Malware Analysis Report

2024-07-28 07:09

Sample ID 240625-1j6b7axepk
Target https://sc.link/BWa9L
Tags
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://sc.link/BWa9L was found to be: Known bad.

Malicious Activity Summary


Drops file in Windows directory

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-25 21:41

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 21:41

Reported

2024-06-25 21:42

Platform

win10-20240404-en

Max time kernel

39s

Max time network

41s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "https://sc.link/BWa9L"

Signatures

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\1568373884.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url6 = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "647" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url2 = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://signin.ebay.com/ws/ebayisapi.dll" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steaemconmmunnltly.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url6 = "https://twitter.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steaemconmmunnltly.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "700" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url4 = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url5 = 0000000000000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = 01000000c6d72a7470af488c689439b873a137e06e46bb0a84f3e6713518b0dd232620764e885d9adbbd2ca236099935410e06143f955253006e43e04fef C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steaemconmmunnltly.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "1605" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\steaemconmmunnltly.com\To = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\steaemconmmunnltly.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 1864 wrote to memory of 4916 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "https://sc.link/BWa9L"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 sc.link udp
RU 178.248.232.231:443 sc.link tcp
RU 178.248.232.231:443 sc.link tcp
US 8.8.8.8:53 231.232.248.178.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 bitly.cx udp
US 104.21.91.178:443 bitly.cx tcp
US 104.21.91.178:443 bitly.cx tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.200.3:80 c.pki.goog tcp
US 8.8.8.8:53 steaemconmmunnltly.com udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 178.91.21.104.in-addr.arpa udp
US 172.67.208.102:443 steaemconmmunnltly.com tcp
US 172.67.208.102:443 steaemconmmunnltly.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 steamcommunity.com udp
BE 104.68.92.92:443 steamcommunity.com tcp
BE 104.68.92.92:443 steamcommunity.com tcp
US 8.8.8.8:53 102.208.67.172.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 store.akamai.steamstatic.com udp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
BE 23.14.90.74:443 store.akamai.steamstatic.com tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 code.jquery.com udp
US 8.8.8.8:53 recaptcha.net udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 151.101.66.137:443 code.jquery.com tcp
US 151.101.66.137:443 code.jquery.com tcp
GB 142.250.187.227:443 recaptcha.net tcp
GB 142.250.187.227:443 recaptcha.net tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 x2.c.lencr.org udp
GB 142.250.200.3:80 o.pki.goog tcp
GB 142.250.200.3:80 o.pki.goog tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 store.steampowered.com udp
BE 23.55.96.74:443 store.steampowered.com tcp
BE 23.55.96.74:443 store.steampowered.com tcp
US 8.8.8.8:53 cdn.akamai.steamstatic.com udp
US 8.8.8.8:53 92.92.68.104.in-addr.arpa udp
US 8.8.8.8:53 74.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 137.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 23.149.64.172.in-addr.arpa udp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
BE 23.14.90.90:443 cdn.akamai.steamstatic.com tcp
US 8.8.8.8:53 74.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 90.90.14.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 steaemconmmunnltly udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 steaemconmmunnltly udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp

Files

memory/1280-0-0x0000025080E40000-0x0000025080E50000-memory.dmp

memory/1280-16-0x0000025080F40000-0x0000025080F50000-memory.dmp

memory/1280-35-0x00000250851A0000-0x00000250851A2000-memory.dmp

memory/4916-67-0x0000019099800000-0x0000019099900000-memory.dmp

memory/4916-73-0x00000190A9AC0000-0x00000190A9AC2000-memory.dmp

memory/4916-71-0x00000190A9A00000-0x00000190A9A02000-memory.dmp

memory/4916-68-0x00000190995D0000-0x00000190995D2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\JD9QJPR6\steaemconmmunnltly[1].xml

MD5 09e370a359931d64eb555b23633f86b6
SHA1 c4de8497b4a2dbab66c4870628a676b2d449134e
SHA256 ad69ab3a71efc24cb7372ca9e39d3b1fb2e1a673773c402cf16d9eb0fe878c75
SHA512 86124f26d3e113997745b0079f4062cbdaac82fb865480dab32eb1ab4b3fcf7fbbbe27c5c00ae0af4cd5828c00056849186bd2fe2a9697b4db2212a24b6fc5d0

memory/4916-102-0x00000190AA600000-0x00000190AA602000-memory.dmp

memory/1280-121-0x0000025088020000-0x0000025088021000-memory.dmp

memory/1280-122-0x0000025088030000-0x0000025088031000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\R8NZJZ17\favicon[1].ico

MD5 231913fdebabcbe65f4b0052372bde56
SHA1 553909d080e4f210b64dc73292f3a111d5a0781f
SHA256 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad
SHA512 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\reva2hc\imagestore.dat

MD5 37bf75a388c6b93b41caf9ff38cbc915
SHA1 05d10f469d2f83ce366d83241c5c7e2866b9019d
SHA256 43ca777793f772d3da242d0fdaf5917393fe7d553b28d9cf53eb8f49bf5ab8d0
SHA512 ef1ef551af961fced1a84ded9b9d84d70fd49f7ab36fbd1f72dc02dde9ab9905277eb1ebca6af08a39018d85bd1fb4f5f6d0f14991b07170359a3b00890b7911

memory/4916-216-0x00000190A9FE0000-0x00000190AA000000-memory.dmp

memory/4916-256-0x00000190AC0E0000-0x00000190AC0E2000-memory.dmp

memory/4916-258-0x00000190AC3D0000-0x00000190AC3D2000-memory.dmp

memory/4916-260-0x00000190AC3E0000-0x00000190AC3E2000-memory.dmp

memory/4916-264-0x00000190AC680000-0x00000190AC682000-memory.dmp

memory/4916-262-0x00000190AC3F0000-0x00000190AC3F2000-memory.dmp

memory/4916-266-0x00000190AC690000-0x00000190AC692000-memory.dmp

memory/4916-327-0x00000190AA080000-0x00000190AA082000-memory.dmp

memory/4916-325-0x00000190A9AA0000-0x00000190A9AA2000-memory.dmp

memory/4916-323-0x00000190A9A80000-0x00000190A9A82000-memory.dmp

memory/4916-329-0x00000190AA430000-0x00000190AA432000-memory.dmp

memory/4916-334-0x00000190A9A20000-0x00000190A9A22000-memory.dmp

memory/4916-338-0x00000190AA5A0000-0x00000190AA5A2000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

MD5 1bfe591a4fe3d91b03cdf26eaacd8f89
SHA1 719c37c320f518ac168c86723724891950911cea
SHA256 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA512 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

memory/1552-451-0x000001CEB72B0000-0x000001CEB72D0000-memory.dmp

memory/1552-445-0x000001CEB7020000-0x000001CEB7040000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\9E4SWVQB\www.bing[1].xml

MD5 d9bfaea253b52a30603adbd408e7a3f1
SHA1 66171a40b8989bb18a3472ed9e716287170ffd4b
SHA256 d571c2a78a981fe2b0d7978f3d7bd2f1942be4bfea9a28d49e6d211e64257ec1
SHA512 5fe15c260e0dd997f7cbc0e1b48097e3e0b802c4ecb84b643cd176df1c86d3b417f060b08546cdb316fa66d6cbb60cacfa493286e07dbd5a0610522a67214ebb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PXJ49RG3\warmup[2].gif

MD5 325472601571f31e1bf00674c368d335
SHA1 2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256 b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
SHA512 717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

memory/4916-596-0x00000190AB7F0000-0x00000190AB8F0000-memory.dmp

memory/4916-595-0x0000019099800000-0x0000019099900000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z0BDNMC6\react.production.min[1].js

MD5 d86dcdbfed4c273c4742744941259902
SHA1 98089a33d0cf2fa4b3e1ba9b7eeb9b8ba0ac82a7
SHA256 4b4969fa4ef3594324da2c6d78ce8766fbbc2fd121fff395aedf997db0a99a06
SHA512 f10e98f579d36ce13e24dbe3050c09d87f12f94578b80ea1891ca485db48c83619d93a6b74d99639468a746cce872af8742ca4dbcece7a36cfbf097b96b7eaad

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z0BDNMC6\react-dom.production.min[1].js

MD5 64141792105ea4861f9f33294d65ab81
SHA1 506d9100caa070005a890bd496de64c437d6d008
SHA256 21758ed084cd0e37e735722ee4f3957ea960628a29dfa6c3ce1a1d47a2d6e4f7
SHA512 30e0a9aa84688ac093c09f2f41089c899bf4a9ca5138289d7a4dc64c54ba293936fb2ee6ba724894a09590509863ea7712b6055c28e61639df4d34520b538759

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZFWEV143\cc105dedok0bqm6x9kk[1].css

MD5 a1363e5529468310c3a9b9f6e0bb4084
SHA1 b1a0d99428e4ada4fff186f853d04420b61be942
SHA256 cc105dedf181ec5d2a2c740b2d8e297cc23845b8719ae9fe60602758bd9e95b9
SHA512 6807d96002c2ea313ff0eb6f48d57b4df978061049bb427f1f9c0c960ed3c4e3412d78dba58e51e99af65f127c5cb3a00409b86bb85d8bfdfacbd74129e6714e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PXJ49RG3\motiva_sans[1].css

MD5 45cda1a73836131dd3614c2c3854ca4d
SHA1 8c5f6023535cb883463e83170430b31ee72b5176
SHA256 218bedd2a2817dfde5f3a900b6204c7e378e1b747ff98ae89aedff2391e4429c
SHA512 efa13e0d107cb9915bb8ab250b417880f08e255ff2d6457306fef6a6ff0dee0fc2f0fca15738b71ce1aaccd3b2556b677881bef4a6cb182d696b583f10e78559

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OF6I7R42\shared_global[1].css

MD5 189446d5444e9816902080d1bba55626
SHA1 7e67a8fea4bc462eac06c161839d421ca6e11342
SHA256 95e68e600690560047fe5177c8fb6ea73e4a31b5a11630c52c631633d76089d3
SHA512 c88c63b8713f70a570fb47099f9a90beeeaa193c2f7a810e7f7a377357964d79ad1eeeb4d5b5176e65379bf3b5ccea97a4a5d32f192e8bb305821be2aa2a85b7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PXJ49RG3\buttons[1].css

MD5 e8f16a7b1e543e9adb78f6e12945515f
SHA1 47263a98b74a253ea0bf72bfb6525edc0bacb034
SHA256 3d0874ab563803918741edfd0204aa756df378544bf81e1874a538b17839500d
SHA512 305f068227a7b62bd472b797f6ab7c9c8b9199f7d038013c69f0101425ed364f960a03e3f931bf0a2b5f3bcf21da174eb02732367aaae4d9b4d75a9112439eee

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z0BDNMC6\store[1].css

MD5 126efe81c70b3467e40403a1854dcc22
SHA1 1116c4984b1ae73e0434caf4b8b5828d52e148cf
SHA256 54f57ceeed4079e485f0d9de8c1fe56434c6a0fde1c534b02fb773adc7ba1c7d
SHA512 e49bb01746c70ef4a8142dda2d57ebf17f0bdd9783620734aca46b44365c94fd80540e560e6dd2a128f745a817f36598d148dff3fcc194b42de0d144ff8e6efd

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z0BDNMC6\account[1].css

MD5 ae23b233da369d1f73c8c18127dce543
SHA1 5e8df52f1e068c74548b6e46cbbd25810309292a
SHA256 7e89a2f9b6d4da895bffb03b282c942ed7b982aba8605446185d9297f582e979
SHA512 ad0884750484033539dbb95cc094d4470397eec2c79f5f43ef998133869975643a237ed518264312eb86d58531d4c1bea689f49c0057e3bafe66fb6414cc42c2

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZFWEV143\cart[1].css

MD5 bb61486a27ad5fa68555bbe8a3ada655
SHA1 8bfa2068a12fa536b8f230d25aa690963aa38cee
SHA256 2772850b98923d3dcde7942c03c76f088cba2f9f50d0ac69a83a45bd1d6be430
SHA512 85a144b5df73db1b4c311c3b376b464b915aa7866c0550d7cdd4ba94c7934d40d0ce2267b49f4460e375892448caa89d9c31d056025ad4d567badabe09664d62

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZFWEV143\jquery-1.8.3.min[1].js

MD5 e1288116312e4728f98923c79b034b67
SHA1 8b6babff47b8a9793f37036fd1b1a3ad41d38423
SHA256 ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32
SHA512 bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z0BDNMC6\shared_responsive[1].css

MD5 b730c2b64c5e23e7b97343a43be0eae9
SHA1 1451a3bee6b72fb0bd049cb8b84cc5faf20ae598
SHA256 4ec40ebe11519d62a8c62ff92266ffa860a7c38259dc113d819ce91e083bee49
SHA512 d2e451fc4ca0f0faed06e9b05281fd07be2c3d2641160f5662d3adaab0026eb6cd70e7e6f093178a70c656e368e958fa6f93deeae59c7f7e142437b27bf99584

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OF6I7R42\tooltip[1].js

MD5 72938851e7c2ef7b63299eba0c6752cb
SHA1 b75196bd3a6f9f4dfc1bbf5e43e96874bcd9ce4e
SHA256 e2d4e0e1d3e162fdc815f16dfff9ae9b0a967949f0f3ae371f947d730a3f0661
SHA512 2bb6c03a1335ef9514d0d172a4284d82a29d1783a72306bdcb8af3185d5cd2ff16303355aa4b05086d2fa0b5b7c7159cfa67de4a6175095ff0e68adec2a56ac1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PXJ49RG3\shared_global[1].js

MD5 439b6df9df2bd182ee3354ceb7728f2a
SHA1 d54d45014d7282cb0e45a69c0c15430444095f86
SHA256 66e344142d1a04f10a33e847a59939a9e71d558897ecafab050d5caf72bd1cb2
SHA512 094ff0791d454eeea65ac399906ebbe5d44a8d1b8d94501baa0d55dc662841e9af340e1b852031982e0d4634068b3e4261c617108b142b91250c5c010ee411ea

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PXJ49RG3\main[1].js

MD5 f74cd0ae23533449cc8af7f8f151a9bc
SHA1 c48a1d9f24875c273b77618ef941bcc7c3e0188e
SHA256 911383c10abc27cacb7badc757ea3366cce08643aa808b6281a7312fdab63f59
SHA512 747da2df9f7fd391953bddc96868bd2bf6e0042f602a15a661c72dd6345745b07a11db2b56b769d4d4449f568a44920d066bd99d6eca07c4e40dfc4cbb1b5ee4

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\PXJ49RG3\dynamicstore[1].js

MD5 7f3e92bf5b5b4b76446e6147d86c21ae
SHA1 277260b15bb51c0e19b4b3d27acc4e4e5f172069
SHA256 c19260b0fc51d2bc52d42e72da83699701b5c5040460aa6bc13f4f0e6f5f9ff3
SHA512 47e9f75803c0d8b1ec169fc501a1768b4f11f38c54c435b1acd2cf9bfa4707c78ef56b3868d50aa36d6975760a57843dd306829d92a04b36bb1aa94b506aef79

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z0BDNMC6\prototype-1.7[1].js

MD5 6a39e0b509fecb928d47b8a2643fed2a
SHA1 f67fa6cb1d09963d10ba117d6553c8e7d5bc7863
SHA256 d8bdea7fff893dbdbeaf6c2affec091a77483b9ec10e7958486bc3b6cc170c96
SHA512 b9b8c6d9ac4928686c5ea254ac8f765c4f3690f79e5b1ccaaffc48d4bd47872b9cc5475c038f70d804740c81915fdfce315ebe553b628d12f7ca1cc4467075d0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZFWEV143\modal[1].js

MD5 405088f8d3fed7506e915118063be2c2
SHA1 1e8b4fbd31497dc0c6656791c2f90828e318140c
SHA256 bfcfd556cd300a21962bc18721c79d670bffd653d058ac8fd1adfd50d2d00c82
SHA512 fadf951a97addf12662f3d0272e39bdb60544c40ffd93e33c643769d7175a7265ca693f2b55c4be8c0e7b872098912696d92cabc5a5b4319ab0201c553b477a0

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OF6I7R42\dselect[1].js

MD5 b23a2ea37fb7dc6a317180acb9640bba
SHA1 559826c6b73a59bccf54f9034d7e8c43d03c091a
SHA256 23d2a8fbaa5a5f1f551b5d70440adee80fd519b52b3d6559cbbea35296679e2f
SHA512 e946116847558894e42e26e6702b600531e85cd0da91076e8af2fb3fece913f5ff4e8aa8744d2d43afa58ab2a0289954726434946e158fc840c150f2a079f109

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OF6I7R42\redeemwalletcode[1].js

MD5 5ec80e0ea50e955c3d7193fa098ab013
SHA1 c4d1182f4933dda515896b1f71c010617b3c509f
SHA256 0fbb541d7d9cb3d5428cf496bda26b8d9cdb012e184933fe0589be3795f1ae6c
SHA512 6b01ddf2f0ffad9c0f52027d1aceccc5d5d53669c0e7a1dd8fd3e0a351919cca859bde1afca5f1ff0c48597f17910316316fb2a269120d38d409a5716bc2cdea

memory/4916-686-0x00000190A9F20000-0x00000190A9F40000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Z0BDNMC6\_combined[1].js

MD5 31ed48071ce4b62c24520c95bcde6026
SHA1 c073152e6835fba2ded4cc215f3985266be23f2b
SHA256 08b39451eabaca10cd735816cdc5af4a35b05fbb197e2082235b6e16be62dedb
SHA512 1cb651ec52d7eb67a961436a48340d0b783bc944cd54008d00e8b26d933d0668380126c6acae89ef10906fd96e8da9ed4ef773dfd9c761f608ff7ebda5554ae7

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZFWEV143\shared_responsive_adapter[1].js

MD5 a52bc800ab6e9df5a05a5153eea29ffb
SHA1 8661643fcbc7498dd7317d100ec62d1c1c6886ff
SHA256 57cfaf9b92c98541f769090cd0229a30013cea7cfafc18519ca654bfae29e14e
SHA512 1bcacd0ec7c3d633d6296fff3325802d6352805f0d2cf1eea39237424229ecffad6cb2aee4248e28b1eca02ff0646b58240851a246bbcf0aa1083830d5d9081e

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZFWEV143\jquery.min[1].js

MD5 220afd743d9e9643852e31a135a9f3ae
SHA1 88523924351bac0b5d560fe0c5781e2556e7693d
SHA256 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
SHA512 6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OF6I7R42\jquery-ui[1].js

MD5 c811575fd210af968e09caa681917b9b
SHA1 0bf0ff43044448711b33453388c3a24d99e6cc9c
SHA256 d2f0522008bff05c6434e48ac8f11f7464331436a4d5d96a14a058a81a75c82e
SHA512 d2234d9e8dcc96bca55fafb83bb327f87c29ae8433fc296c48be3ef8c9a21a0a4305e14823e75416951eecd6221f56fbbb8c89d44b244a27be7b6bea310f2fd1

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OF6I7R42\enterprise[1].js

MD5 cbca5f004c1a40596135977bd5326479
SHA1 0256143af73d7566625a43546a7b48a3ebc1082a
SHA256 b6231074adc5245e36202fc78eb079e7678c11f8d67a12da8685980f56042b98
SHA512 c6b0e2f08656b873834808e8056738e7ebe4ee19fcedfbd35fd57980ef09346d042831060c261b9ad9415f1c7927ac03b140c2d0a8c823ba9c8560efe2f29e01

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZFWEV143\MotivaSans-Thin[1].ttf

MD5 ce6bda6643b662a41b9fb570bdf72f83
SHA1 87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8
SHA256 0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6
SHA512 8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZFWEV143\MotivaSans-Light[1].ttf

MD5 d45f521dba72b19a4096691a165b1990
SHA1 2a08728fbb9229acccbf907efdf4091f9b9a232f
SHA256 6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc
SHA512 9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZFWEV143\MotivaSans-Regular[1].ttf

MD5 57613e143ff3dae10f282e84a066de28
SHA1 88756cc8c6db645b5f20aa17b14feefb4411c25f
SHA256 19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA512 94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZFWEV143\MotivaSans-Medium[1].ttf

MD5 2d64caa5ecbf5e42cbb766ca4d85e90e
SHA1 147420abceb4a7fd7e486dddcfe68cda7ebb3a18
SHA256 045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
SHA512 c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OF6I7R42\MotivaSans-Black[1].ttf

MD5 4f7c668ae0988bf759b831769bfd0335
SHA1 280a11e29d10bb78d6a5b4a1f512bf3c05836e34
SHA256 32d4c8dc451e11db315d047306feea0376fbdc3a77c0ab8f5a8ab154164734d1
SHA512 af959fe2a7d5f186bd79a6b1d02c69f058ecd52e60ebd0effa7f23b665a41500732ffa50a6e468a5253bb58644251586ae38ec53e21eab9140f1cf5fd291f6a5

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OF6I7R42\MotivaSans-BoldItalic[1].ttf

MD5 e77ef961fe37dd8e6de30d4f7fa9a4de
SHA1 567327935ae2bb3de45e7f612f2d05273a999584
SHA256 6f93f21bc1ecc2d1c24fa2268aafad7f9e76836bb95aa76adda9307caad51c64
SHA512 2b432cf2d448026ff12634d605d9eb52ab6d285ea3cb437031b0427bb933b0aba40c416c0f102a39ec4a267ae2396b4da414048adc360780508281fc454462de

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OF6I7R42\MotivaSans-LightItalic[1].ttf

MD5 07247cbd12d4e4160efd413823d0def8
SHA1 517a80968aa295d0a700a338c22ba41e3a8b78a7
SHA256 41464efd9a32a5967b30addc21fe16cd0a35870fda56658b531a9a2434b4d829
SHA512 27e0e7505d41891e70bd06733f96e82e45061d621a1d20bbc524fc89c5406a799cf53d98c0fa256cb4ebfc19750c9a05531a8d273cebc260d48948edffdf6244

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZFWEV143\MotivaSans-RegularItalic[1].ttf

MD5 7bc1837717cdc49c511ebdd0e75122a2
SHA1 d31e0df252328b946984c6bde94f7b2f7c72d964
SHA256 97c39175b9c8c46a5f2be987c00be2ef556421fcdada1ed3b327c50cc36cc78b
SHA512 53b31bdecde75e8f50f82db69728f6f831d6a3452062ac6e419f9369ffe88f0ea6ace3a501d89501ff86fe47e05900ed5b482221d215898e28a0a4bb1f1b6a85

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZFWEV143\MotivaSans-Bold[1].ttf

MD5 6168553bef8c73ba623d6fe16b25e3e9
SHA1 4a31273b6f37f1f39b855edd0b764ec1b7b051e0
SHA256 d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66
SHA512 0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZFWEV143\recaptcha__en[1].js

MD5 1bb4ebd5a1126f7287c58e242a7188e2
SHA1 f06c98f9b76c942631ca4ced196b6ccff5aae339
SHA256 4b20abde9f7eb27dc344dbbb35f59aba01e4cc70262c07c260beadef9072f25e
SHA512 b51fe40ab04c98c21b1f233cb335f5d1ce2f496a2b07544025e5a89c171413ed1755bd5d9900ea43f0495fce190d4607b6d53c3d8078ebfaaecefa97471c8abe

memory/4916-757-0x00000190A9A50000-0x00000190A9A52000-memory.dmp

memory/4916-759-0x0000019099120000-0x0000019099122000-memory.dmp

memory/4916-761-0x00000190A9A70000-0x00000190A9A72000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml

MD5 d4fc49dc14f63895d997fa4940f24378
SHA1 3efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512 cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a