d51b498837eea8762769c260b9e3c
SHA256 9c0ceed3db3d38c014f1a1cbfada28e6c03843b9d96545ed64a2676bc9e03fc6
SHA512 4d9c1092f675614c192d971b5bf97214fafd62e5bec8f8e5b854b7440de8e2a2f4b14b5058522ad6222b2f9f29704af6c015d8e4d33980309433c615f91442f1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RPEE97BP.cookie

MD5 67501225b9a7bb722aa02406609a5938
SHA1 37854fd23af4f64f78646c6b7383866bbca3bb2e
SHA256 52f5fe5854c471cb8d134900b48aea22441a9a6728bb01d30cb5415fe653ebb8
SHA512 f568e81a3faee8739745356aee51fb8ad4776a1918af7492406dcc57e4eeaa3a0c0f2fe2bfc40673de045f6eda6d4c620b8ab6af3531c136ba868b5bd637cdc1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\Q0YZVWBM.cookie

MD5 4f5be09dd1ea47e9f9dddf704ece0ec2
SHA1 1514b734261b8604f7f85a7a264bebb80834dfdb
SHA256 9b0ed2ca9a72c302335246def75bed87cddf3ca11a6c982bca84e326ebdb8a82
SHA512 e597eb3d40b3395bd8fb1439ba43521396469f08aff6bb8b85284eed640961b5d66b33c653a8c41bbcea319e2f315d0fe7853ca5a67b0c25fd3194a2e67c36ae

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CFPLCK1B.cookie

MD5 e057b60b937cf218099e627abc352664
SHA1 2d2ab10c69ae56580271e1eb99bdb8b0145efbb0
SHA256 c6c56c796aec4cd2d9bac07b97de8096c29349eb7b6729e1f2fd8fbb4d345577
SHA512 609dffc009b87accef330a9e9ef9c3061931f5129f0946656d64ad16869a815607a86db81a226048d0e09d7286af9b434dc55c4d24dc892e2412188617ae355f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\TUDIYNBI.cookie

MD5 25a757d705d296e83a4a2add9dfc322f
SHA1 b111665bfbc2c028cd19e2ef8067bb59c7f174bc
SHA256 c529f52263faba98196e4e7e130031fa381a48fe0a7cd0c932c24d0c39ada8dc
SHA512 09faa633b7288e86f74a1cbc7800605d90b3bd93f50f433447742111ec2218cb5afc0a673e55228c7ff00e747724c20c25a20334ba9099b0a50febcefd2c89d1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NK1M3ZEM\fb[1].js

MD5 1280951b6ef5fc0d70ebb6a2c5be5f3a
SHA1 37c5915367722577bd8b68fd99a3bb32920f7698
SHA256 6984ea6c3c74dcbc9ffd623a70d5e9fc08366f1548529f4ee315b72ec1942955
SHA512 79ad5917d22633a9b9639eacb1c36e3a29b13c54f2c1e43e581fb5bf5cbd95bbb8f233b6472b363d43d0e99e71b0147fe3329e01ef97a734ff7aa2ae647071c3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\JHCTYOSJ.cookie

MD5 b057e060c04e44f787451b3c60e30274
SHA1 fcb0dc73c24a082a5849ba11f1a64c3ad661e466
SHA256 26f5fce7d9c1e76c1c96c3709b0c06e080b4c5f54598e955ce9bb9af476fcd8c
SHA512 983b3057c99bedc24d53981940b2afee95c471e73eef1688401b8060b43855a48e2e2b4fbe78a1afd87c66094c72fcfc02890e49fdc1c76184aed1f7805bfc51

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\GQRA9T94\www.epicgames[1].xml

MD5 3ff4d575d1d04c3b54f67a6310f2fc95
SHA1 1308937c1a46e6c331d5456bcd4b2182dc444040
SHA256 021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44
SHA512 2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\IUY34RJV\epic-favicon-96x96[1].png

MD5 c94a0e93b5daa0eec052b89000774086
SHA1 cb4acc8cfedd95353aa8defde0a82b100ab27f72
SHA256 3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775
SHA512 f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240

memory/6168-1676-0x0000000000400000-0x000000000046F000-memory.dmp

memory/6168-1701-0x00000000726F0000-0x0000000072DDE000-memory.dmp

memory/6168-1715-0x0000000000540000-0x000000000059A000-memory.dmp

memory/6168-1726-0x00000000076A0000-0x00000000076B0000-memory.dmp

memory/6168-1757-0x0000000007FB0000-0x0000000008016000-memory.dmp

memory/6168-1842-0x00000000088B0000-0x0000000008926000-memory.dmp

memory/6168-1846-0x0000000008980000-0x0000000008B42000-memory.dmp

memory/6168-1850-0x0000000008BA0000-0x00000000090CC000-memory.dmp

memory/6168-1853-0x00000000091B0000-0x00000000091CE000-memory.dmp

memory/6168-1890-0x00000000096C0000-0x0000000009710000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TWL0BD5C\recaptcha__en[1].js

MD5 fbeedf13eeb71cbe02bc458db14b7539
SHA1 38ce3a321b003e0c89f8b2e00972caa26485a6e0
SHA256 09ed391c987b3b27df5080114e00377ff1a748793cb417a809b33f22d737fe55
SHA512 124b9f53a53ef596a54c6c04ab3be2b25d33d1ce915978ec03da8f9f294db91d41ee9091b722e462722f51f9d9455ce480e1a0cb57c2f3248c7a3a9e3b9dac58

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\3ZEBW4G4\hcaptcha[1].js

MD5 c2a59891981a9fd9c791bbff1344df52
SHA1 1bd69409a50107057b5340656d1ecd6f5726841f
SHA256 6beec8b04234097105f5d7a88af9c27552b27021446c9dbe029d908d1ff8599f
SHA512 f9d556e0f7e95e603881c5196cc2aa736eb24ed62086d09d36a9e1d6b4fec9f4c1dfb125a66bec301f57230a4242108c7c255e6aa3c6f08a3a0d75e0cf288afe

memory/5612-2373-0x00000000726F0000-0x0000000072DDE000-memory.dmp

memory/6208-2377-0x00000000726F0000-0x0000000072DDE000-memory.dmp

memory/6208-2374-0x0000000000630000-0x00000000012CA000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TCMH1DO0\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

memory/1604-2472-0x0000021921A50000-0x0000021921B3E000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\GQRA9T94\www.recaptcha[1].xml

MD5 85a894c29f9c246abb3ac20a7d21523b
SHA1 793cb587070a0df24e8d9a4d1b23cfc1107f3302
SHA256 7159602fc4d32d2eeec87315ebad518fbf4d2bde01e1d9b3937b87542988f953
SHA512 fb1e9bdd92be3603bb377a6e0b4ceb1d0a6e73ccc206dde5cd986255b3a42fc9b96eb1eccb5290e71a4b4695e37eb88406bf9546b23c39274f20c93998b0c63a

memory/1604-2497-0x00007FFD3FAD0000-0x00007FFD404BC000-memory.dmp

memory/1604-2494-0x000002193BF70000-0x000002193C050000-memory.dmp

memory/1604-2502-0x0000021921EF0000-0x0000021921F00000-memory.dmp

memory/1604-2499-0x000002193C0C0000-0x000002193C1A0000-memory.dmp

memory/7108-2519-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

memory/6168-2520-0x00000000726F0000-0x0000000072DDE000-memory.dmp

memory/1604-2523-0x000002193C370000-0x000002193C438000-memory.dmp

memory/1604-2518-0x000002193C1A0000-0x000002193C268000-memory.dmp

memory/1604-2531-0x000002193C440000-0x000002193C48C000-memory.dmp

memory/356-2559-0x0000000000400000-0x00000000004AA000-memory.dmp

memory/356-2563-0x00007FFD3FAD0000-0x00007FFD404BC000-memory.dmp

memory/1604-2566-0x00007FFD3FAD0000-0x00007FFD404BC000-memory.dmp

memory/6208-2561-0x00000000726F0000-0x0000000072DDE000-memory.dmp

memory/356-2572-0x000001D7A1690000-0x000001D7A1774000-memory.dmp

memory/356-2571-0x000001D788F70000-0x000001D788F80000-memory.dmp

memory/6860-2670-0x0000000000850000-0x0000000000950000-memory.dmp

memory/6860-2673-0x0000000000830000-0x0000000000839000-memory.dmp

memory/6856-2683-0x0000000000400000-0x0000000000409000-memory.dmp

memory/7012-2702-0x0000000002B70000-0x0000000002F75000-memory.dmp

memory/7012-2717-0x0000000000400000-0x0000000000D1C000-memory.dmp

memory/7012-2724-0x0000000002F80000-0x000000000386B000-memory.dmp

memory/6856-2846-0x0000000000400000-0x0000000000409000-memory.dmp

memory/6232-3483-0x00000000726F0000-0x0000000072DDE000-memory.dmp

memory/6232-3485-0x0000000002C50000-0x0000000002C86000-memory.dmp

memory/7108-3486-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

memory/6232-3488-0x0000000006960000-0x0000000006970000-memory.dmp

memory/6232-3490-0x0000000006FA0000-0x00000000075C8000-memory.dmp

memory/356-3492-0x00007FFD3FAD0000-0x00007FFD404BC000-memory.dmp

memory/6232-3496-0x0000000006960000-0x0000000006970000-memory.dmp

memory/6232-3505-0x0000000006F70000-0x0000000006F92000-memory.dmp

memory/6232-3509-0x0000000007680000-0x00000000076E6000-memory.dmp

memory/6232-3518-0x0000000007860000-0x0000000007BB0000-memory.dmp

memory/6232-3538-0x0000000007CC0000-0x0000000007CDC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cit3qdr1.2u5.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/6232-3607-0x0000000008190000-0x00000000081CC000-memory.dmp

memory/356-3671-0x000001D788F70000-0x000001D788F80000-memory.dmp

memory/6468-3677-0x00007FFD3FAD0000-0x00007FFD404BC000-memory.dmp

memory/6468-3680-0x000001FAE4EC0000-0x000001FAE4ED0000-memory.dmp

memory/6468-3683-0x000001FAE4EC0000-0x000001FAE4ED0000-memory.dmp

memory/6468-3693-0x000001FAE4E20000-0x000001FAE4E42000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6AQAH254\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

C:\Users\Admin\AppData\Roaming\uaaebti

MD5 dcbd05276d11111f2dd2a7edf52e3386
SHA1 f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec
SHA256 cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4
SHA512 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846

C:\Users\Admin\AppData\Local\Temp\tmpB7DD.tmp

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\tmpB812.tmp

MD5 5be96e311859379e2bf53d4ca9b3292c
SHA1 7da91b40529fcba8bc68442aa06ea9491fdbb824
SHA256 c46a65bf3fc90038a2d876d103dbe658259594e90fddc223951cddb9ac9af99c
SHA512 a39d3c2c45deb0509ffeab971b096a90748f0fa6e3f1bacea6f8c9dfcae985ad1b45d5d48306ce06d065e92063e8156fea44c0a87e9ca99bae6838fd53edb057

C:\Users\Admin\AppData\Local\Temp\tmpB85D.tmp

MD5 d367ddfda80fdcf578726bc3b0bc3e3c
SHA1 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671
SHA256 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0
SHA512 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77