Malware Analysis Report

2025-03-14 22:03

Sample ID 231213-1ebxsaheak
Target 4cfa1545260df040cb0dcf90682ba03c542cee36171b144b0d79f2c9b4bde69f
SHA256 4cfa1545260df040cb0dcf90682ba03c542cee36171b144b0d79f2c9b4bde69f
Tags
google persistence phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4cfa1545260df040cb0dcf90682ba03c542cee36171b144b0d79f2c9b4bde69f

Threat Level: Known bad

The file 4cfa1545260df040cb0dcf90682ba03c542cee36171b144b0d79f2c9b4bde69f was found to be: Known bad.

Malicious Activity Summary

google persistence phishing

Detected google phishing page

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

AutoIT Executable

Drops file in Windows directory

Unsigned PE

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Modifies registry class

Suspicious behavior: MapViewOfSection

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-13 21:33

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-13 21:33

Reported

2023-12-13 21:36

Platform

win10-20231020-en

Max time kernel

150s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4cfa1545260df040cb0dcf90682ba03c542cee36171b144b0d79f2c9b4bde69f.exe"

Signatures

Detected google phishing page

phishing google

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1uV23TM5.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\4cfa1545260df040cb0dcf90682ba03c542cee36171b144b0d79f2c9b4bde69f.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vk8nB40.exe N/A

AutoIT Executable

Description Indicator Process Target
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\NumberOfSubdoma = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.epicgames.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\recaptcha.net C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\epicgames.com\Total = "15" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\paypal.com\NumberOfSubdoma = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\recaptcha.net\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\c.paypal.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "26" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3d5160270c2eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steamcommunity.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "409316779" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b6d744050c2eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\NumberOfSubdomains = "2" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz! C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\epicgames.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypalobjects.com\NumberOfSub = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\recaptcha.net\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.paypalobjects.com\ = "115" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hcaptcha.com\NumberOfSubdomai = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steampowered.com\NumberOfSubd = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\paypal.com\Total = "223" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 36a2cd040c2eda01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.paypalobjects.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2640874492-649017405-3475600720-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 368 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\4cfa1545260df040cb0dcf90682ba03c542cee36171b144b0d79f2c9b4bde69f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vk8nB40.exe
PID 368 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\4cfa1545260df040cb0dcf90682ba03c542cee36171b144b0d79f2c9b4bde69f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vk8nB40.exe
PID 368 wrote to memory of 4128 N/A C:\Users\Admin\AppData\Local\Temp\4cfa1545260df040cb0dcf90682ba03c542cee36171b144b0d79f2c9b4bde69f.exe C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vk8nB40.exe
PID 4128 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vk8nB40.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1uV23TM5.exe
PID 4128 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vk8nB40.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1uV23TM5.exe
PID 4128 wrote to memory of 2856 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vk8nB40.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1uV23TM5.exe
PID 4128 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vk8nB40.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2cW0293.exe
PID 4128 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vk8nB40.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2cW0293.exe
PID 4128 wrote to memory of 820 N/A C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vk8nB40.exe C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2cW0293.exe
PID 4120 wrote to memory of 2128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2348 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2688 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 2128 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 1056 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 1056 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 1056 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 4016 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 1380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 1380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 1380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 1380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 1380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 1380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 1380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 1380 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 5740 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 5740 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 5740 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 5740 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 5740 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 5740 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 4120 wrote to memory of 5740 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4cfa1545260df040cb0dcf90682ba03c542cee36171b144b0d79f2c9b4bde69f.exe

"C:\Users\Admin\AppData\Local\Temp\4cfa1545260df040cb0dcf90682ba03c542cee36171b144b0d79f2c9b4bde69f.exe"

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vk8nB40.exe

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vk8nB40.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1uV23TM5.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1uV23TM5.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2cW0293.exe

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2cW0293.exe

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 accounts.google.com udp
BE 64.233.167.84:443 accounts.google.com tcp
BE 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
IE 163.70.147.35:443 www.facebook.com tcp
IE 163.70.147.35:443 www.facebook.com tcp
BE 64.233.167.84:443 accounts.google.com tcp
BE 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 136.203.100.95.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 93.184.221.240:80 tcp
US 92.123.241.50:443 store.steampowered.com tcp
US 92.123.241.50:443 store.steampowered.com tcp
US 8.8.8.8:53 static.xx.fbcdn.net udp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 facebook.com udp
IE 163.70.147.35:443 facebook.com tcp
IE 163.70.147.35:443 facebook.com tcp
US 8.8.8.8:53 twitter.com udp
US 8.8.8.8:53 fbcdn.net udp
IE 163.70.147.35:443 fbcdn.net tcp
IE 163.70.147.35:443 fbcdn.net tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 50.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 fbsbx.com udp
IE 163.70.147.35:443 fbsbx.com tcp
IE 163.70.147.35:443 fbsbx.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 220.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
GB 104.77.160.220:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 127.158.103.104.in-addr.arpa udp
BE 64.233.167.84:443 accounts.google.com tcp
BE 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 www.epicgames.com udp
US 8.8.8.8:53 www.paypal.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 abs.twimg.com udp
US 152.199.21.141:443 abs.twimg.com tcp
US 152.199.21.141:443 abs.twimg.com tcp
US 8.8.8.8:53 141.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
FR 216.58.204.68:443 www.google.com tcp
FR 216.58.204.68:443 www.google.com tcp
GB 23.214.154.77:443 steamcommunity.com tcp
GB 23.214.154.77:443 steamcommunity.com tcp
US 3.223.35.178:443 www.epicgames.com tcp
US 3.223.35.178:443 www.epicgames.com tcp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 77.154.214.23.in-addr.arpa udp
US 8.8.8.8:53 178.35.223.3.in-addr.arpa udp
US 104.244.42.65:443 twitter.com tcp
US 104.244.42.65:443 twitter.com tcp
US 8.8.8.8:53 118.138.160.3.in-addr.arpa udp
US 8.8.8.8:53 64.130.160.3.in-addr.arpa udp
US 8.8.8.8:53 ocsp.r2m02.amazontrust.com udp
US 3.160.130.27:80 ocsp.r2m02.amazontrust.com tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
IE 163.70.147.23:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 27.130.160.3.in-addr.arpa udp
US 151.101.1.21:443 www.paypal.com tcp
US 151.101.1.21:443 www.paypal.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
FR 216.58.201.110:443 www.youtube.com tcp
FR 216.58.201.110:443 www.youtube.com tcp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.youtube.com udp
FR 216.58.201.110:443 accounts.youtube.com tcp
FR 216.58.201.110:443 accounts.youtube.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
FR 216.58.201.110:443 accounts.youtube.com tcp
FR 216.58.201.110:443 accounts.youtube.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
US 92.123.241.50:443 store.steampowered.com tcp
US 92.123.241.50:443 store.steampowered.com tcp
BE 64.233.167.84:443 accounts.google.com tcp
US 8.8.8.8:53 static-assets-prod.unrealengine.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
GB 13.224.81.88:443 static-assets-prod.unrealengine.com tcp
GB 13.224.81.88:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 community.akamai.steamstatic.com udp
US 8.8.8.8:53 tracking.epicgames.com udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 3.232.181.43:443 tracking.epicgames.com tcp
US 3.232.181.43:443 tracking.epicgames.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 133.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 88.81.224.13.in-addr.arpa udp
US 8.8.8.8:53 221.160.77.104.in-addr.arpa udp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 86.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 43.181.232.3.in-addr.arpa udp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.1.35:443 t.paypal.com tcp
US 151.101.1.35:443 t.paypal.com tcp
US 8.8.8.8:53 35.1.101.151.in-addr.arpa udp
GB 13.224.81.88:443 static-assets-prod.unrealengine.com tcp
GB 13.224.81.88:443 static-assets-prod.unrealengine.com tcp
US 8.8.8.8:53 c.paypal.com udp
US 151.101.1.21:443 c.paypal.com tcp
US 151.101.1.21:443 c.paypal.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 151.101.2.133:443 www.paypalobjects.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.154.77:443 api.steampowered.com tcp
GB 23.214.154.77:443 api.steampowered.com tcp
US 8.8.8.8:53 www.recaptcha.net udp
US 8.8.8.8:53 b.stats.paypal.com udp
US 64.4.245.84:443 b.stats.paypal.com tcp
US 64.4.245.84:443 b.stats.paypal.com tcp
GB 142.250.200.3:443 www.recaptcha.net tcp
GB 142.250.200.3:443 www.recaptcha.net tcp
US 8.8.8.8:53 129.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 2.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.245.4.64.in-addr.arpa udp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
GB 104.77.160.221:443 community.akamai.steamstatic.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
FR 216.58.201.110:443 accounts.youtube.com tcp
FR 216.58.201.110:443 accounts.youtube.com tcp
US 8.8.8.8:53 200.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 dub.stats.paypal.com udp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 64.4.245.84:443 dub.stats.paypal.com tcp
US 192.55.233.1:443 tcp
US 192.55.233.1:443 tcp
US 8.8.8.8:53 c6.paypal.com udp
US 192.229.221.25:443 c6.paypal.com tcp
US 192.229.221.25:443 c6.paypal.com tcp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 talon-website-prod.ecosec.on.epicgames.com udp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 172.64.146.120:443 talon-website-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 120.146.64.172.in-addr.arpa udp
FR 216.58.204.68:443 www.google.com tcp
FR 216.58.204.68:443 www.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 talon-service-prod.ecosec.on.epicgames.com udp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 104.18.41.136:443 talon-service-prod.ecosec.on.epicgames.com tcp
US 8.8.8.8:53 steamcommunity.com udp
GB 23.214.154.77:443 steamcommunity.com tcp
GB 23.214.154.77:443 steamcommunity.com tcp
US 8.8.8.8:53 136.41.18.104.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 104.19.218.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 104.19.219.90:443 newassets.hcaptcha.com tcp
US 104.19.219.90:443 newassets.hcaptcha.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 api2.hcaptcha.com udp
US 104.19.218.90:443 api2.hcaptcha.com tcp
US 104.19.218.90:443 api2.hcaptcha.com tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
FR 216.58.201.110:443 accounts.youtube.com tcp
FR 216.58.201.110:443 accounts.youtube.com tcp
US 8.8.8.8:53 api.steampowered.com udp
GB 23.214.154.77:443 api.steampowered.com tcp
GB 23.214.154.77:443 api.steampowered.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 96.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
FR 216.58.201.110:443 accounts.youtube.com tcp
FR 216.58.201.110:443 accounts.youtube.com tcp
US 92.123.128.185:443 www.bing.com tcp
US 92.123.128.185:443 www.bing.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
GB 172.217.169.86:443 i.ytimg.com tcp
US 8.8.8.8:53 150.1.37.23.in-addr.arpa udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 185.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 52.168.117.173:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 190.178.17.96.in-addr.arpa udp
IE 163.70.147.35:443 fbsbx.com tcp
IE 163.70.147.35:443 fbsbx.com tcp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Vk8nB40.exe

MD5 3ce504d5d17e0b7792ee5ea9d30100e6
SHA1 6ccb1929469fa523b868cacabe4d7ad6cf4659e6
SHA256 aebf05d5cfffbb758c464a6c3e61690ca938a36ed0ca47ebbdda9d33ac726a52
SHA512 2df896da2cbdf0451672de8552926913544f63cef7d19e7b0ada6adefc2f8db23dcf180dad50d43a9d06b500c3c4b292c136863e2bbb3a698fbc528cda1ffec5

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1uV23TM5.exe

MD5 6f9254d1aee27e4fa75e703921067253
SHA1 fbfd2221e9dd8935e8996d0a73b32f8d195acf99
SHA256 494c8302bca54bfb0a7cf82f37c60edf49d6bfd1cae89ab051f184397665ed42
SHA512 a853d9635cb5cfb14500d3f50b5ffb47ae113958340d919f6092c27ce54020291eeca183a9917f9363e1484d6228b343fc39ef875c622d7c9c00b38d1d672038

memory/1040-14-0x0000022944920000-0x0000022944930000-memory.dmp

memory/1040-30-0x0000022944E00000-0x0000022944E10000-memory.dmp

memory/1040-49-0x0000022944CC0000-0x0000022944CC2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2cW0293.exe

MD5 1a02cb5a4b9e6721deae917c9eafe523
SHA1 d62940137a23f5cc5a1ee15cdeaa32246c9000cd
SHA256 f9baf8fffc152dde87aff59a9d03cdbf7f27623ff4e65028bd4fff56be5fb75a
SHA512 6d328d3203ef1f6fde27780ea7e45bd4e77755c8807b52c83932e7be4b2b2786e3c7dc56fe34f5d542d6469b29434ba9047fd2da5e8ea835b7b82fd36cbed669

memory/820-61-0x0000000000D00000-0x0000000001241000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 17e08dae4c81405efffc013522e80951
SHA1 85e38f0daba6a6c19c238dd5a4b5c8bd37840f2f
SHA256 8f87800437aae1401cf64b7a4059927610311a4df79640a04ee02f86c13bef51
SHA512 a0ab14662d68e57be659d0685ab976275663451d0e0e1bd74402d7052380282d2e818aa645ab483ff8f677c66cb583793410d49c989aeb15e3278322e404d2ca

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 8ca3a90d3fa2859ee0f1c18b882acddc
SHA1 85dd04cc6e9f0b71e37a2e1a51393e2040e78dbf
SHA256 27c25e1d8c014664c0fdc9a258a1fcef4a93a7c7b38186cf49ad3001ff4e1b55
SHA512 fe7ba800c2ae7262708907fcafbe143ddfc5bda3836b1c8f1848f710d66979ebdc33cf1cecebaa57bdfc098295ba50da20ee7c73d2725629877ba304d8894f69

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6e9d89de5050045cb312ba3d538449bb
SHA1 3304826495fed794571952799f818e09484242d8
SHA256 06bfd8988015488066c3c7632a7adc400123c944c403a7d9646242f8c3e47b23
SHA512 b09b2453016284abc82f272fb4c6d4b0bd60d31b991af41a77c88e56cc8fb6f043666953640fbc13d92cd47cf0e669c7d5179766bbef86a1397f0a5701e308ee

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 81d58a332ad6e76642eb6d327708b6fe
SHA1 c63993201260a3ae654c3249304d4d769ee5d400
SHA256 f750232f4aeafd35675e2d7f9a0fcc74d00e918919912105a268ba88d2d8ff57
SHA512 e6f5b03331fa0b6490fcdd596394d02e0d39ec80f54f9e3b84c74719cac419aa7fd787bb3115ee20879c809f8c1b120033c6bd4f75ed37e929e336a3068790f4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 4d4a0443567df3de0a0bf7a96d715e93
SHA1 8607d165d714017fd5d18849aac78d8544ebd0dc
SHA256 7992a5d199f8658b4bbfa05277243c4a4de85f61b2f25cf924feec370d8f315e
SHA512 50ee0330afd4c80fe1a9e082e77011e08c0c2de796c9e3f59f67287f5c8536282c48a37984049950cbd10f1c4fbc2c3e29745ef3a705f886370fb01b328d7c78

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_BFB422D89E28A298A60024A8D8A2EA06

MD5 292a2181c0bb96e2b3f1d4b76bb2008b
SHA1 e7ccfcfdb2a51144fe41f6a7611c7913714fa0a4
SHA256 cc4adc6f1a0b85726388dbd96c9a601cfc178a4f10f01febca9c29f43b4eacb1
SHA512 d87b0d69e9faf019725a176fe9e4b86c1db7a6edde357cce8ef5c0cf5e5796fabb3386769a0f62e6ba29255c87cccd07571ecc0dd7b2ca9af6b69f3cb50a3ef5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_BFB422D89E28A298A60024A8D8A2EA06

MD5 4df5b2314bb8e8ec24db342b1b0d32d5
SHA1 f71320a14077894d40e59616ebc2402a6ad17e1b
SHA256 b7eaff10ce74be5f8578d1e0e291029dd1375035491ffa32e4d64d898ac42b04
SHA512 f545f4f9a69e3c7333f76a785cbed26dad6a890f35a1f2b38ba775139a39f0299a22161e8224347b6e2845849bd8135b5e6576817fa723c57c5a3c3f2983b5ea

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\WNPS8YWO.cookie

MD5 c51408b827e014f4e4366f09d0777da3
SHA1 b03bdcd9a96dc2e73a08a5f2cadc379e18cdeb32
SHA256 72896885733a17fabe0e0bbc9b690630ee69bc4ee40b639b7db19dbbd102ebd1
SHA512 aed9c39990e293158cd1f45476b605ef52ea1b65c1313822cceb2f225322ad7b823d5ceb803e34852c9058d8e5669b1b52f9a7212b5e2fafc84d3f2b091f3ff4

memory/2128-159-0x000001C06DB70000-0x000001C06DB90000-memory.dmp

memory/2128-203-0x000001C07E9F0000-0x000001C07E9F2000-memory.dmp

memory/2128-210-0x000001C07E2D0000-0x000001C07E2D2000-memory.dmp

memory/2128-218-0x000001C07FBA0000-0x000001C07FBA2000-memory.dmp

memory/2128-220-0x000001B8007B0000-0x000001B8007B2000-memory.dmp

memory/2128-223-0x000001B800910000-0x000001B800912000-memory.dmp

memory/2128-246-0x000001B8009D0000-0x000001B8009D2000-memory.dmp

memory/2128-255-0x000001B8009F0000-0x000001B8009F2000-memory.dmp

memory/2128-260-0x000001B800A50000-0x000001B800A52000-memory.dmp

memory/2128-265-0x000001B800A70000-0x000001B800A72000-memory.dmp

memory/4016-315-0x0000025BEE150000-0x0000025BEE170000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_9E9C5BD522DEAFF0AF9BF0B0877DDF33

MD5 9d907b78721a9732a680c2f2177d778a
SHA1 fe39c0a780e63493536c9a78581957d6afd7b317
SHA256 f2ba0c72022ef5e3d2ae3f2fdc4dcfaa2dac5942fa9be470b17102c7438cc00e
SHA512 cae5d6b0d8f4c097e1190eb4f407a4fa0bad886ca8c10176d82fe654f58170d1e301acecf8e2448aaf2f317f0efb747b407af2d487780a332a604865218b8947

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_9E9C5BD522DEAFF0AF9BF0B0877DDF33

MD5 1da29ddbe5abd42f4e96153567610cfe
SHA1 5bd96ecfc6438b0eab3d2a5b87a4fc59c1a870f5
SHA256 b36822cde05c149ed25e69fde4267cd895f6f6bef3c8454980f1d0b5a3ca1ad9
SHA512 9ef370772dff689df83ea16dd5f02d1fc0e1c70f482f98a1c6ab42a61cd68eb519bce12e4a1cc4e2a35f887bddffbbc94f8e0b08ef28ad706d43c5e6dc460af3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XK1TSIJX\KFOkCnqEu92Fr1MmgVxIIzI[1].woff2

MD5 987b84570ea69ee660455b8d5e91f5f1
SHA1 a22f5490d341170cd1ba680f384a771c27a072cd
SHA256 6309b0265edb8a409b1a120036a651230824b326e26a5f24eca1b9f544e2a42f
SHA512 ffe0b8643f3664dbb72f971c7044d9f19caa59658321989a6a507ae9a303b2c4c1c95ddc745b53835aa90e56a5ef5c4a442b107ad1933e39af3d55618fd436c9

memory/2128-479-0x000001B803DB0000-0x000001B803DD0000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XK1TSIJX\KFOlCnqEu92Fr1MmSU5fBBc4[1].woff2

MD5 55536c8e9e9a532651e3cf374f290ea3
SHA1 ff3a9b8ae317896cbbcbadfbe615d671bd1d32a2
SHA256 eca8ffa764a66cd084800e2e71c4176ef089ebd805515664a6cb8d4fb3b598bf
SHA512 1346654c8293a2f38dd425ad44a2aa0ed2feab224388ab4e38fb99082769bbd14d67d74cac3ce6e39a562a0812f9bce0a623be233f9632dcb8d5d358e42f2186

memory/2688-531-0x00000291D4C00000-0x00000291D4C20000-memory.dmp

memory/2688-534-0x00000291D4890000-0x00000291D4892000-memory.dmp

memory/2688-546-0x00000291D7270000-0x00000291D7272000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CMX8GHR9\KFOmCnqEu92Fr1Mu4mxK[1].woff2

MD5 5d4aeb4e5f5ef754e307d7ffaef688bd
SHA1 06db651cdf354c64a7383ea9c77024ef4fb4cef8
SHA256 3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
SHA512 7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

memory/4108-596-0x000001D200B80000-0x000001D200BA0000-memory.dmp

memory/2128-616-0x000001C06D270000-0x000001C06D280000-memory.dmp

memory/2128-617-0x000001C06D270000-0x000001C06D280000-memory.dmp

memory/2128-620-0x000001C06D270000-0x000001C06D280000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CMX8GHR9\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2

MD5 285467176f7fe6bb6a9c6873b3dad2cc
SHA1 ea04e4ff5142ddd69307c183def721a160e0a64e
SHA256 5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
SHA512 5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XK1TSIJX\KFOlCnqEu92Fr1MmWUlfBBc4[1].woff2

MD5 037d830416495def72b7881024c14b7b
SHA1 619389190b3cafafb5db94113990350acc8a0278
SHA256 1d5b7c64458f4af91dcfee0354be47adde1f739b5aded03a7ab6068a1bb6ca97
SHA512 c8d2808945a9bf2e6ad36c7749313467ff390f195448c326c4d4d7a4a635a11e2ddf4d0779be2db274f1d1d9d022b1f837294f1e12c9f87e3eac8a95cfd8872f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XK1TSIJX\4UaGrENHsxJlGDuGo1OIlL3Owp4[1].woff2

MD5 923a543cc619ea568f91b723d9fb1ef0
SHA1 6f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256 bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512 a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 c76ae28539bb5811ef0227064f4da745
SHA1 7e75f7467dfbdcc7f7e28f7f92504db71fd520d1
SHA256 5585651f70234d82789fef8296d067dc6feb419450ee578a262bc4337747cb9e
SHA512 e242c225eb38e3e2f8cf239f8dbfb5748967b87f7a042d01f0994c1364070dded4c85d366696b3ab305d43d70f30b497b383e9b9e7f4f921081347ea80efe48f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

MD5 6629b146974069698b3a3ff3d193f5b6
SHA1 fa3723e476c1a910efcf65949027e520be1cc692
SHA256 51250353ab4370880f344402d3b592f0dbc87bf5c64b9264af0a6817267975cf
SHA512 4dcd087441a9e778a6568a9b7cbd206e2e4a1d30dd90de90c56f1e4e626cd4ec96e5a7e3eddaa7ef530ae56c6b4474e7011775125bea5e0e5fc83c71d7943438

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\H1BTR0V8\4UabrENHsxJlGDuGo1OIlLU94YtzCwY[1].woff2

MD5 7d75a9eb3b38b5dd04b8a7ce4f1b87cc
SHA1 68f598c84936c9720c5ffd6685294f5c94000dff
SHA256 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7
SHA512 cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AKS0WW46\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OL0FCI3X.cookie

MD5 0ec24ecd7ef3296de7a00cc269800034
SHA1 0f503fced440a96ef49819440b33c3841331e7b3
SHA256 29c0097449d1d00dbc42a0b0af0937a97ef9418705066f1f0abf33307f18ad26
SHA512 b4e148e69be8c41e77b64b1406718fa6db5d2d8b739d091e850f6e766b4e798a2afdaf4e6e5361c303c6c660e218635959518ccaef639137793eedea17123ca4

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IZ3Q99YF\UDKZWJ2P.js

MD5 4ece21b93c551c6454b930dba464456a
SHA1 614894c3efc18f55f5ff92db06d01a8b9c8432c3
SHA256 9bf37c093c124ef95d570f84334962fccba8e191692d000d7332273c44daa7f8
SHA512 87d332c4bc70f9de56c581253e8b101387cf594decd764f772f7c1b41a9ac817dd9f37b81d29a2ef277dae153806d83b12b279e811e1f9a9471be2a975fe9ba3

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\S0R15VF3\favicon[1].ico

MD5 630d203cdeba06df4c0e289c8c8094f6
SHA1 eee14e8a36b0512c12ba26c0516b4553618dea36
SHA256 bbce71345828a27c5572637dbe88a3dd1e065266066600c8a841985588bf2902
SHA512 09f4e204960f4717848bf970ac4305f10201115e45dd5fe0196a6346628f0011e7bc17d73ec946b68731a5e179108fd39958cecf41125f44094f63fe5f2aeb2c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\S0R15VF3\B8BxsscfVBr[1].ico

MD5 e508eca3eafcc1fc2d7f19bafb29e06b
SHA1 a62fc3c2a027870d99aedc241e7d5babba9a891f
SHA256 e6d1d77403cd9f14fd2377d07e84350cfe768e3353e402bf42ebdc8593a58c9a
SHA512 49e3f31fd73e52ba274db9c7d306cc188e09c3ae683827f420fbb17534d197a503460e7ec2f1af46065f8d0b33f37400659bfa2ae165e502f97a8150e184a38c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 9c3a3b00c4b1fa124e969e3b6f429793
SHA1 32c8e9c39fc6e32ac37d6f0e2354a346d1c5e6cf
SHA256 585aa52246369c7adc392405935be33294f67c77a63d4fe922cb3f517092c6ff
SHA512 1d731ccddce1221e98a971fb4a5f6bca17d1cf5ff22704018c36a20032056752b63121fed08fd9696731a586b55e62bc39526353215bf69e60b52987d2e726e4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_9FBD3BA6168F3C4317F2AAB1E548FE96

MD5 4f4649e7f7590f371812ad364c8a6ba9
SHA1 e3169b96213c947d7d45616c96a44235560b3311
SHA256 de342e283d024a5b7047a2879e92fbf03fac6b96cbf4db94229446973762facb
SHA512 8d9c515a4f11050cf0d76bb07c398429454a1fd116676e1b20178cf795fcf9cc53224548530c1312ff7aac8f1314db7340604429c10f40af8abaf31c16668e99

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_9FBD3BA6168F3C4317F2AAB1E548FE96

MD5 af4e4c10bd3337ef79dbc2f4e5448112
SHA1 7f9e721a0c76b5134f37681d03d296a8370407c3
SHA256 e607fb48dfb62228cc692cdd8556e0c41ac0d244a9737572db37545a498f2e22
SHA512 c3f83747643dfeb7da6d48dcb7d425c7c0bca4c06fbf91fa4a23044ee6de72b3a6a64fffa66b093f41b5167fb65a994b3034c73e09cb1ef94acf0a9f7659b94d

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_9FBD3BA6168F3C4317F2AAB1E548FE96

MD5 c37dbd53bab5ed6aea3784b77a8ff646
SHA1 ee8eb4c67b29ad23bce109d919359587f7734358
SHA256 aad71e00dbfddcad937c32fd3d52a8307f5a3587e95ac11bc113087d9e61e86f
SHA512 a4a7b2856c742925189dabf46655002b786ecffe2c044bebe5fc495c856bbfdb893df3dc33e26d5f89ee6f169a5c90b039b6b27034dd8a13a6e430662e18bab0

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CCM0Y78N.cookie

MD5 5e4cff4a349d77efbdd0897ea51cb630
SHA1 f5e51529bf3ad958e18016672cae20ca2f7f08ef
SHA256 1163a3a4d9d10417c5b73925d12d0776d3152a8a8face931e0ef93e082c87594
SHA512 b3d16ca58214e695f4484610344a06192c321b96123bf2ca5cab81fde419a117371a8855cb4cdbee19520f56ea6d6f38d5fb43c05ea420a6c3c668ccbd554a92

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\VXABGSKK.cookie

MD5 b0bfdb1ccfb388b9be55c87fa9640de2
SHA1 a1f94b818da387710c81572c66eb0ddafcc3053a
SHA256 ff7f68f5bd2907c83dac4793b167f76aef426beffab58f314f6280207f71fdfd
SHA512 66fc5ff7d38165d23d3a5182413843407363c61b5f1fec8ab70ceb1c43eea8da9a6897417e906d190e3f720c497565c9ff341b9bef194dd581b7c7ab4a87ff88

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\ZPBNDUQH.cookie

MD5 307c563543694b94b71281773986bcc6
SHA1 454814239fff69ba361a2a3d649da57fbbe4c927
SHA256 25b08a5c05bd6f2b592a41ee8d62b8fc7b6942f5977cec0268f35ded630e938a
SHA512 301897417de7b831d789f269a04232534db587e17da6d7f49b5ee5b1806ce9e91c83a6dac3aa4f2b216b730f744b7208421c92b08c2beddbf08fd37b5350cb87

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\w5jpznu\imagestore.dat

MD5 b825ef6962cd0eaa316abbce06532ac4
SHA1 75681dbf04a88c5c404f268d26b75e32695d0427
SHA256 df66bc7d7643166b008de6339f08f644f40aa4590cb26db35b17689a88a933c2
SHA512 d028354b73c4ecfacbca3c44642c2558b2ed5636dde95d884351be26529a186a88f57574130b59caa13fc05662ab291490ac855e4af123487f256e653ce52e84

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2VKIIL74.cookie

MD5 590c53a2c64ce391f3b58334a3f02e38
SHA1 a9abd5f06853602fba4d0bd67c60188458418de6
SHA256 99f94e6cd336eba4b2b72f3de53077b11c055eaebf66bd3d7a8b1507291e163e
SHA512 9911ed824be93b81c3986019a329bb59b38e189edbd2d2240aeb25f03f4d3a07fae9b9b8939293e836683787be8c374c7d2a5e34307ec1e7b7cca170c15c574c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_9FBD3BA6168F3C4317F2AAB1E548FE96

MD5 041e3c82018a8fdf58754957d3c5085a
SHA1 b52f66ea1174baa64c33c8f99c8a2d57ff4e280d
SHA256 925c1bd44f17544c13c55998ec6ce0dbc535d31f15b558116c045d413112f754
SHA512 465993d96af2e7f603a5885b229ac64c94bdcd5f744fc7824dce2cd5a3c093d93103f6a71246cddbc80b47c4d929d1aee8045f9f0da85e12efdaf5bbcdf45dac

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EHS2E2LZ\favicon[1].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\4RUU672S.cookie

MD5 eb2878f0a05d5d4b276e7ee66d653277
SHA1 111c6d795b7729ed4e2a618b6a8e3644f2fc7491
SHA256 832ddb5519ef2a00767af8c56905fb7f46a52095ef39ded851bbb14879ef4d0d
SHA512 04ea67729c2b0bc1d8bac05e270d5713e4d1b77c639728b211c96b1bb6cc753232091a8ee9ff85266ab958e1318bd88b724b02112a2d430ea5accddd6cf7e6a9

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\LNQZL9N1.cookie

MD5 1e43046266c49a8c1f53483c4afe7666
SHA1 8654bd4a135dda52230799834695a7f1cad99f44
SHA256 735e5c3ee95961dcdbd3adb3f0709f44770a59c23ecddf4935c579418655494a
SHA512 0936027280644ab2fbd3032da542dcfd623546c60b2e9b29775e69001bd8dbcaf328b46040444305767f5bff027d04db250caa00d7fdfad29954490a91ae3b72

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\HTWUBIKI.cookie

MD5 cfaaab04692ace1cdcbf06371b3ceef4
SHA1 c3c002d8e8e49d797877f210e5cb7af78f50c96d
SHA256 96ce78a2f5eaa2c083c381e83bac83bc70a0e227967677fed668d381630ac9e4
SHA512 0ac5c320ea061943b3c320a6f8fa427a2e811a2b25836d6fa6b28f19e5004d23b2071964acae65a8c44cbbd4d70f5d79f5d20be0372a424f1a2dca95b89fa6d7

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\O0KF8MJ6.cookie

MD5 6829b855a5d874b5b12e8be7b9670dd5
SHA1 61602ff893056a38af1e56ae5a44755e80998218
SHA256 d0b21de70e5b0f608a250a3e7ca155a74067ea867526d1bf949c0e1b06d3783b
SHA512 ae244325c6742e80be0b4594336eea656e03a9b529ad9fc40099d4b80c6a70eab54f35a0af7311e823dac5e7fff79ea7e18260f1f68cff8e4312f3c6d9ba4ff5

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\199F8O7A.cookie

MD5 abdecd3ef11d5e8d29b8bfe8870e186a
SHA1 1d9597d8ef0e22e57c9cbd023cd85dc1b03c5aaf
SHA256 43297b0d696cac7f472823aaf0d7eadbb5ca3a476a9d560d6183b2dd22423b79
SHA512 96b4585d87c2096ed4fa9adcc5717d81c6f3c483fcb3d5a710030cefae8f1013b647e4d803c260fd6aecf4a22f2b93d50407172d15449d3447a38d978b677628

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 60fe01df86be2e5331b0cdbe86165686
SHA1 2a79f9713c3f192862ff80508062e64e8e0b29bd
SHA256 c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8
SHA512 ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 4c4d656172093eb7f842627abd52422c
SHA1 5a80bdbd97a8bbb9fb1dd69ae69d700f3c378f3b
SHA256 64879b8e4bf43f806562b61bd65fdad2389c0278c14324c5928fe612c8e0b2dc
SHA512 14d3dfe9411836964b5c9c26974a50c9e2a9a046c0c7170d4a1f89c8ea7b22184706be4c0eb9b5b79610fa123bf04e0fefde5077e6f2e2bf431fc5efbe823b5e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\57HQBMCV\www.epicgames[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CMX8GHR9\m=_b,_tp[1].js

MD5 ed90ed186714d6ac0df4e089a7dccbd2
SHA1 7be5881403f2d8c0bacbbb7878a62f59240b5ec3
SHA256 e3186f7bdbf43d62e6abe2fcb5992e3629a83d799f117302bbc4f75d2d230ca0
SHA512 6123dcec9cd9c34acb5ec02852f5240410af6d3e281700afb7313513d82375b45b66fe56a542505e4c1355d16c749645dfc154f6ad6d4865296056a2b215b969

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\RZ2RD6JA.cookie

MD5 26c06ce7add8776c06ad468f783d73eb
SHA1 a6f0b96120c4dc4b5027453b2a3712c5cb46f187
SHA256 db2f00f7d65dc374aca024b5fd1a36ac1a51c13b3e1507911fa401f3ec325212
SHA512 9be7abf112aa3f7ea9d1c59a89d7102aaf4aadd2ffcc3821a76749adb664338e2ab5612ecd0f45a18715007cd61cd9355458c11a4b9937509a42ebc0f5e46b1f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\XDO8KKTL.cookie

MD5 43466e588062cc2eaf3b0504296614a1
SHA1 7aceda541f8de7f20cb91b04056bba1a4d53cbf2
SHA256 8b327d7d3183ad722a531eff6285f3cfc131bf34930d529b3b3d62beee20f71f
SHA512 7ea98d567620bdca21756993761979f06c1c66fd87e60920f4907fd990a555f6c465e95c81f55fb48a406e196394f07e9bec15fa678d1afa32f17ed38bf8122b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\57HQBMCV\www.epicgames[1].xml

MD5 ddf706a7dc88e5d7909645317798aef7
SHA1 902e22c86a80cf0502bd006ead3e660931f680f9
SHA256 d2d8ce452a20c9c21d19d53f3b07b25e86e0de5d8cec75e7f670d7dcb3de78f4
SHA512 8e4a31c3a228206c20d168f86fa51d17247bca3617717895c8e1032833f6b50ffde9b8b719f7c6367ea1e8f8718fd4b3acc4fe969ba3fbe8d7158c9add10a247

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IZ3Q99YF\m=byfTOb,lsjVmc,LEikZe[1].js

MD5 74dc5b13acaf933d8a5c9cd873a11916
SHA1 2933659b5ecb957b5bb7e9dcadd8b09786380375
SHA256 b2b20c7433348b3e8c6db1df8df0acb9f011fa5179c8026048eb3c41ffe44fa7
SHA512 81ce78e4c01aa83c6ba7a547d50197fcca5231b478e3178b4bb750b47ce116d10c28256b8540fa5bb713ab3864d14d1e68ec3042ce6a87a2c6ad1e778ef5d061

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\0KKQ6LDH.cookie

MD5 f035c647b6ca11f8d03ede070202778f
SHA1 7d6d483ff55660937d31fbae10e19636e5e8c3f2
SHA256 44e26dc1501e70c057a5d85c86d6b10767cc9b6de7c6d3e7c7cc9c40ca8691dd
SHA512 0ab69bf695c4242d6ffa8c373f45e925ce7de65370f4b064bfff29cccf095e1a38fb89e917bb68bcb4fe88516edc640c1fa2ab403b7533ad265efc325cb5b994

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CMX8GHR9\buttons[1].css

MD5 9fe79136cccd2113076f91eec3e62296
SHA1 08384df9800a8a09388d5ee824f12bda9ae98f3b
SHA256 da141243421c28ac4cb5eb30f8ec4b25d08497dbcd38eaa32622afc2af33c85c
SHA512 ce9e3f96891113002944dac774c55571340c56fe4ec3011746b793ec4846f8ebb7173b3ff6c28330c72391ffa60b0f68a20ca4482395663898014098231aeb2d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\H1BTR0V8\shared_global[1].css

MD5 d0209c14bb7c39e27f647a3331b458a4
SHA1 238e6b3353c98b7eee1c0319605dd920113c49ce
SHA256 476e9ba8d33912974485e86871ca716aa8d4ca4ad43eb9f33617170c5d9fc64c
SHA512 3a0fc1793fb4eb9a28de83dba7806843e3e1432ea5dddb3b4e0e8df06970cdf0a3920f79b22159b6d49ef6f3c0c4509733eb3b9f9882a9da80d51875088ad049

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\OMM5UVB8.cookie

MD5 8bb6961781c46a0ac5f82ed9329d3dc3
SHA1 fde532eaa15526a15cf3e5a228a5d80811becf3e
SHA256 c5552c63ca078df000d7b59a1e64fae95f2b970b1ae2ce7618ebbfe231eecd46
SHA512 5c62b8cdcc32c668c6a1e1d864c6b817be73a8d999f75905f9b10f39540f8c3c2556fc2fa4c2cfad147e084006887c498612c04efa818f3c82cb8c3e4effa444

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GHWPK19U\epic-favicon-96x96[1].png

MD5 c94a0e93b5daa0eec052b89000774086
SHA1 cb4acc8cfedd95353aa8defde0a82b100ab27f72
SHA256 3f51f3fb508f0d0361b722345974969576daef2c7d3db8f97c4ca8e1ff1a1775
SHA512 f676705e63f89d76520637b788f3bac96d177d1be7f9762aeb8d5d1554afd7666cbd6ef22ce08f581eb59bd383dd1971896231264bc3eaabf21135c967930240

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\H1BTR0V8\IGOD7HS2.js

MD5 4ecca988267c3856358724871d0c0d5b
SHA1 45375c2556b70bdc3acbd0ea3ae07ac668d3c4bd
SHA256 da3ab934671f026d46a8a26645d782458f5d625ac0f4674c5101f8ffe2ff9770
SHA512 90c58b6cd8391ea843bd079ac64ad3d40c390d297df42cbf3537164de5959d9fbbac538c365fc94b782fbdd1a18524b9fb915f8a3945a2b41d312926e94e8f21

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CMX8GHR9\shared_responsive[1].css

MD5 04c174ebc8c80b03fdba4458ded0d2e4
SHA1 4072b6346e015aa785fcef8b60be5e9d07266f79
SHA256 cb69f807a4d629c2554079002734dfa967a4d2d5749f4e17ebc9bf91e63806a2
SHA512 44701844ea18e83b2fffb9d850ccf225565dd1615cdb317c2c54084eb8e0593eae81baee1dd347deee8835aeeb1000396a9bf5b68732cef37307970fd301de39

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\2J71KIZI.cookie

MD5 7faa5d4a2f4d2ecd9f5e247a86ab4bec
SHA1 a508bd367760091a94d9c92620b5dbbf7d2c135c
SHA256 d2fb66be848c6f08cfdc4ddf0d83c41017c51018397bfb519ae94fce994a9936
SHA512 5b41382c3fced3492f469d3543f59ad9f615f8514c2b7d29b6e00665038d865f1bc94632c2f68dd6728c14c269b039dec602780c1eb4aa0ccdcb861be8d5b306

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AKS0WW46\pp_favicon_x[1].ico

MD5 e1528b5176081f0ed963ec8397bc8fd3
SHA1 ff60afd001e924511e9b6f12c57b6bf26821fc1e
SHA256 1690c4e20869c3763b7fc111e2f94035b0a7ee830311dd680ac91421daad3667
SHA512 acf71864e2844907752901eeeaf5c5648d9f6acf3b73a2fb91e580bee67a04ffe83bc2c984a9464732123bc43a3594007691653271ba94f95f7e1179f4146212

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XK1TSIJX\tooltip[1].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XK1TSIJX\m=ltDFwf,Rusgnf,Ctsu,UPKV3d,bPkrc,W2YXuc,pxq3x,IZ1fbc,soHxf,kSPLL,qPfo0c,yRXbo,bTi8wc,ywOR5c,PHUIyb[1].js

MD5 eab434d959ec0589c4b93167201f2c52
SHA1 f645d0133ee64f150d9277ed52bb97fee103ce50
SHA256 21a515bed806e08fee804ca7d9fb5e650c3b51866b346d88cc43b882f78007f3
SHA512 11a0316deff8c89643838aa5b9b73b7278ee1b7d02029eb016f6369485cafca4191b65bac13fbac6af1b16ec2af64e604a33689f26e74300289a6087a143136c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\H1BTR0V8\shared_global[1].js

MD5 bb0b56b95d6b282bf8db168a0696a309
SHA1 b12322401910d5708d3dd50381cdb65fb3cecfa4
SHA256 f56b81e7c32fc0694de8ab5936f5337fae93ead7f05895c819da837ab0bd4dde
SHA512 8491bc183a5426f71516d8c900f35bb273035214f802f7c5f4a6df9e511e799fd510087a85ec39b001d2e85ca8cf259e4d119e32aafcf56040dd9c36cd0c1c06

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\H11OM9J7.cookie

MD5 97aae4f9f814d64ff14c293597ee9011
SHA1 288a4f280e6d7fe7bf1228a3306708a038fba414
SHA256 5c61d3c503261607abfba5f7e4100b21c10cba1f43189ad556f102d4baa6ad44
SHA512 5a1ae11d7be8bd97193a7a08631fa5605fd9736875aaed735258d88d47cfa626de8222e0f56441a0fcb9612f2256f5fd887e5554ea241a1255ecb410daa128db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XK1TSIJX\m=RqjULd[1].js

MD5 e8494d12b2917c688d980f0de642519a
SHA1 edb218d585fe8f95f9cd11b4b0a2dc5bcd6169ab
SHA256 46db9bcc3096cc10851ca6cbabca84f04c7f216ad93586a3c6e527e026f13706
SHA512 647593a72ab10a14cba947861d798cc20f77d7f06f429193978e08800d9312522582448dabcfd0e4e1956461aa00649f496bd8dc63c7603f051ee6bf695a386f

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\SIFG4UQX.cookie

MD5 9258eb65a6bbfb552ad136788e894212
SHA1 277bcb854627b67885b778efc8f0881092eb307b
SHA256 cfa521f7b94aea39e98fbc405c5584bbd292c8953b87cb3843d03ff19c17fe7f
SHA512 5b1cd6448d38de144aadd47aa69a571cb466231b6215eac81defe3b5f09f012bb71d274559e3648e5f8c3e716223e99ba2e2a4b6d424513994e3f3a118b4a961

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CMX8GHR9\m=ZwDk9d,RMhBfe[1].js

MD5 984e38e1c7c0fd4bf856f61a28aba7ea
SHA1 6a19b2c0c43409fb59210a422a217255833e83ed
SHA256 435d1232392211b2e40a0f085eae7a7e522e357ef6e7389428e267e615d4c8d5
SHA512 ec0881f05298d7839eafec2d0779bb4ab04b7f04989f4bebebee495e4d3e9c3256e533c306e1c772cbb6e47349c604ed28362da5bd3da64a6fce54daecef8370

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CMX8GHR9\shared_responsive_adapter[1].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IZ3Q99YF\m=bm51tf[1].js

MD5 1e852dd354017f17d62c8af487f74cc7
SHA1 a41ac842c4f9273f908fa55e33eacdc66182d311
SHA256 908f4c4dc1778f5383e74d6a6892acdfbeefc44b4d9baed69b9f6ceacfc44ff1
SHA512 0379d64dae33947ae5bafc31127e982707d30d5891f5007a5acdf42e33876b31ad3c17202b7c0b59d3eb6f9a2deb626a9203ab4822d5be1fe144681dba421e6b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\YJ5C5VAV.cookie

MD5 b4ab67c6f0087f245fce59a473d6b318
SHA1 4696dfcd8a79fd4f595984b565af5992bebb44c8
SHA256 2bcd4ad55917dd07c8c5169e3c8286023508e38829d6971f2a004991e9b9e0fc
SHA512 9367270cb1b8a981a21f701a1177fec88e1607c98c48e6306d669f4440b1256792246c85b43aafcd4cc052e22c2340234ab75686f896b3542d3b92c11bbeb55e

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IZ3Q99YF\m=w9hDv,VwDzFe,A7fCU[1].js

MD5 2232b394b7c2178fea12634cc3305fb9
SHA1 232f6a201cae4f7f3c34426a4f97a12aabb46cbd
SHA256 aa6e0eff2637b941ad8e3fe432c3bf05ec51b9c445a5398293f0f5af75ce1e37
SHA512 9ab939a3044200315368ffd7e1fda8a0e083b8112daede27424f8f278af12b8e65fa062e80728fe2e9d987ca0741c58dd2180412b4fd893e05e2c5d007cf07db

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\1G8KC7AF.cookie

MD5 20fe3f150bd25d563cbf78d1a561357c
SHA1 ed7292d71566f26b17ae3fa04898c2a4be2865a9
SHA256 9073533b1bf62f97fff78c157bc0a2c0c76f604a1c90855f344c6c06faa0b90d
SHA512 e841d40a77ee6b4356f5474806d638e6413d5697288a0fe60a87adc8b5e6151c3ac22aba1574d079a9dc8f707e4e2eaf50a5465a2fddddffa805ac79d90ab533

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XK1TSIJX\recaptcha__en[1].js

MD5 af51eb6ced1afe3f0f11ee679198808c
SHA1 02b9d6a7a54f930807a01ae3cdcf462862925b40
SHA256 6788908efcff931e3c0c4fb54a255932414a22e81971dcc1427c8a4f459a1fbf
SHA512 e561a39733d211536d6f4666169221ca52b3502dd7de20eadba2c0ccd6f7568e3037fa8935d141993529ac9651ed7ecff20f5482de210fa5355a270dabe9221e

memory/820-4341-0x0000000000D00000-0x0000000001241000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\H1BTR0V8\chunk~f036ce556[1].css

MD5 19a9c503e4f9eabd0eafd6773ab082c0
SHA1 d9b0ca3905ab9a0f9ea976d32a00abb7935d9913
SHA256 7ba0cc7d66172829eef8ff773c1e9c6e2fde3cfd82d9a89e1a71751957e47b0a
SHA512 0145582e8eb3adb98ad2dbc0b8e7a29c1d0525f0fd515fcf82eda7b4ce2f7f7f6aa0e81912aa98927e6d420ed110eb497c287a0ad483f8af067332920d4bde83

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\CMX8GHR9\hcaptcha[1].js

MD5 837da1c0f154af3379bdaf37ac61c895
SHA1 41408c5e178fb535af82c42c20ede37ce09ecb08
SHA256 2d77aff9789031cc7acd5b414942f4e176c3245a4369c15e1031d88ac5c2f2d2
SHA512 cacf7475792cd2a685863636dc9f575e151733884d13aed9aa970a5ed5059d2c46453dd437a463225995d10eb45bfa5d66da2104b8e18d29474709e363d841fe

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OKWG2WBN\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NLZTUCW7\www.recaptcha[1].xml

MD5 d63ad01a29468554889e180201c4c828
SHA1 8e0f2ce9596b638dd0dc5b9a71189ff97ace629c
SHA256 95e996720672453c897124368c2ade37b211c3f372b44efe46149ca4870834a9
SHA512 814564b6577d10290ea02085e33080be4b833b8eacb6b8f3cec36b3d83943a225503d1aca4ee014aee97d4e58066b39b4d899e002522debb2a629f96004a53bb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\EHS2E2LZ\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee