Malware Analysis Report

2024-10-19 08:41

Sample ID 240420-jj3gvsbh28
Target experimentingnew.exe
SHA256 821f6a7afc4b55e5b636deb590d71b6e5807ad2875cb7feca4e47e1dec7c3d98
Tags
office04 quasar spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

821f6a7afc4b55e5b636deb590d71b6e5807ad2875cb7feca4e47e1dec7c3d98

Threat Level: Known bad

The file experimentingnew.exe was found to be: Known bad.

Malicious Activity Summary

office04 quasar spyware stealer trojan

Quasar family

Quasar payload

Quasar RAT

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Reads WinSCP keys stored on the system

Legitimate hosting services abused for malware hosting/C2

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

Modifies Internet Explorer settings

Uses Task Scheduler COM API

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: MapViewOfSection

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Modifies data under HKEY_USERS

Creates scheduled task(s)

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-04-20 07:42

Signatures

Quasar family

quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-04-20 07:42

Reported

2024-04-20 07:49

Platform

win10-20240404-en

Max time kernel

403s

Max time network

404s

Command Line

"C:\Users\Admin\AppData\Local\Temp\experimentingnew.exe"

Signatures

Quasar RAT

trojan spyware quasar

Quasar payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A

Reads WinSCP keys stored on the system

spyware stealer

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A 0.tcp.eu.ngrok.io N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\1601268389\715946058.pri C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Enumerates physical storage devices

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A
N/A N/A C:\Windows\SYSTEM32\schtasks.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cortana C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\MrtCache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "395205405" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\ C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "31979" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\abuse.ch\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "419761198" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 69f500aaf692da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6b364e9ff692da01 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "750" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "540" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000c8ca2bb46a5ed8e59aeff2e23d5872ad08caf65f9e7011cce788b98f151c093490ceb22311739c7f84511b69481579ad1a3645239000dc715d69 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\NumberOfSubdom = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bazaar.abuse.ch C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "25" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "589" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\abuse.ch\Total = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3936 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\experimentingnew.exe C:\Windows\SYSTEM32\schtasks.exe
PID 3936 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\experimentingnew.exe C:\Windows\SYSTEM32\schtasks.exe
PID 3936 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\experimentingnew.exe C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe
PID 3936 wrote to memory of 3948 N/A C:\Users\Admin\AppData\Local\Temp\experimentingnew.exe C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe
PID 3948 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe C:\Windows\SYSTEM32\schtasks.exe
PID 3948 wrote to memory of 2152 N/A C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe C:\Windows\SYSTEM32\schtasks.exe
PID 2220 wrote to memory of 5116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 5116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 5116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4136 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4136 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4136 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3564 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3564 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3564 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3564 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3564 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 4724 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 2220 wrote to memory of 3116 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\experimentingnew.exe

"C:\Users\Admin\AppData\Local\Temp\experimentingnew.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe" /rl HIGHEST /f

C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe

"C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe"

C:\Windows\SYSTEM32\schtasks.exe

"schtasks" /create /tn "Runtime Broker" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe" /rl HIGHEST /f

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\System32\DataExchangeHost.exe

C:\Windows\System32\DataExchangeHost.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

C:\Windows\System32\shutdown.exe

"C:\Windows\System32\shutdown.exe" /s /t 0

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x0 /state0:0xa3a9b855 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 0.tcp.eu.ngrok.io udp
DE 3.125.209.94:15209 0.tcp.eu.ngrok.io tcp
US 8.8.8.8:53 94.209.125.3.in-addr.arpa udp
US 8.8.8.8:53 ipwho.is udp
DE 195.201.57.90:443 ipwho.is tcp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 90.57.201.195.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 233.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 25.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:80 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 246.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 104.208.16.94:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 50.251.17.2.in-addr.arpa udp
GB 142.250.200.14:443 www.youtube.com tcp
GB 142.250.200.14:443 www.youtube.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
GB 216.58.212.246:443 i.ytimg.com tcp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.71:443 login.microsoftonline.com tcp
IE 20.190.159.71:443 login.microsoftonline.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
NL 23.62.61.194:443 th.bing.com tcp
NL 23.62.61.194:443 th.bing.com tcp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 151.101.2.49:443 bazaar.abuse.ch tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 187.173.246.72.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 227.66.18.2.in-addr.arpa udp
NL 23.62.61.97:443 th.bing.com tcp
NL 23.62.61.97:443 th.bing.com tcp
NL 52.142.223.178:80 tcp

Files

memory/3936-0-0x0000000000110000-0x0000000000434000-memory.dmp

memory/3936-1-0x00007FFB66330000-0x00007FFB66D1C000-memory.dmp

memory/3936-2-0x000000001B370000-0x000000001B380000-memory.dmp

C:\Users\Admin\AppData\Roaming\svchost\Microsoft Windows Search Indexer.exe

MD5 399bbb3dc58bcc8cc2fe9aef9a3ebac5
SHA1 37be03a9765a8b321c0ddf2ff00acdb106502b7b
SHA256 821f6a7afc4b55e5b636deb590d71b6e5807ad2875cb7feca4e47e1dec7c3d98
SHA512 98e70c54329089015535e30f32006ef8731e69dd32234590ef7f8388403cd68e86c5a4030083f8c510c46c7d0f995fe3a9a82db01a0b6fc288ea7eb5db5fa64f

memory/3936-8-0x00007FFB66330000-0x00007FFB66D1C000-memory.dmp

memory/3948-9-0x00007FFB66330000-0x00007FFB66D1C000-memory.dmp

memory/3948-10-0x000000001B860000-0x000000001B870000-memory.dmp

memory/3948-11-0x000000001BE70000-0x000000001BEC0000-memory.dmp

memory/3948-12-0x000000001BF80000-0x000000001C032000-memory.dmp

memory/3948-15-0x000000001BEE0000-0x000000001BEF2000-memory.dmp

memory/3948-16-0x000000001BF40000-0x000000001BF7E000-memory.dmp

memory/3948-17-0x00007FFB66330000-0x00007FFB66D1C000-memory.dmp

memory/3948-18-0x000000001B860000-0x000000001B870000-memory.dmp

memory/3040-19-0x0000019D87220000-0x0000019D87230000-memory.dmp

memory/3040-35-0x0000019D87600000-0x0000019D87610000-memory.dmp

memory/3040-54-0x0000019D873E0000-0x0000019D873E2000-memory.dmp

memory/5116-67-0x00000216274E0000-0x00000216274E2000-memory.dmp

memory/5116-70-0x0000021627510000-0x0000021627512000-memory.dmp

memory/5116-72-0x0000021627530000-0x0000021627532000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\Ransomware-Samples[1].htm

MD5 7a86b7935c49b6d805e9055585885031
SHA1 715b19a4e714e810b54f26083a01e16a06039fce
SHA256 a9dce5e10050f99570bd2b2b260893cf704bdb6fbd6a54e0834616d2ba1ba668
SHA512 c07b8a4b71a4aec999f692830c49241cbf15c3b92ccd0e2433f29a4498c6c8f7e2ee01c9b61320096977637164e5f3358993fb13d02954e37a0f7ed9fc5b81a3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A66A8DB907BADC9D16AD67B2FBFFDD5C

MD5 c72b3893449a517078cb4b02b6a84a72
SHA1 81ad8145c090ff4a49394e309a7939e0fc7f2dd8
SHA256 d781c5ab017a86e0e2aca00fdec67df6f29d3070df84866e299c5e1d38d257fb
SHA512 754e3865fa7d60f82ccb4280374001072d0f2b520fa4618e91e29dc7dbd3257a3027858edd6c14f87cbecf30c4a4ad10226c94d9da093513f617a38333c68409

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A66A8DB907BADC9D16AD67B2FBFFDD5C

MD5 6416a3965ed64a2e05769dab3aadd358
SHA1 d730eb144fbc2984872527bd0035af23662b0a3f
SHA256 69dc809cf04bb532c386470726ed974440c77cb12ec4cda27377b9a0899ca473
SHA512 20abe867a90f8a00c86eaee536cdba9b0ac9f3117e572d3d704f5f28e7c15b1d84f3692232da50f4665a2cf04c79023d53e17a989c191bd90798071975bc0e3c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 702df74cfd9a8f370b4f62f2549af2ef
SHA1 0d03215e18a35d0124acad057c912aab26fdba4d
SHA256 1a8d3a6b6895c1be360226f73fb3b0bd3266feadcd824a1578b318f132b8ae50
SHA512 0b70ef4564cbc43a5ef1375ce1df71da44a4ff56f856b413ebe866c618afa6aab251ff844851eccc57af78a34b39bd44388ae5227a84ea077d9615c4e56a75d4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 7a4a76fffc6a7194d3aba83dd09f4e1c
SHA1 7fb68c5869d7057f14de7133797bc910223ce6b8
SHA256 fe63999b832cb6c657599ffff8b981d790e802905e42e3012795f74a883619ee
SHA512 3ee84553918dd176e89e02670600df1ea4d90720c22c089634f425b48f582a872f3c222427a8f98a9726a3e8dbff27d76f8805818d3b496d41eb232e59d2d982

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 da4f222fd9ff7b1dc1dd57efac669c16
SHA1 4b68471a36ad72f6402db945aa532adbead5d4bc
SHA256 0e458cd1844ccbbc41e4a2bc61863bdc2b8855a7ed0ba8e17ba3e8fc51dfe1e0
SHA512 a05e124ed0178f83b652d39fa5d7184dcccced40cd12e2a1de816b0604bcf993b77c663761c42145e8523051ace1756d44500f6ad2741ffb3dc7c1cdaf622cc4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 ec6c8cfd258296c8e226d6d8ce5fa1b7
SHA1 3c8f8dd04f08d741de8b5d4bc671ed1d4f937d04
SHA256 e1d1ca1f6c6826149ccb6834d62dcf16d315896ca22bfcda29ac20e49dd07832
SHA512 47691f89469131ff121c6a1ef32f27ad1220a253adb616749e43cea195691d7584d5dbd89d6a0d3381cc1993b1971fa260b396316bc1b81141f637436d134879

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\light-f13f84a2af0d[1].css

MD5 deca261177994c06974b8eed93ab0d5a
SHA1 6df91477da6dcfd0ccbf51fc39f2f31f03acd8fc
SHA256 7dfb4dd6d5448e12ce18a0c186a890f6b9e4550e9e160e83fefcaacdf6decd9e
SHA512 f13f84a2af0df501d75659ef3682b9991894b860be2045d686b276698831c211d69a7df233fa82880f83c633226187e5c4fbfaca2a9983fc0b52454f78fece98

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\dark-1ee85695b584[1].css

MD5 2f1124986d7087c89cfedbab9e6c5090
SHA1 84af5865a920d527c436719c2b00d9860e68f07e
SHA256 6e28388875a179d32b9788d45aba0cf5901513106aabc738c6f290643505b007
SHA512 1ee85695b5847734f481c143211fe9d590a987f2b56b1772664b7a529455bf19592bcfbeffc4281ed1b6679299244d40112203438e6275271a67c4bf1181fe14

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\primer-44fa1513ddd0[1].css

MD5 cb3b98775e72345614028bcb572389d4
SHA1 bed826567a4dfa8c7b9ae5ed53dee69c7d367386
SHA256 25ad39ca5f33bdbbc85fa70b6f9fe46e4fdb17937bbb57669aaec3e0203861ca
SHA512 44fa1513ddd0098c15019b07c5eb888114c3b008d7f2e5a912d592ce0ac050e767a3ab0a55fe71fd9d5aeabd2d445280de508c8dd2bb83bf5073c1ba88980f89

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\global-1c8bb26336c1[1].css

MD5 b76bff301694f4eea9eba00250d95ecd
SHA1 6dad1fc71e0e5f36c442a00f2f34bad0f2540a27
SHA256 65d11c9255b5e69866ba6b917fe319c247958ccb42829742e3d84a5ab36687a3
SHA512 1c8bb26336c12f7d75e25ef09285088d9dd0fb5111f959edcbc48d517d181abdbff5af03d0de9c3e114c0e18b3e8a505c4f4099f9395f8ceaadef3903fec234c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\repository-fa69f138fe8d[1].css

MD5 92ddd397a592ef8df629545aff542ece
SHA1 de50aa0321796f5e0d0c162fab9b10f7c98d11e7
SHA256 ca1fff862edeb6dce1953d3ff7f1b76d84aa12aa7ac4d4eca05e323ffb3f6ad2
SHA512 fa69f138fe8dc9e8fbcc9f8211bc8e82608ccd52a41586a1438b3ed05922f0ddbd2e634fafcc34add72e0b36fdc6720d6a68530d6b4bda61fdf20e57fd553d2c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\vendors-node_modules_dompurify_dist_purify_js-6890e890956f[1].js

MD5 80fa30c00e347b5bbc8b7ff9dc2c9f44
SHA1 d085fe485ada77814949e92fa9e1b1eb05ba5eda
SHA256 be77c75cf182f1830d0f90b8d7aee460f0108c6e7f5a143a524f709b9023c80d
SHA512 6890e890956fafa8187511df1ac3c80a5b8d56be5ca989da251741f59c8d1186c0efa3d374f113b0ebeda124b78dedd106ea97f487ec04cf2a012e7bdd1048b3

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\wp-runtime-fd67db66fb1c[1].js

MD5 28c7cdb725728ec7c1e3198b7d92f21f
SHA1 ad5562f7d6b836d04c28064e052a79c3c07adfb9
SHA256 acf3c72a9cc7ef5047894c0629d23ac856c503fa2634a5915ba0617a61cfe49a
SHA512 fd67db66fb1c25d2b043be0e9cc38b6fd61d09f00073dc432e7e75d1419c6e6ce101816be076dd0716e0aa59afbabf70c5f9a67fc720fa8abfb50d1af4c98da8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\code-111be5e4092d[1].css

MD5 7cb9080aa576934b53486d3746529970
SHA1 cb9ad049ca59d0dc0095470fddb2bda8798211cd
SHA256 9850beb3ebe2c31da0ece9d1a823e5e7d26983626c6e2acf4210d33abf6660c9
SHA512 111be5e4092d831d8e068ff4b6d2be94cbccb5bf92adc549a6c2506c4712ac177d15a61b56bce1919a2bdf9bb66d4a24b805db3aaddeb86823912d1df805f2fd

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\github-07f750db5d7c[1].css

MD5 19a4910055069ece0fd15033333b5169
SHA1 cc741789ac4f11c2e1818d25554f470ed002c7da
SHA256 c0467d247bf127ccf1de67ede2d21bcec6e1414e1c4f0b40f83f323b6d407156
SHA512 07f750db5d7ca69a75c752e69beb712768b99da639ee3ee96857c7c4e69364dee00c3f5a601b4cef713c6cfc4b0755d0629f4982bf35fe83dc2dcbca203e59d4

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\primer-primitives-0b5bee5c70e9[1].css

MD5 4a501b962a497016dc70c7dc3f95f859
SHA1 7d50b4e6274c503021751982621678afed30ae6e
SHA256 8a9ace6d9250dd653522dd94b426d1617df95fdfd86264beaccefa22c78fc7d0
SHA512 0b5bee5c70e933f062d7773a200472973456db928fb6dfa0c9bf0ded60b04e4b0100ada3f4234193aca992acd72d196f5b5f458fa4b51636b6bfe9be16c8f191

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\vendors-node_modules_oddbird_popover-polyfill_dist_popover_js-7bd350d761f4[1].js

MD5 b6b600c9f1dd4c88024d62e6ff2eb871
SHA1 5a22091378af6a681a1edd36e5337b9b6f70613c
SHA256 447a26cbcbced255f24f46c1e82a6f3a4de3b2a44d4b0ab7b6f427b12f783f8f
SHA512 7bd350d761f4f22866b454b1271af79ef5d23f5d1b8cb0598c34f739e3dab977450d61d01b8a0c135fff309389f712c0114e9cd6e844d2261d2536377b71b838

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\vendors-node_modules_github_combobox-nav_dist_index_js-node_modules_github_markdown-toolbar-e-820fc0-bc8f02b96749[1].js

MD5 1908a7d9985e9540b3f6fc047f62b729
SHA1 25a06882e338da16bbc59797925ac6086141f478
SHA256 1b92b8a1d5169e64edce1fb248cb5989561060b083e5f05b6ca2a823b748a946
SHA512 bc8f02b96749a7ec00a92334c4964a4255611b23e15b88a9fef73fce2b55e32bfefa7f4bb89d436685a92fe188713790b9154ed79b5d7b3690a3ace68346cadf

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\vendors-node_modules_github_relative-time-element_dist_index_js-c76945c5961a[1].js

MD5 2cabd818fb8745b2fc7d5f92594269b8
SHA1 88108fecb3839f06671c2a21e35163e0e414b2b0
SHA256 55cdbee6ddce98f5c299a24fb9851501f46ff0cdd2ef3b2f7bb572a3940b462d
SHA512 c76945c5961a4f5b2cb1f85bd3cbb35d5e81f611c3ba05543acfe870728e94e9719c9331b65f4c2c8723960c5ac1e9cac0495a892f049b41ed3ffbe899b93700

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\vendors-node_modules_primer_behaviors_dist_esm_focus-zone_js-086f7a27bac0[1].js

MD5 6822816845d932c1e93f68372f005918
SHA1 1dd14a539530e8d131ce29be5e5f84e4098b6a15
SHA256 14d338ed3345cc8d74e239c812aa37eeee6126bc1ad8a17e4e2cf6ba8ee0adee
SHA512 086f7a27bac0d285f5e0c849cebac7176f86edb18037d8ec4356c2b8892fd3f47e045f857eb673b213661eea17441192cdb7a76c807c2badcecff6b7901aba92

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\vendors-node_modules_github_selector-observer_dist_index_esm_js-9f960d9b217c[1].js

MD5 683a7fe431bded8fbbf7b5189a1b8209
SHA1 2fb527473877ea06ec6b023690ce933c216c5d07
SHA256 f87c5b59b8f353c8762f2e44e1f82feafab882a96a0fad135dc6fc1555872ab3
SHA512 9f960d9b217c457d467a9510dd9797c4ec9df9a892c0a3e1746b2b87dca8ec191dc901e983bc509bc282004967b6fd588dbff5bf70bc7e20a5ca32bc7f1d772a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\environment-775215f6b8df[1].js

MD5 e0a178ecbc91bcbae9e8e906adb78e33
SHA1 a9738626c14f73015b36aafc729b325544f7af4d
SHA256 751de4fc6bc6c42c11515ce3805d1715190eb6b01bcf4bf14b2aa7c0deeee99a
SHA512 775215f6b8df5b189ed8fe380fe37a4c6d79de089051c3ee1242f1d8223d28fdf6c08c694dcc42e9cb4c0953bc172b099a16f9c6c774b3f747e2a30d60e90068

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\vendors-node_modules_github_auto-complete-element_dist_index_js-03fc21f4e80c[1].js

MD5 4d7edc0ddd43e54f4590ffe2f41756a2
SHA1 d6abd8e362faf9b9ff99ecc405345c553de6831c
SHA256 593268251b1b94c08df2e4f4ab6489678391cb112fd75a5e7a53f990d40b03af
SHA512 03fc21f4e80c42f4a4dec31f373272fe0002f5fb79295d3c9a165fe0e03353d793806f85f1e47bd7e357b3f278016ee578b090f553d8ac57122ee6b903b2ef07

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

MD5 4632066add51c0552accc0a8975abd16
SHA1 b71314d31a79a7799b9ac186e3e68a84ec2021dc
SHA256 519bfb3f536b86732dab1278d63febf7a9476f54b88ae53ef360880a45cf96ad
SHA512 522c3a1ca8cac058b7b40a7bcb245bc48266dc557f1b8c81a338f1c4759d763ea6c2bd4a51a324424c1104c0049e1805bac6e83864c3f0f9101e37d4be23f2c8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_9B13CC1B0E800F96F1A2CB0E125BA520

MD5 4d4f632567257b16b6e4692cfffb7759
SHA1 054c3c894960839c243399842b5d04e9e5079d4b
SHA256 edacb00f0e0056c592b5966eef366e8c5a8f9824f3cb7901955ea704c63b4744
SHA512 d0780b69da351a30b01a353caa324007f0ea7bfd9269674c5af7802192742474ba1f1f43f122e92be6e6b497948b635440f91147f69914bc5c3d12ed7091992b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_9B13CC1B0E800F96F1A2CB0E125BA520

MD5 73b4ee8e8c241728caf84f9f335e474d
SHA1 e1e72e156e8190591751412ba1988f5717a9692d
SHA256 39d73e538dceee258562fecbf3082ca40ef44e6a3490620f60d66daf4658d42f
SHA512 a159518e39989de8c71d6c7dee60c6d7c699f88efe3e43a0283ff19af1d9a19f29c4b4e26ddf3c434fab22078879812f1af905f953004cb8ca7c6dbd9b2cc943

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

MD5 97be546df596133ffdfaac4a3aa08215
SHA1 4e2a51d5ec0c15e75ac872db10a742884b34c5b5
SHA256 5c6923d32547ed98535702ba2e5f3f744210b72e8ffde3b9ed78ba2234ee5ef3
SHA512 083c6d154855cacc62da134c0baf8d9f6125c8a847abb6207fcae9ff10f593b826a33723671a68a0c17faa489885f7662f015528169c9572d6ed2da6470373e8

memory/4724-182-0x000001C55A4E0000-0x000001C55A4E2000-memory.dmp

memory/4724-184-0x000001C55A500000-0x000001C55A502000-memory.dmp

memory/4724-186-0x000001C55A6F0000-0x000001C55A6F2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8S7W85J5\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

memory/3948-227-0x000000001E1D0000-0x000000001E6F6000-memory.dmp

memory/1280-259-0x0000028725300000-0x0000028725320000-memory.dmp

memory/1280-268-0x0000028725700000-0x0000028725720000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

MD5 996c47eff62a50ae2e8b0a97d5f6751d
SHA1 e3ad0d2f7221a83d13bf3ab66a2efacd7a8f8f3d
SHA256 4d12eb25f2522ba1ec7a9be7c50468d8998387fd7e4ed55c12302fc5ef0da194
SHA512 3a48f5392fafb1690f6d21be81d8794774825f423774b9a2cb12fea4408b73eab0eeac2daffacbcd855b34b3fa0860b757e238bae830f69f0b897c4952e57316

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

MD5 0548bcf9e3241305b0e6872df430efd5
SHA1 192ed60c8c4ac6f84bea4a738ea9d5b78347c315
SHA256 890f1ab573dae67c569d431a07714ddb2d4e05f51188a41b0164148e6daf3f25
SHA512 91ba9e35044b2ee6109502c962e8b134aa3dff582d92629220b5ba985b1e1ea14cbded231ffb734636dfa14dff3f132cf241225596284a8b0433f80e3ddcb3bb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\warmup[2].gif

MD5 325472601571f31e1bf00674c368d335
SHA1 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256 b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
SHA512 717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

memory/4136-476-0x000001B4668A0000-0x000001B4669A0000-memory.dmp

memory/4136-486-0x000001B465AE0000-0x000001B465B00000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_F035812844FEE93DCDCC1CD3A7F24400

MD5 017cfdfe6786930c90c5801d8e0cb2f8
SHA1 9d797ea49994910d659973b672a6c6059d87057f
SHA256 6ab7a7283f9686c896b47e045eb3439da60da04c8d8d309582603907563138c9
SHA512 c399e64f6f6ca5e193d91d3e8ee13aec0fe467afc526e4f8b7680b0c8cfe32360eae906e6289043782e005e23f24f8e445c737a058dce1c2bd3c6b00ed6ed095

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_F035812844FEE93DCDCC1CD3A7F24400

MD5 8eb97fd3977f5f8ffe7c69dc12d6a9aa
SHA1 78c629b3a2774e1665fd33807f9afe4731f0cdc4
SHA256 b923759db48a0de27078954409ae746841b422fbc1e53fc990f3d0a712230683
SHA512 050babbfcd04628fef85923e97d87ced794ed63f305c376d3d91cdb1256f54b8a1bfff6ebe8722e0cd9eff3ea3c973f0a714b9547aec3286cfa55818e4518682

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 e297caab7cd872cbbaefabca338498de
SHA1 9ec0def036dbfd5c53d3e2ac415990b27bf5c74f
SHA256 5cb99fe00c6cc75d7be9b788981e75422a338e0ebabcdba9f728579eb6243d1d
SHA512 1f35253f9d0f92e8e9b79aeedec706f26dc7d1a3fb677f8eeef6e62ffb06ef7451b98fb229096c21b521ac34a9af2c32ad83689d95788ee0249ee1e0d290d7b1

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 6b1abddd23f32b7eb7935139ec95eb93
SHA1 05a174c487886e3ec1c5774d13d84cb566c34ea5
SHA256 894b2318d173dc45ecb775dbc389d523a2d3267e1dce2e7d2b778a8709c0baac
SHA512 e833bd845d6326087bee6ab184c4465778b820340cb52e55cc25f511876391c57826f17a8057986a4d95409a1f075c699d7db29ff9645f338e63ba0b2f2798c8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9d23411872848b8ad8f80443dee0baae
SHA1 457528e6a5d39108df6ff002cd3540a284b560be
SHA256 f334beb221f3dbd02521d0572b811baa1e3a34a70678eac998d79a19584be493
SHA512 c4743ea333eacc002e3baa6306207053d172b154cbd670cda0c9bdc4ec69c9bad4870617a468cc58b38d3c997b3fe015548b45ed395f92f8b98cb714898dc441

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\web-animations-next-lite.min[1].js

MD5 44ca3d8fd5ff91ed90d1a2ab099ef91e
SHA1 79b76340ca0781fd98aa5b8fdca9496665810195
SHA256 c12e3ac9660ae5de2d775a8c52e22610fff7a651fa069cfa8f64675a7b0a6415
SHA512 a5ce9d846fb4c43a078d364974b22c18a504cdbf2da3d36c689d450a5dc7d0be156a29e11df301ff7e187b831e14a6e5b037aad22f00c03280ee1ad1e829dac8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\webcomponents-ce-sd[1].js

MD5 c1d7b8b36bf9bd97dcb514a4212c8ea5
SHA1 e3957af856710e15404788a87c98fdbb85d3e52e
SHA256 2fed236a295c611b4be5b9bc8608978e148c893e0c51944486982583b210668a
SHA512 0d44065c534313572d90232eb3f88eb308590304c879e38a09d6f2891f92385dc7495aabd776433f7d493d004001b714c7f89855aa6f6bec61c77d50e3a4b8e6

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\intersection-observer.min[1].js

MD5 936a7c8159737df8dce532f9ea4d38b4
SHA1 8834ea22eff1bdfd35d2ef3f76d0e552e75e83c5
SHA256 3ea95af77e18116ed0e8b52bb2c0794d1259150671e02994ac2a8845bd1ad5b9
SHA512 54471260a278d5e740782524392249427366c56b288c302c73d643a24c96d99a487507fbe1c47e050a52144713dfeb64cd37bc6359f443ce5f8feb1a2856a70a

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\spf[1].js

MD5 9df260ef5f689e597011f8a110bf0156
SHA1 7cf9959f50ee5c0eb7653cd7b9d56e9e13c61325
SHA256 8e184352e6a0026e43c829910615fc408a900dad2f388d1b284756d1a7b0b62e
SHA512 099ea70bc08630b933e83c3033ae049c19940ca9e8f0eb42eb764552a9649493606eab56f683aa72df356ef53a9b37a63493a349e86a098fa82aa0ef75387cd8

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\network[1].js

MD5 a36f25447b3d55d31fdfdc30fa31c3f6
SHA1 81154e36fdda94a482fb7f079ef683fa3af68f1b
SHA256 1432216f926190d39c5e9b17f38a4e075c692650eddb3df32e2a55d6b3eb6f9f
SHA512 2b396c5f278953dfb1ffa324e35150cd375218cc993510fc1643df68847d7d951efe2208423fd8f467a46f4b14fd8b3d7af06c7d24ab8f1753789cfc920587fe

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\www-tampering[1].js

MD5 ce762a9d30d6c70bb0516e8cefc958bf
SHA1 da6cac9c717daa3a39f82f3421782c99edd9329d
SHA256 a9fc343d602527a427e57671d021524a9ff5af7b3df1a58900a3b01057bdd8c7
SHA512 230753fbb26e90438dd43874d02fbbb1ad6db9a0fe76da978ea47a8ca06fc99dd5e475104abb5dd25ce222423d9bda7991fd0ee896386561cd6f9ac10f8932e2

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\www-i18n-constants[1].js

MD5 f3356b556175318cf67ab48f11f2421b
SHA1 ace644324f1ce43e3968401ecf7f6c02ce78f8b7
SHA256 263c24ac72cb26ab60b4b2911da2b45fef9b1fe69bbb7df59191bb4c1e9969cd
SHA512 a2e5b90b1944a9d8096ae767d73db0ec5f12691cf1aebd870ad8e55902ceb81b27a3c099d924c17d3d51f7dbc4c3dd71d1b63eb9d3048e37f71b2f323681b0ad

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\scheduler[1].js

MD5 dac3d45d4ce59d457459a8dbfcd30232
SHA1 946dd6b08eb3cf2d063410f9ef2636d648ddb747
SHA256 58ae013b8e95b7667124263f632b49a10acf7da2889547f2d9e4b279708a29f0
SHA512 4f190ce27669725dac9cf944eafed150e16b5f9c1e16a0bbf715de67b9b5a44369c4835da36e37b2786aaf38103fdc1f7de3f60d0dc50163f2528d514ebe2243

memory/4292-548-0x0000028BFBA50000-0x0000028BFBB50000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\www-main-desktop-watch-page-skeleton[1].css

MD5 81b422570a4d648c0517811dfeb3273d
SHA1 c150029bf8cebfc30e3698ae2631a6796a77ecf1
SHA256 3c8b38d9b8a3301c106230e05beeedbcd28b12681f22fd9b09af9e52dc08635d
SHA512 1d4966a88d7cf6be31b8f53547a12db92cabb4c05176abe995c75c8889765ec68b7210c3be75f60954ceb2938412fbdeb94d4d25ddc927f3a89eca76a84a9ebc

memory/4292-557-0x0000028BFA960000-0x0000028BFA980000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\desktop_polymer_enable_poly_si[1].js

MD5 e1d7e3eb3109796d59a4f2fc286d6108
SHA1 c4f6f1240905c60be99db9887c597e55013243ab
SHA256 3060faa1e681f6aef8389379331d6bf0988d50b468a9b47a7dae9f03e786976d
SHA512 e8b966cfc158234ad90699d06850bfac0710c8a436cabf89d0504c85b60852ce4167cadae02be3ae520abcd86ede545723d4f85cde8f4eb756ac7e675a65ac46

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\rs=AGKMywGV_h9LsZuTPZ2msFKVAJQ-NxP4JQ[1].css

MD5 9188c94b1f7956118a047d4c4aff37e7
SHA1 cfcca84bfcea7fd786d0e6b0ca38c05729735c94
SHA256 caa6a88d2b937be49711dc004f378d8b074109405f3ad59ac4091a45dba751e8
SHA512 874286aa4ba6dfca1044bbbb59711ed8f204637b3b22d75e04572986f2369650320d637a58a6eedf9d99d68dd62eac9d1ea4943d311865d47fb397d904c9c929

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\www-onepick[1].css

MD5 9ace9ca4e10a48822a48955cbd3f94d0
SHA1 1f0efa2ee544e5b7a98de5201fb8254b6f3eb613
SHA256 f8fdbb9c5cdceb1363bb04c5e89b3288ea30d79ef1a332e7a06c7195dd2e0ec4
SHA512 25354aeecb224fd6d863c0253cd7ad382dce7067f4147790ee0ce343f8c3e0efb84e54dd174116e7ad52d4a7e05735039fa1085b739abbe80f9e318e432eed73

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_7E7F4B35EBB8B416ACCF24B4769F575F

MD5 7f8fd13ab660b1524b8d289382d9624c
SHA1 45ea9f9819ae028a9d968d72c66da2118a09fb14
SHA256 9bb078fdbb5101fc8b63659d1d2fffd76be5c9f0cbd9c3c25229d1501431061d
SHA512 8da4b3ae55db0e42e5bb674170a3ac2fc1cde9e8840096e05995b75848c6e93189f795ce92938f3d1671e3596a53458a8fa12bc4f6dc6dcbeddb2109869cd409

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_7E7F4B35EBB8B416ACCF24B4769F575F

MD5 c7fd2e027e65c7dbe4abc7f2c8412ac6
SHA1 c695b664e5c8404696a3dc0a901531853506c0d6
SHA256 6207cb6c870fa827c5e469be42e9c40fc63e003d6c7a878a73154bb029819851
SHA512 93f7dcc696e4ce5057e8f4f23081964fa8059c3bc3090529169e83b43790d43d9bb4b6541bd2db71417310eec6008d398e85f484ac966fc1e5d4ee981448fe92

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\www-main-desktop-home-page-skeleton[1].css

MD5 9deae13c40798dfca19bd14ed7039d60
SHA1 4ba302a1435b094031e4f2e1bce1b6198f0cf825
SHA256 cdac5527dc3c1a9f38c6b00086b2a10b9e7eaa1e062314e548c1fa602d17bbbd
SHA512 95b093d926535fa9454e3776a3e219b61502ce67aa2e659175ae879133dd35a6efa1bfdbe5b6d3e3dd8ba1f0663892b44fd6f21be17fefa9725a234dff3c5d0c

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\css2[1].css

MD5 5912f3bba71c222672dfa244a60acef0
SHA1 317a49729bb8654c3986e6b32278258a1d692d81
SHA256 48708ab3b01bc53a736f7f85e0badd9174872faa981e78b32c16c4efcaa59d99
SHA512 770f13af0d6ebe7ff9d925efccd05b0b2e5afd5fbe19770562d88936d541a298a49aea028f5122a255fb5026b4a5f37c0cf52831212ecaaf378a5769ff0379f7

memory/4724-737-0x000001C56B3B0000-0x000001C56B3D0000-memory.dmp

memory/4724-776-0x000001C56C260000-0x000001C56C262000-memory.dmp

memory/4724-782-0x000001C56C270000-0x000001C56C272000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\o7B3FK6ymEOn7sBfZSmifVTwxPk[1].css

MD5 77373397a17bd1987dfca2e68d022ecf
SHA1 1294758879506eff3a54aac8d2b59df17b831978
SHA256 a319af2e953e7afda681b85a62f629a5c37344af47d2fcd23ab45e1d99497f13
SHA512 a177f5c25182c62211891786a8f78b2a1caec078c512fc39600809c22b41477c1e8b7a3cf90c88bbbe6869ea5411dd1343cad9a23c6ce1502c439a6d1779ea1b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\4TQ6xhX_0XDFyLdFRS-kPhFXirA.br[1].js

MD5 fbf143b664d512d1fa7aeeeba787129c
SHA1 f827b539ae2992d7667162dc619cc967985166d9
SHA256 e162ccd10a34933d736008eb0bc6b880c4e783cf81f944bca7311bf5f3cd4aff
SHA512 109ec6433329f001c9239c3298a10e414522f21be2a3d7b8a9eb0b0767322eaad1fdf8f5b11edb1f42882b4e75ae71bef7fe786716407c8efad4feacb3dcf348

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\tlifxqsNyCzxIJnRwtQKuZToQQw[1].js

MD5 cfcd208495d565ef66e7dff9f98764da
SHA1 b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
SHA256 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
SHA512 31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

MD5 9085e17b6172d9fc7b7373762c3d6e74
SHA1 dab3ca26ec7a8426f034113afa2123edfaa32a76
SHA256 586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d
SHA512 b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\9MqrCXB0EVjVIRzDOArDGhu3yeM.br[1].js

MD5 56afa9b2c4ead188d1dd95650816419b
SHA1 c1e4d984c4f85b9c7fb60b66b039c541bf3d94f6
SHA256 e830aeb6bc4602a3d61e678b1c22a8c5e01b9fb9a66406051d56493cc3087b4b
SHA512 d97432e68afdaa2cfaeff497c2ff70208bd328713f169380d5afb5d5eecd29e183a79bec99664dbee13fd19fe21ebae7396315ac77a196bfb0ab855507f3dacf

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GRFK8PDI\favicon-trans-bg-blue-mg[1].ico

MD5 30967b1b52cb6df18a8af8fcc04f83c9
SHA1 aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588
SHA256 439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e
SHA512 7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\th[5].png

MD5 63343141c64682bd3e0f711730475354
SHA1 a2a7298e8f58a74292885bae9a3f44c76c7aa945
SHA256 f90e661a7731c97e3478027d07afd8c86e461c5f379932e15efad17d0e96d402
SHA512 17f7f14b0c929164283d5fd7bc829d907b923bb12a7b9d6124a6aac64eb79aaa47163583acca91fc71047bb7bb707d649407801c8762d8942a44531da9559edf

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\l5qlKyb5rPv_F2YU5blrntiAB0c.br[1].js

MD5 da20be4389802036c4857b825abe6455
SHA1 5e398314932dd98d32f7140375d98a7b57a7b0c4
SHA256 52c76adee81b0c1137d223fc099b04fba37350434ff50b0739ba5706c2d6ed10
SHA512 5313c88c8ce50d3f3c59413ed3bf50e1797978dba17bbc29cc065183d4d7593e9bbeb410ee1508241a4e963082a2c340e5b59c9c976b584a48f26e104ef9ea00

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\9cuwOQ_qE7qTGKohzrf_gIjTlPI.br[1].js

MD5 fabb77c7ae3fd2271f5909155fb490e5
SHA1 cde0b1304b558b6de7503d559c92014644736f88
SHA256 e482bf4baaa167335f326b9b4f4b83e806cc21fb428b988a4932c806d918771c
SHA512 cabb38f7961ab11449a6e895657d39c947d422f0b3e1da976494c53203e0e91adfc514b6100e632939c4335c119165d2330512caa7d836a6c863087775edaa9f

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\gKwIRAF4fg7noG1zyeUz8x3Jdhc.br[1].js

MD5 47442e8d5838baaa640a856f98e40dc6
SHA1 54c60cad77926723975b92d09fe79d7beff58d99
SHA256 15ed1579bccf1571a7d8b888226e9fe455aca5628684419d1a18f7cda68af89e
SHA512 87c849283248baf779faab7bde1077a39274da88bea3a6f8e1513cb8dcd24a8c465bf431aee9d655b4e4802e62564d020f0bb1271fb331074d2ec62fc8d08f63

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\XJ8OmILbNhm0zU9tdkuGYeXVPRQ.br[1].js

MD5 55ec2297c0cf262c5fa9332f97c1b77a
SHA1 92640e3d0a7cbe5d47bc8f0f7cc9362e82489d23
SHA256 342c3dd52a8a456f53093671d8d91f7af5b3299d72d60edb28e4f506368c6467
SHA512 d070b9c415298a0f25234d1d7eafb8bae0d709590d3c806fceaec6631fda37dffca40f785c86c4655aa075522e804b79a7843c647f1e98d97cce599336dd9d59

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\9xGNA8UskvA9WHF58zbLOHZ5HvI.br[1].js

MD5 d6741608ba48e400a406aca7f3464765
SHA1 8961ca85ad82bb701436ffc64642833cfbaff303
SHA256 b1db1d8c0e5316d2c8a14e778b7220ac75adae5333a6d58ba7fd07f4e6eaa83c
SHA512 e85360dbbb0881792b86dcaf56789434152ed69e00a99202b880f19d551b8c78eeff38a5836024f5d61dbc36818a39a921957f13fbf592baafd06acb1aed244b

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\V_fBQ_iVmAgE_Ta_T-6BNXc0ZY4.br[1].js

MD5 f5712e664873fde8ee9044f693cd2db7
SHA1 2a30817f3b99e3be735f4f85bb66dd5edf6a89f4
SHA256 1562669ad323019cda49a6cf3bddece1672282e7275f9d963031b30ea845ffb2
SHA512 ca0eb961e52d37caa75f0f22012c045876a8b1a69db583fe3232ea6a7787a85beabc282f104c9fd236da9a500ba15fdf7bd83c1639bfd73ef8eb6a910b75290d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\8CgcSSLayxEVUBf0swP_bQGMId8.br[1].js

MD5 a5363c37b617d36dfd6d25bfb89ca56b
SHA1 31682afce628850b8cb31faa8e9c4c5ec9ebb957
SHA256 8b4d85985e62c264c03c88b31e68dbabdcc9bd42f40032a43800902261ff373f
SHA512 e70f996b09e9fa94ba32f83b7aa348dc3a912146f21f9f7a7b5deea0f68cf81723ab4fedf1ba12b46aa4591758339f752a4eba11539beb16e0e34ad7ec946763

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\n21aGRCN5EKHB3qObygw029dyNU.br[1].js

MD5 cb027ba6eb6dd3f033c02183b9423995
SHA1 368e7121931587d29d988e1b8cb0fda785e5d18b
SHA256 04a007926a68bb33e36202eb27f53882af7fd009c1ec3ad7177fba380a5fb96f
SHA512 6a575205c83b1fc3bfac164828fbdb3a25ead355a6071b7d443c0f8ab5796fe2601c48946c2e4c9915e08ad14106b4a01d2fcd534d50ea51c4bc88879d8bec8d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\Gyuq2bqitqDJM0BeAkbKXGlQXNw.br[1].js

MD5 a969230a51dba5ab5adf5877bcc28cfa
SHA1 7c4cdc6b86ca3b8a51ba585594ea1ab7b78b8265
SHA256 8e572950cbda0558f7b9563ce4f5017e06bc9c262cf487e33927a948f8d78f7f
SHA512 f45b08818a54c5fd54712c28eb2ac3417eea971c653049108e8809d078f6dd0560c873ceb09c8816ecd08112a007c13d850e2791f62c01d68518b3c3d0accceb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\lLk8XmbdNzzlnPRzVzDhaF9yjqw.br[1].js

MD5 3ff8eecb7a6996c1056bbe9d4dde50b4
SHA1 fdc4d52301d187042d0a2f136ceef2c005dcbb8b
SHA256 01b479f35b53d8078baca650bdd8b926638d8daaa6eb4a9059e232dbd984f163
SHA512 49e68aa570729cc96ed0fd2f5f406d84869772df67958272625cba9d521ca508955567e12573d7c73d7e7727260d746b535c2ce6a3ace4952edf8fd85f3db0dd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\K3hC1_cQXGFr6cxRJVWYpzZJaAM.br[1].js

MD5 02b0b245d09dc56bbe4f1a9f1425ac35
SHA1 868259c7dc5175a9cc1e2ec835f3d9b4bd3f5673
SHA256 62991181637343332d7b105a605ab69d70d1256092355cfc4359bee7bdbfb9c6
SHA512 cbb43000a142807ff1bb3bfac715cef1240233117c728f357c824ce65b06be493df2306c7b03598817f09b02e9e36ec52314f88467679c5bef3ee1504a10c7e6

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\910ptS3pcIDQ7a5acMaHuQliuN0.br[1].js

MD5 8898a2f705976d9be01f35a493f9a98f
SHA1 bc69bec33a98575d55fefae8883c8bb636061007
SHA256 5f30270aa2dc8a094d790e1e4a62b17c7d76a20b449d9b69af797a55fada9108
SHA512 c8575df93fbd1f65a285d484257adfe12733e47a6524a18d5910d33562eefd1d9da7197d16c7a3cad3bc5ad89546ff0fefe90e5c96e7850ecec9708c90334349

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\psgXZvzYJMEW2ydikIk493Va1d4.br[1].js

MD5 f4da106e481b3e221792289864c2d02a
SHA1 d8ba5c1615a4a8ed8ee93c5c8e2ea0fb490a0994
SHA256 47cb84d180c1d6ba7578c379bdc396102043b31233544e25a5a6f738bb425ac9
SHA512 66518ee1b6c0df613074e500a393e973844529ca81437c4bafe6bf111cba4d697af4fe36b8d1b2aa9b25f3eb93cd76df63abfc3269ac7e9f87c5f28a3764008e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\UftfQbYuKvGGEUHPU3QGHYd90Z8.br[1].js

MD5 8d078e26c28e9c85885f8a362cb80db9
SHA1 f486b2745e4637d881422d38c7780c041618168a
SHA256 0bf9f3ad9cdbbc4d37c8b9e22dd06cc26eea12a27ef6c0f95db6cbe930177461
SHA512 b808a972cd44e6bda01ac1f8d904d5a281f33b9238b8caab03decb6adb6b494b19dd9bb35e3d1ea3ca914ff4957155f6d2cb5a9b3a00c2195f80f52804ffb244

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\JigriHckblqcu1XwKpT4wumVS2k.br[1].js

MD5 602cb27ca7ee88bd54c98b10e44cd175
SHA1 485e4620f433c02678be98df706b9880dd26ab74
SHA256 f1c39ee3528b8f6bb887150c10152cd3bbf849c4b305da9be3d4a92614e2f3f8
SHA512 b27a3b7737ce984e6ad448f68b31074f8a98c6ca5d66f3165d1dec650097077da9c80ef3045758c591a1cf0dda74fa4ba8039426d312f50f082d2a0f8e7de21a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\lDSK5WXW01RCyGzCzzxdJDFYfO0.br[1].js

MD5 f8d7bb518048387bb7c7d55943949e3e
SHA1 f8c7854ef3870d88bca04971400dc2a4f6c89e51
SHA256 d397dca6127ef1fa1a7e87af89e1ac6829489f1c7bf756f43438677cc74b4904
SHA512 f8f82b687d70cd1aec0924e3f2d344af517063443ed9787625d3d5fed408e1ec442e5eaebff92883a1f177e5777f15c11120bc84c68a18dda73dc38d89af3b7e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\zlfm-hC70pZAs62UVTTl3KShKOE.br[1].js

MD5 8c8b189422c448709ea6bd43ee898afb
SHA1 a4d6a99231d951f37d951bd8356d9d17664bf447
SHA256 567506d6f20f55859e137fcbd98f9e1a678c0d51192ff186e16fd99d6d301cff
SHA512 6faa73d59082065426769a27081cbedcd22146ef948afdd9a86801f205b2dddc63e03ac5d555ef0af23ef05901ebffe7e8aadd82260ef505cb89d99e572fdf4a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\06bQtOdvnqIODKnOBKJedLV7FUg.br[1].js

MD5 b10af7333dcc67fc77973579d33a28e1
SHA1 432aeaee5b10542fc3b850542002b7228440890a
SHA256 d99b46c716faee91274a2d94869953fb78d312857cab5c1a61ea63d7ae90cc68
SHA512 c0afa2847a873b82c83f45a03c40fbb435668465a4dcefa21a31895a4d1106300f4041b385eefff2c85fc87fd9f1d0560d283116294468b710f6ca4f88fca1e9

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\6mZmj1db42G_jniFgdT7MCvBgyA.br[1].js

MD5 2ab12bf4a9e00a1f96849ebb31e03d48
SHA1 7214619173c4ec069be1ff00dd61092fd2981af0
SHA256 f8b5acf4da28e0617f1c81093192d044bd5a6cc2a2e0c77677f859adcf3430ac
SHA512 7d5aae775be1e482eada1f453bea2c52a62c552fa94949e6a6081f322e679e916b1276bb59ff28cf7c86d21727bcc329ecb03e5d77ca93204e0cd2694faa72bd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\mOy7YpeLJ3c40BBAFNUI6SmOUTY.br[1].js

MD5 16050baaf39976a33ac9f854d5efdb32
SHA1 94725020efa7d3ee8faed2b7dffc5a4106363b5e
SHA256 039e6b3df1d67341fb8e4a3815f0d1bb3292a2040334ceb9cfc4a8d6abf2fb55
SHA512 cf0d54f0368ffbc6908216fd2573df8f5fe4c34ac08e17301b8734b3fabc674672a7f456707f632f82f44b36812dad8a0cf81a51d5cea21ea7f0e18500298375

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\NfTD8Ovh04Y_Ni14YxqYB8R_2_Q.br[1].js

MD5 f1cf1909716ce3da53172898bb780024
SHA1 d8d34904e511b1c9aae1565ba10ccd045c940333
SHA256 9abac0cbfa6f89106b66cd4f698ead5ccbf615ecf8cd7e9e88567a7c33cfec01
SHA512 8b641e93405565b4a57c051edefc8e02d6c929ddd4c52f9bfbd19c57896aa40426bf5ed6760dbd479719561c4f0a25bfc4102f0f49d3d308035c9ca90b1d0fce

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\AglgcyB4gMmTQ6ObONYXrSSmE9Q.br[1].js

MD5 1488e99f0d07a7a4a3c7268444f9ba6e
SHA1 12f9601dceaaf737d4687b536896bd566193421f
SHA256 8ebe84e2270439df0c9bfaaafdd83a28883c86230ec9a8fe9e028047766b36a6
SHA512 c2f6df7768e55bfaedebe70c81a831d8e3d8975b0a7b89bfc343e8cf7713475aa253b8b8fee77c30403f46f6febc310087ac07d7bd1eb2665ac9737619429faf

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\jpTw59SbX2XJjw7loFjFsMElxfM.br[1].js

MD5 c5f979ff1dd16458243ed474aa93426e
SHA1 398a5f6ef41640eb233c0392ba50207b11b3d2fa
SHA256 7113a9cc42df33608e7a46d6d2127d988a1c6b62a44109899eeda20576aa76fa
SHA512 07bbdf0b54bf3361c415fac0ebfac721c91bc54b5ea913409439fa44020c9a9cbc1bd63f940cb1a291f7c231e4bec51e54bede691b12b6e0045e0e49923b3fc2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\3US3nNU_RgsSNFm9Bzw6xgeuOHk.br[1].js

MD5 d42baf2a964c88aaa1bb892e1b26d09c
SHA1 8ac849ca0c84500a824fcfd688b6f965b8accc4c
SHA256 e3a15dab8cc5adbd2cfa1a162bf06583da6fb7be3831323d819cd881bfb0672c
SHA512 634bb1c984c9d74876051937240295a5ed5dc6404379decafbc4df074aefda5246ec33be84d2b21e0099c7bdd406e9cae6ebdf0ff01ddec3806b89dc50810c12

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\K_V1CARn2Q2lTs5njJKUvUkHyi4.br[1].js

MD5 6c2c6db3832d53062d303cdff5e2bd30
SHA1 b7a064a64ceae5c9009ef7d6d8f63b90d3933c9d
SHA256 06b77ee16a2cd34acd210b4f2b6e423762ea8874bb26ae5a37db9dd01a00ff70
SHA512 bc2d115b53035b700d727af9d7efaf32dd2a39a2344f3f5fa1a82586be849ec7803e8320661e66ab7dd2a17e64b7897e95bbd84502b91997fa46eba4e67e8c7d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\rSgga9EgBLAGvLAWYL79eRXz7KA.br[1].js

MD5 d5bdb0059f0d868edd259902ddc6a22e
SHA1 74447c61d0afc2d9cb33e418413ae4160b6cc6be
SHA256 13d017a140ea14a5b330bb2941c7dda89b0658671124834284f7ae36bd4d8d2c
SHA512 b1b86d1f2dd3e9dcd5a5ce4530479aec86019e98350751b0e145fbfb09bba36432e39fa1b8892b8073e0c87a9fd5c815926e555e3da90d30b0929b1517f0ec07

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\5L3iD467J3iJWEPwIjxlK0MMDpY.br[1].js

MD5 2ef3074238b080b648e9a10429d67405
SHA1 15d57873ff98195c57e34fc778accc41c21172e7
SHA256 e90558eb19208ad73f0de1cd9839d0317594bf23da0514f51272bf27183f01da
SHA512 c1d7074a0ebf5968b468f98fc4c0c7829999e402dd91c617e679eeb46c873dc04096cbf9277e115fc42c97516a6c11a9f16afa571e00f0d826beb463e2d1f7b0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\Gw7eETSwe7GHmKwW1lRqGPQJXRo.br[1].js

MD5 17cdab99027114dbcbd9d573c5b7a8a9
SHA1 42d65caae34eba7a051342b24972665e61fa6ae2
SHA256 5ff6b0f0620aa14559d5d869dbeb96febc4014051fa7d5df20223b10b35312de
SHA512 1fe83b7ec455840a8ddb4eedbbcd017f4b6183772a9643d40117a96d5fff70e8083e424d64deba209e0ef2e54368acd58e16e47a6810d6595e1d89d90bca149a

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\nt6a1ZR520utsLoZmSYgwxdOPgI[1].js

MD5 0c2672dc05a52fbfb8e3bc70271619c2
SHA1 9ede9ad59479db4badb0ba19992620c3174e3e02
SHA256 54722cf65ab74a85441a039480691610df079e6dd3316c452667efe4a94ffd39
SHA512 dd2b3e4438a9deaa6b306cbc0a50a035d9fe19c6180bc49d2a9d8cdbb2e25d9c6c8c5265c640ac362dc353169727f8c26503e11a8a061a2517a303f61d0ccd3c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\y1tiMssL1_ZRGIkBjxDYmR2kX8o.br[1].js

MD5 e3c4a4463b9c8d7dd23e2bc4a7605f2b
SHA1 d149907e36943abb1a4f1e1889a3e70e9348707b
SHA256 cfb7fa1c682c6eee2b763b37e002022463cd6435434a16f6335f33fb98f994a6
SHA512 3a4e38e4c631d8e845edbc01c986f73b0368f8049beea7a3e8a34bdd5864c34103a48b19749c11b5bcc71fdaa672ef6c42e305e1cc6b37abea934766f3deb068

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\AsdMf7D6KLdP5SQOeuSIZtV8-sA.br[1].js

MD5 43b58b6b14b60581457ef8a405721626
SHA1 fa9da729b92847cc05ad81625b5667f299b75c08
SHA256 cef3b449403a4725a3866768f730e13f1bddec067cc67f306f023de2815a2789
SHA512 4c22ec83b8a81e0716c4ea9c643cfb4c4f9256447a114b7b0e05c0b38bc073f4a0538e2a385e963b3e2634ef34f66050ac2c36801772a345670409be8fd2e829

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\8w26ODmd1hk4C30WJtfkdBYFSfE.br[1].js

MD5 072d0f8c7fdb7655402fb9c592d66e18
SHA1 2e013e24ef2443215c6b184e9dfe180b7e562848
SHA256 4cd4cc3d07bbacdecb7331bf78fc5353b4b2664b6c81c1c0237136123d8e704a
SHA512 44cecee114212d2901dd13f9200771c708ef6e89b9bdcb75edf898a1e39833aafa4c7f8ebfc2f613d46eeea35222a1dfee3671a1b42679a94beaec099164f009

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\uiannz55FdT0j3p9jGwegfI5aIY.br[1].js

MD5 45345f7e8380393ca0c539ae4cfe32bd
SHA1 292d5f4b184b3ff7178489c01249f37f5ca395a7
SHA256 3a40a1ff034448d68d92a75ababa09ba5f2b71d130f5f6bdf160dcf8851529a9
SHA512 2bfd00bf303ad5a1e8413b5ee6a162167605511fefb8df61a8f40f80382f5520df690a53b1058365f1d81562b2668376886d0f829517a642fcd87412801fe987

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\eKvcHdnNwo1WcxoSioV4ztnfZk8.br[1].js

MD5 fb797698ef041dd693aee90fb9c13c7e
SHA1 394194f8dd058927314d41e065961b476084f724
SHA256 795e9290718eb62a1fb00646dc738f6a6b715b1171dd54a3d2defa013a74f3da
SHA512 e03c4ab727567be95b349b971e29cffb3890cfb1a1ddf997b34b9d69154294a00a5112f4ffca4df4e26bbf96afa75e5943e965edc8f8e21035ed2ef30b7688d8

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\ID-70CBAEOXh6Nwxga-CxgpUq4k.br[1].js

MD5 fd88c51edb7fcfe4f8d0aa2763cebe4a
SHA1 18891af14c4c483baa6cb35c985c6debab2d9c8a
SHA256 51f58a23f7723b6cbd51b994cb784fbc2a4ab58442adaeda6c778f648073b699
SHA512 ffe417fa00113273fe7ac1b1bd83c98a3a9dc12d41c77b60c52cc5ffd461d9ca2020c2444ac43771d737c70c58eca40786a5c5762b60f30da523f709684510df

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\ydDuUFvQrnTEDpvE14Ya7abrPGk.br[1].js

MD5 d807dbbb6ee3a78027dc7075e0b593ff
SHA1 27109cd41f6b1f2084c81b5d375ea811e51ac567
SHA256 0acdce370092c141b0c6617ed6e2163f04bb9b93d3213b62c2bc7a46fe0243c7
SHA512 e037dfc31d595b459660fe7d938eedb4f43d208d247174ee8d6fd0d125f211142cd73497e4601893cecb6f565b7e2e7815ce416d72bb95504d3f277e4e806d11

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\vDjLjnEkXEuH2C8u3tT0A004qwQ.br[1].css

MD5 9baa6773c6549250a3393e62c56eb395
SHA1 5bb4eead8609cd30b9b96b23ec4fd0082ae64c1d
SHA256 dadf403df8cfe888e59e6a051aee3783a2bf0bcc60dc1d09a7797daaee726ca2
SHA512 cf12319cf07897864828d9c950df4a98a0628d828a7fee75f1235fc5d3a57c90a40b5ded2743af2e62b1d13d3f6be0d302ada054e7c0d7164b8ba12054909b8d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\WRGhsWGnkf3ko69VafMSpLBwgbk.br[1].css

MD5 f8a63d56887d438392803b9f90b4c119
SHA1 993bd8b5eb0db6170ea2b61b39f89fad9bfeb5b5
SHA256 ef156b16fdcf73f670e7d402d4e7980f6558609a39195729f7a144f2d7329bf3
SHA512 26770bb2ac11b8b0aef15a4027af60a9c337fe2c69d79fddaa41acfd13cac70096509b43dc733324932246c93475a701fd76a16675c8645e0ec91bd38d81c69d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\c4ruj6QGsmSnOG64gJJnnnYDa44.br[1].css

MD5 6d94f94bfb17721a8da8b53731eb0601
SHA1 ae540db8d146e17cfc3d09d46b31bd16b3308a6d
SHA256 21829c74fce2c9bbbb3099a7a487de71465ed712410c32bc6c69884db07a90dd
SHA512 bf33fb4858b56f888108bcd5c2691613b68715e260e59c1e37a050a709be04a8e0eaf5509667183a0d51f1201e58c02df4f744a0772242ee5b61595c44c072e7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\ulJ3ckR0YcGpvIX6xhO4prJhEQQ.br[1].js

MD5 b743465bb18a1be636f4cbbbbd2c8080
SHA1 7327bb36105925bd51b62f0297afd0f579a0203d
SHA256 fee47f1645bc40fbc0f98e05e8a53c4211f8081629ffda2f785107c1f3f05235
SHA512 5592def225e34995f2f4e781f02cc2b489c66a7698d2feff9ac9a71f09e5284b6bbdb065e1df9c06adfb1f467d5627fbd06e647abf4e6ab70cf34501232126ad

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\hx1FP91l4PKrDhCLfXHf3ouMwSg.br[1].js

MD5 22bbef96386de58676450eea893229ba
SHA1 dd79dcd726dc1f674bfdd6cca1774b41894ee834
SHA256 a27ce87030a23782d13d27cb296137bb2c79cdfee2fd225778da7362865eb214
SHA512 587d5b5e46b235cdcdf41e1f9258c1733baee40b8a22a18602a5c88cba1a14edf1f6596c0ab3c09f09b58f40709ac8cf7e1bb33b57293aa88eaf62d0ab13fbf4

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\5-y8FBmAkXLBZZghI-X94CRnsqg.br[1].css

MD5 7a903a859615d137e561051c006435c2
SHA1 7c2cbeb8b0e83e80954b14360b4c6e425550bc54
SHA256 281d6234fd292800c2a5dbd14e524c9cee0d4438188b0b7d873abf41515a7666
SHA512 aa47efab7ec689b838d1e5adfe26e035e8b93f2b806f1954214447cb2065fa5906f81a70b4c656b3ce1490d8ac2009c7e7b0f96491d6d4559c41fb25d08fe35c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\1Y2IUOFZ\lOdiOLdMP6z7-OaP9ml2rVQNmVY.br[1].js

MD5 30a55d7f83b516eed7798c941175b038
SHA1 ad96cceae3ca67bf2ccf622523d2e7040c94655c
SHA256 1beb7792869fc6246ab2eb45411cdc2b9673f35413f37a281bc85b382605dc7f
SHA512 261506d60ea104a5e3ffd763768f935bf665b184770a3da6361192b6884d21cc8df4c04b56a712b5bb9d0b09ff5eb78b9316dc2f94264a617fd93625956f7a8b

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\EAF8AA29A62AB29E614331747385D816_F9E4DC0B9D5C777357D7DB8DEF51118A

MD5 8aeb3d2daeebe8c549689c075cb51885
SHA1 704036a9941c83081297ecfddd3c96abf8dc8467
SHA256 f780e048230596487d96c9a8631ec58192e814c359940d6730d4d56e3fe753e4
SHA512 37106a4a69a773338842ffe6c80642226d3464594011abe5e1079da67652821afa58ba2de1cb899a16cb9975a2248f3a0b9c8e389d5632201ca80e33b5a98d79

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AAP2GOJ9\favicon[1].ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9XXX9EIV\recaptcha__en[1].js

MD5 e9ccb3dbde79ba5ffdf9cad4b32d59fd
SHA1 3a8cd67adc7c885bdf683f1e7f491e6a4a50679f
SHA256 8f2c6777c7ccc01ab67290fa8acd5a4c4866be64129f39dfaeb9197dfa15e137
SHA512 5ca7c8439030c9b4b966760c660640a094b0d6e30e10df85d7b900c6f9108b0e309298ed93c006634bb3f437bab3cff1b83a5d1b18c666c04346f0856294c461

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\9R840QEJ\favicon[2].ico

MD5 e1c76d0b0ea7335e0e0106e5ac1125f5
SHA1 e45003897b26137bd1e9ba88a237f5c5669eb92a
SHA256 e4805c69184ae414aa88a6c478abee36e27b7e72e045365d81e6c44246808ec8
SHA512 15bf7c9e0a1d7ee6897b5e024f043eb07f75af1d9010e7bf1209d0440c2edc5fd1c4fd16c5e340c9a767ad2dd729e5a931d7979d163d83f0b59ea2541d83e013

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DFWUNHEH\bazaar.abuse[1].xml

MD5 c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA1 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256 b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA512 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\DE5ETJ98\www.google[1].xml

MD5 95faa0564cef46a3e5c2316ee856ce89
SHA1 095bdc7cb3a5941f1ff5db524dabe559192672dc
SHA256 51aa91dbafe9cf421b1dfb7005313e08f90480e18358e59526794931d709e941
SHA512 3d9c6150d50e255f249ff22b4202d5667bcaab3dd181df43e24fb554fd8e19d420d25201b57e531e922f30e389e98071adac7033fbb60e5f77099f6ad6d01266

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\7NL3IIKB\styles__ltr[1].css

MD5 eb4bc511f79f7a1573b45f5775b3a99b
SHA1 d910fb51ad7316aa54f055079374574698e74b35
SHA256 7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
SHA512 ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IU9FC3Q\rIjZlM8ZNfOeVQTojtt5OPuY9YnE0CAT82tG0V-YUX0[1].js

MD5 8d120d4d5cb207e52720218a143fef17
SHA1 dae68d4f786bda08fe39d89ab6f3366b1199cb8b
SHA256 ac88d994cf1935f39e5504e88edb7938fb98f589c4d02013f36b46d15f98517d
SHA512 4611f40996abd45761c5d56fd3ee000a3733ed872c6cfa89e112e32104e328af632b0330c20e125e248f6d5718116d848a1d0ca28f01626cede564610319d629

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PRDJRCJF\suggestions[1].en-US

MD5 5a34cb996293fde2cb7a4ac89587393a
SHA1 3c96c993500690d1a77873cd62bc639b3a10653f
SHA256 c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512 e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

memory/3948-3405-0x000000001B860000-0x000000001B870000-memory.dmp

memory/3948-3406-0x000000001B860000-0x000000001B870000-memory.dmp

memory/3948-3407-0x000000001B860000-0x000000001B870000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFFCC8896C5561DE80.TMP

MD5 2dca48bc32e2278a3f86f1f973cfaf0e
SHA1 59ee75874da2d78fed6fc80b3042f16913940fd4
SHA256 0d8cc4912b416ffa1355283c653c6327fef3abc30d4a30e6163e92a4808355c0
SHA512 1d9f521fed3a693d49f0a0b7570968098d10b456c423478b96cbe7a5242c32ffa9123551941f390a5dbe4f8dc440af60ca197ef1c8a84c60a202015af9001441

memory/3948-3466-0x000000001B860000-0x000000001B870000-memory.dmp

memory/3948-3467-0x000000001B860000-0x000000001B870000-memory.dmp

memory/3948-3468-0x000000001B860000-0x000000001B870000-memory.dmp

memory/3948-4919-0x00007FFB66330000-0x00007FFB66D1C000-memory.dmp