4f34b452b749f5ef9bf177655099a253ce6af672600d2f027ef712c190e7a7f4

Analysis

max time kernel
151s
max time network
149s
platform
windows10_x64
resource
win10-en-20211104
submitted
02-12-2021 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Can satellites provide worldwide broadband Problems and opportunities.pdf
Size

155KB
MD5

4de49ee4b7985c8413ceb880689c7570
SHA1

b078919921efdf1c98326ea31face5a9b2e486eb
SHA256

4f34b452b749f5ef9bf177655099a253ce6af672600d2f027ef712c190e7a7f4
SHA512

a1d98e8dc7e1c32caaf1dc6693f68abfb0ebbd527e2fcafcbd429b7500267346e3abb48b2e072d75de8121f9b106d18a7b751a2890de3af035ff04591ee18515

Score

10^/10

amazon phishing

Malware Config

Signatures

Suspicious use of NtCreateProcessExOtherParentProcess 4 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exe

description	pid	process	target process
PID 5600 created 4748	5600	WerFault.exe	MicrosoftEdgeCP.exe
PID 6768 created 5236	6768	WerFault.exe	MicrosoftEdgeCP.exe
PID 7044 created 6872	7044	WerFault.exe	MicrosoftEdgeCP.exe
PID 5632 created 7096	5632	WerFault.exe	MicrosoftEdgeCP.exe

Detected potential entity reuse from brand amazon.
phishing amazon

Drops file in Windows directory 13 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2274612954.pri	MicrosoftEdgeCP.exe

Program crash 4 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
5600	4748	WerFault.exe	MicrosoftEdgeCP.exe
6768	5236	WerFault.exe	MicrosoftEdgeCP.exe
7044	6872	WerFault.exe	MicrosoftEdgeCP.exe
5632	7096	WerFault.exe	MicrosoftEdgeCP.exe

Checks SCSI registry key(s) 3 TTPs 20 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

MicrosoftEdgeCP.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	MicrosoftEdgeCP.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\FriendlyName	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	MicrosoftEdgeCP.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\FriendlyName	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000A	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	MicrosoftEdgeCP.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WerFault.exeWerFault.exeWerFault.exeAcroRd32.exeWerFault.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFault.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFault.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFault.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFault.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFault.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFault.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFault.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WerFault.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WerFault.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFault.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFault.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WerFault.exe

Enumerates system info in registry 2 TTPs 11 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

MicrosoftEdgeCP.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFault.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFault.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	MicrosoftEdgeCP.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	MicrosoftEdgeCP.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFault.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFault.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFault.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFault.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WerFault.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WerFault.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdgeCP.exeAcroRd32.exeMicrosoftEdge.exebrowser_broker.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.youtube.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.amazon.com	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 6a24427330ead701	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\read.amazon.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.amazon.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\amazon.com\Total = "1728"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1677"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\amazon.com\Total = "1010"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "470"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "470"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\zoom.us\Total = "193"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "383"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\amazon.com\Total = "808"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "8304"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.amazon.com\ = "731"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "12120"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = 79f0e5fcadd1d701	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.amazon.com\ = "21474"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.amazon.com\ = "92"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.amazon.com\ = "419"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cmu.zoom.us\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1605"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\read.amazon.com\ = "298"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1742"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{D575435C-1251-498E-B767-37D7840AF4C1} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\youtube.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1316"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "11140"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.amazon.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\EnableNegotiate = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "27009"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\zoom.us\NumberOfSubdomains = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\amazon.com\Total = "894"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.google.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\Total = "383"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1107"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1293"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\read.amazon.com\ = "136"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\read.amazon.com\ = "1173"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1042495040-510797905-2613508344-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "470"	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

AcroRd32.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
5600	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
6768	WerFault.exe
7044	WerFault.exe
7044	WerFault.exe
7044	WerFault.exe

Suspicious behavior: MapViewOfSection 26 IoCs

Processes:

MicrosoftEdgeCP.exe

pid	process
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

description	pid	process
Token: SeDebugPrivilege	3816	MicrosoftEdge.exe
Token: SeDebugPrivilege	3816	MicrosoftEdge.exe
Token: SeDebugPrivilege	3816	MicrosoftEdge.exe
Token: SeDebugPrivilege	3816	MicrosoftEdge.exe
Token: SeDebugPrivilege	1344	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1344	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1344	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1344	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4540	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4540	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5600	WerFault.exe
Token: SeDebugPrivilege	6768	WerFault.exe
Token: SeDebugPrivilege	7044	WerFault.exe
Token: SeDebugPrivilege	5632	WerFault.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

3052 AcroRd32.exe

Suspicious use of SendNotifyMessage 34 IoCs

Processes:

AcroRd32.exe

pid	process
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

AcroRd32.exeMicrosoftEdge.exeMicrosoftEdgeCP.exe

pid	process
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3052	AcroRd32.exe
3816	MicrosoftEdge.exe
588	MicrosoftEdgeCP.exe
588	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 3052 wrote to memory of 3464	3052	AcroRd32.exe	RdrCEF.exe
PID 3052 wrote to memory of 3464	3052	AcroRd32.exe	RdrCEF.exe
PID 3052 wrote to memory of 3464	3052	AcroRd32.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 3728	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe
PID 3464 wrote to memory of 1008	3464	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Can satellites provide worldwide broadband Problems and opportunities.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:3464

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A3E605DB2A92E8D41C4FF02740B2EDB9 --mojo-platform-channel-handle=1636 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3728

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CB5533A20BB8696FE23524BA3CFFF5EF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CB5533A20BB8696FE23524BA3CFFF5EF --renderer-client-id=2 --mojo-platform-channel-handle=1628 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1008

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=655E790C6A0D1A61A0B25B2EC8F937D6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=655E790C6A0D1A61A0B25B2EC8F937D6 --renderer-client-id=4 --mojo-platform-channel-handle=2092 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2764

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=ECBE4FED10D50CBDD1CD388391014E6D --mojo-platform-channel-handle=2528 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3032

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0C0A96CD042301A7D8AD63C0A7EAB4A3 --mojo-platform-channel-handle=1808 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1220

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F984AA618D0A32AC05E3B999611BA3F3 --mojo-platform-channel-handle=2584 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1968

C:\Windows\SysWOW64\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://cmu.zoom.us/meeting/register/tJArfuqgrjIvGdOElah2ZmM2V23qrFjlqrN_"
2⤵
PID:2276

C:\Windows\SysWOW64\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.cmu.edu/epp/index.html"
2⤵
PID:1540

C:\Windows\SysWOW64\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "http://ow.ly/NQ9yI"
2⤵
PID:4704

C:\Windows\SysWOW64\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "http://www.amazon.com/Geeks-Mission-Their-Own-Words/dp/1457521741"
2⤵
PID:4944

C:\Windows\SysWOW64\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.amazon.com/Finding-Alaskas-Villages-Connecting-Them/dp/1457551101"
2⤵
PID:4316

C:\Windows\SysWOW64\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.amazon.com/Finding-Alaskas-Villages-Connecting-Them/dp/1457551101"
2⤵
PID:4716

C:\Windows\SysWOW64\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "http://www.amazon.com/Wi-Fi-Bad-Boys-Radio-Technology/dp/1457505606"
2⤵
PID:2680

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3816

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1016

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:588

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1344

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4124

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4540

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4748

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4748 -s 4612
2⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5600

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4992

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2104

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4636

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5332

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:6132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6028

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5236

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5236 -s 4164
2⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6768

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6872

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 6872 -s 4352
2⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:7044

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:7096

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 7096 -s 4300
2⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
PID:5632

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:4556

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\177WDQM3\KFOmCnqEu92Fr1Mu4mxK[1].woff2
MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\177WDQM3\joinClubsImage._CB409113671_[1].svg
MD5
a9f0909022bf223b78ae48ce85640896

SHA1
e9ef0ab063900d513daded03aa6c96a21bffdf06

SHA256
ad8314f6ffd24c751c45956d8da14033414e418c7d8ad092b4bfb67ff482f209

SHA512
6eebbbcafb0e81b24f9cf4a98f2a3b6abda1f5a0f67870eb21bb0131de6b028dfb67cd0e4f773d3ac8a4770f8228909afaed4f57a14e71c34e41219c4c9be7b9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\177WDQM3\nav-sprite-global-1x-hm-dsk-reorg._CB405937547_[1].png
MD5
63349a7c82c19b297d13b635947e36d2

SHA1
a627e636e05fff23b423db10f52813f8257dd61c

SHA256
d290bad14b077af43c094f8f42a92186f8bb08fad041fae1c550ff5bb72cd12b

SHA512
712e49c171408b2b431017ffaa75a0dd61726a1bfddf119a405459d94d4699f53b79eb5a367e13ee19478674a08735971364285e53a504826de0c3c2e9a86b1a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\177WDQM3\qd1edsm5e5al0hgo0oiamrnfrn._SY600_[1].jpg
MD5
f16ff89050114c33356d6df446e67020

SHA1
fba99c1bf1d36a5ef6d5b89cc92d2deae6ea3802

SHA256
6f4edde2c4da71a79648b07bda7358d1dd028b3527c73ab94401d1ee2fe76be0

SHA512
145922f0aa26c466859163ff50941653b887730acefe0ff3fcc43e13bf58f9527e8abc13dd6e1989ee271ba5236750b362beca829f2348d4ce0f6e555bc31815

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5UYVALIM\ABC_logo_primary_beta._CB408510813_[1].svg
MD5
4c8a6471706febd73c1935ca61ff6610

SHA1
e4d6e25d83ecfc4831c9f19c00d1170298c41dda

SHA256
c4bd5a8a3659bf07be3993282f89e535df6c0a5e642438bba3799a8de2142de5

SHA512
63beb3a5306509a493abb91092d76c7726ea3b97251be108b0d3f1ca9f25677e59dfcf53c6a9dc02a80258aef4b3b9f706ab785a333030a5969a9d7080b53801

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5UYVALIM\DAsf-1.50.95fe6f0[1].js
MD5
49227fd8c34c1f216dbfe4f925b93f56

SHA1
711962568ccdf65fa327ed73b05c6e78670abf47

SHA256
5f88ad9fe0b6b0bff07338128dcd01cfb7fed9eab53df28a3c93bc9d710b27fb

SHA512
98ced401c62af1fa277ad97b651349555c9415a1ff41d3c555afd79850f9e881774df2d211da0bab3755fdf3f14a8041e147d1ab9bf72900228ae88f25ceb1e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5UYVALIM\base[1].js
MD5
86660a2c2cf46ce1407fe57ea636482b

SHA1
197f99df8a55c52f21e4030bdef90002299881c0

SHA256
c8292f310890acf1f50f9f6acae9c0fe5144a0ea227d4b98ca1f99702a0c6bd7

SHA512
6e543f49087b270424f2473c55ec2d03b5c7b865ddffd7df019c82e6475e0d2593e10b7f2546faa9835447242e900f8fa24b3ddd9a3585ad70f55b4c0b5db4dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5UYVALIM\secured-ssl._CB485936932_[1].png
MD5
c63182b05502a14c03f6d69bb03c5768

SHA1
51cc2e873c3c776ef90934251b7f91a5c85146f6

SHA256
b39196b4c7696d8a34ed3d991e325c42851b75d6940019d9e0f656eaeb49f572

SHA512
0df5b458340bed784e92ec78dd2aed94c8242eea7d793b431b4d0a9d8e97f8cf7d68f6466de056173e0374c347a8ac7edd2b577a1906d048998806ffc7f42ce2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5UYVALIM\www-player[1].css
MD5
241b96118f915e7206fd9bdac7abe073

SHA1
98887fe20107eaec31b710c1b5028b6be8ee1392

SHA256
d98637a1c12b32b467e6238367e35c66a1af6ee1d7cf1ec86fa8762b5e613fe3

SHA512
638afea746b80f4308d1f22e2eff93516c83419d50b4099b50d72ee0ca1b75d0b4d326ff336f99e9323b1f54492ad2ce7a72298d72a06e2fa7f26b1cd7e68b51

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NP483SAZ\41KBYOkTjIL._RC_71EnDOWPGjL.css,31g1ibO5ySL.css,31CdpXAsWCL.css,31YZpDCYJPL.css,21MKjoYL8wL.css,41OiMQkB+EL.css,01yCq3WXEcL.css,11kO7yAgi[1].css
MD5
5e41097fd3c349dc5eea27555ad96b56

SHA1
af4ed8d5b3de3872bcff51c8b27454d5834f450a

SHA256
5f351b7fb4e76581a09a8b461ed7b4e4f71557edc76283f2db30bb13cee98703

SHA512
6d23eecae8860b9955f8e22c148136201fc81db0760008c83095af837b7a691c71c34095171adc594400217fde7352677cbf1c81dd584c5666d668b8d8c1915b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NP483SAZ\7QG21FMA.css
MD5
0263bf242f2e1763637d399665cdc177

SHA1
a668cd5a633a450521ce204dd74d66cc3820dbce

SHA256
35faf8310e9866027707e4be4906b2784b0825b6d66d2f4e67430d9a6d8dad7a

SHA512
64842334c5c103084a0632417d45713c7ea2342b35ba52a62df7fb23b227127bdf64794e90e66eca946f8da4562de92409f9e5d9b080bdae78d4e2a66cd8f7d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NP483SAZ\apple-horizontal-iconv2._CB485922128_[1].png
MD5
e3e5df622c04f7a1d85661bef5cae2f6

SHA1
871e9a34730b0dc96a2a67c65d7e474abec9721e

SHA256
676328bd36c12a44e7b5e04e0666bc5269c59692041c6365878c502221767486

SHA512
63ecd14069904ca938a37e96f8f59f10b0edbe0474dd8f0f0cf74eccdc430fff25607f24e014ff9de02c9f7b19d9b28d5fd1f3f5c03ad1092faa6aee66059a02

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NP483SAZ\scheduleWithEaseImage._CB409113670_[1].svg
MD5
c35d8afdaf8c44a6327a3682451a4047

SHA1
dc1f325c50b3fb9c4a36f99fb2625807f1282a99

SHA256
cd7fa3df516020080b63335670437698dd42aebfde99705126ebce96bb8287de

SHA512
4843bde7296f540129c9832c1e9380221be18ad62f128dad599de2620c05c52f0e93d64ca7e322bcee0dc39831946e0879b2f60afc1a1ac19e4198294c5562ec

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NP483SAZ\sitb-sticker-v3-small._CB485933792_[1].png
MD5
a495bfae26976111e2be267be73ab698

SHA1
60658d37de9f33ce448aead0225201f08125d3cd

SHA256
6131b88ed79398f84e258e7c1c117e2311814cd222f90353e24c2b1a92b408be

SHA512
110f406bb5add68c5f92a47bb33b4ca55c92d2f2a3e95b12bd0aeb7a20726714598f2af93546db5ae44762bdf23ff5f817fe0aae780faa66b515a6011d28ca50

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QCXVHV6I\1457551101[1].htm
MD5
e9afd92a23970460ced13d06317a98a7

SHA1
c76a5fb86c1d1a9de6d156abe2d94554e6689d56

SHA256
34040412a13540694e4bec74927d5e14667c7193303ff20564f23046a58c021b

SHA512
813ebb0f8fd651720570e219f6d1bb66183ddf12788cd705f10a4dc2d3fd5330995f287311bf0ffb29e5efc19cbb00b99ebe639cc623ee28e70c807fb0b40ab5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QCXVHV6I\Fuji_EDD_ILM_en_1X._CB651891536_[1].jpg
MD5
0fba982909df9ad3e52baaa926697522

SHA1
bad435d5df4628b661662ece3b0ea6dfcf3bca03

SHA256
d58bad8d61f318e3b0cb8193d81fd831f1f0e0e4f826f119917e2617c932a40e

SHA512
0fa257e5f2d750d4df5a51e0c406bb11391eb2cfc9e9d1ff0b4aee3e99ef05c0e4f3bc6f63ff3c23479ae62d3425250f294289e94e134388346d2203db8df7b9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QCXVHV6I\McBZv0ZvnbehkIx[1].png
MD5
52b8d386d2b1d407c71a4ae966b61add

SHA1
b962650fffc15637f0d9f57c332702459f084b7b

SHA256
d47c1e50db91bb597b75edc63362cd0c568e4f5f15a3f8be1b6adff24e89e447

SHA512
c6b69af93d0683324a86cbee5575e42a293c8588267c49034d1cc9ab3635034897838f9d5ea665b694c90d72cfe2b3f462cad907cc74749e9af863a90d233998

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QCXVHV6I\chooseBooksImage._CB409113671_[1].svg
MD5
cb32baa47f679fc2cc18d97af0075ff7

SHA1
885023eb711df2a01984a09a4907feb52bd5751a

SHA256
f6488cd2aa22c9776c437faca9e56b6d76d5435f8276ec6a518c5c1f331512f5

SHA512
0b73da2a320f7087f138b77f351ee7448780b5c66fc9993122a55e6a3c956d45dc792412620d43997828502ca4b2ba6239ce3c9833056f7f2d126b6ff1852c87

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QCXVHV6I\kIT-Lj9i1Bch8yi[1].png
MD5
d415305515ed33989398632b60a78ddf

SHA1
d73b5a89ed027392a19fe2d5fcc6c84bc86d726c

SHA256
28041c52d8046b683406d24eed1c27955cb3661ed599a9a936ae239fc579e6fd

SHA512
3b9ba508922bf1c1804a75c7d9c05270190af7456212e736389096906a4abea826431d0d7f4854228e7a33f863209e40a25851ba28bb9d0f42ca6c1b2a99af8c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QCXVHV6I\remote[1].js
MD5
ae8bdbe3ebc9040b0645080cbe45d3fb

SHA1
e137ab5cc2963cd955ec124ee75fc4a0353280db

SHA256
2beda609ecd71e56857d80d5379da8ce220df20408ec9bbc9f68cec3e893da03

SHA512
349fdbbfdc28b8c0074d997f1dbc388141d23de0d0dbfdfa893a1308daf35e158de5fb3d48491c4ae3990693eae4625ce1c9be924ad06c6c4b19e9e4b65d3b87

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QCXVHV6I\rzrQQdi0aRm6Dap[1].png
MD5
9d769c532dabab3574a99348c8d1dde7

SHA1
fc757a1a5923a370f318de7b8b64988234a81dee

SHA256
2589a7bfaf12de9699977cac47492faefb6768877a4e504bfa858a2e800f37d9

SHA512
692e9b4786ac0d37a5b55a55592f16d5062e87606636876078e1df213e30c3d085c130a7dba2763510472eae3b885723d147b4f82d6a10f1d034bc9eb3f78c9c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QCXVHV6I\transparent-pixel._V192234675_[1].gif
MD5
6851dbf491ae442da3314f19e8aff085

SHA1
ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3

SHA256
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

SHA512
89dfc38ec77cf258362e4db7c8203cae8a02c0fe4f99265b0539ec4f810c84f8451e22c9bef1ebc59b4089af7e93e378e053c542a5967ec4912d4c1fc5de22f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\7BTKKPMF.cookie
MD5
d1f6d99a94112a89a02ff154e91676d8

SHA1
a003fb0db02edade63fe32fe821e37a0036c5282

SHA256
a908fedb43ce758191b3c82bc30620f39d28e17f776ddbd8e0c5c7a1c41e67d6

SHA512
b2bcb3bc3abc0b738c60ff363efee6c980b52e3e9c30c9414aba4acdabd5139842ae19366a10523dd34974488b9b0ecd882230bb6e6367767dbad35cba41268f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\CUNATI3T.cookie
MD5
f7acb2b86f91bae38f0bf1ea6ea62865

SHA1
6b8dd94bb6fa1daac9385993f6b1618d041635a4

SHA256
1fe740eb702a30c21ca4c5549530b401ddef765c43861412608614a6bcfdd8ed

SHA512
ba8530ee8f20f459fb352dee6d7b14fe4cbf5c0014167661c7357a8cb5e17e0e0f3a22158d21aebc6606a4cf180b28089b4e3b4a34cb396cc9aa36d1c4de92f9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\KS8YMM9T.cookie
MD5
ea5f49cff943f5b30f8e09be4207a8dc

SHA1
e1d7a8b95be0a68976166b92f8297feea0bc74da

SHA256
4417c446c215705b3692410e1725340eb9a6dc312766cdbf00f620cdd1f4f0c3

SHA512
68324bb47907fd7d68f6e05cf17721caa487a2b370e03648894e67f5464662b0558770330ee3008327f141774ee9dda89383f4abb5227255f71b8ccfd9fb965b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\258G1D1O\www.amazon[1].xml
MD5
b373933ad998acc0be9baeae2431f9bb

SHA1
62e353baf829a60d4326b7ed6ce55e26cc930b2f

SHA256
a951a8f345bd76d731e15414852c5627b3270bb30a9a727c1cdf0a8a5d0c38fa

SHA512
d817c739603b89473c9d6a098a4149c0a75e321baaac827cf2c8a2d8ed6f949d47fee24a8606150112cd072a9eaa74826992c9b2241227ab2c6d0b958e032d53

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\258G1D1O\www.amazon[1].xml
MD5
e8eba363c6b64da00f360e388819d734

SHA1
55e99b199d273c56472d80da04c8a75413459f4f

SHA256
61f76a4dc0f6c71dfe1d61d0212545739d00ad014da802aef799ea25a9aa8633

SHA512
bd1ca489ab3b4b02eaa3413ed7fe5e0808fa15ddb2c3a74b1e11f07e5cf1bdb1676b819252859904839860a089f07bd006154e7dc85db3484db67fc8a0ac1302

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NSREJXYC\www.youtube[1].xml
MD5
8e435d057553a9c5648275e149a50f5e

SHA1
b2074ca2a4984b3d339dda901eb496265e2d1221

SHA256
3cda46fcb6921206bcf1d489b3f045c258f28d3799270661a8583a91848f2974

SHA512
587d5e7de4964177ed15b35260627280f8aa3d44cc5c00736631ae0cdd4f60966a66ba0abb927d8c584f37db35f6d23ae75b059aac29b3b651663f763a111d3b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NSREJXYC\www.youtube[1].xml
MD5
8e435d057553a9c5648275e149a50f5e

SHA1
b2074ca2a4984b3d339dda901eb496265e2d1221

SHA256
3cda46fcb6921206bcf1d489b3f045c258f28d3799270661a8583a91848f2974

SHA512
587d5e7de4964177ed15b35260627280f8aa3d44cc5c00736631ae0cdd4f60966a66ba0abb927d8c584f37db35f6d23ae75b059aac29b3b651663f763a111d3b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NSREJXYC\www.youtube[1].xml
MD5
85b34c153a4b41e5d5738328ee3a3a35

SHA1
b955cc6b6f7781807fda15097716aebae0c126f7

SHA256
4a22aba4da5c2c313630c14788d9d08f5aa89bf1f3318743f9c0c193c78d3a3b

SHA512
9e19973f0ad0353855e9cdedb1068340a6bc3369eadc00da6e78c2b8a12631dc1ae5d110e5ef657c21c7858ef0779a3863cfa62305c2e4570b67a7e84673161c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NSREJXYC\www.youtube[1].xml
MD5
85b34c153a4b41e5d5738328ee3a3a35

SHA1
b955cc6b6f7781807fda15097716aebae0c126f7

SHA256
4a22aba4da5c2c313630c14788d9d08f5aa89bf1f3318743f9c0c193c78d3a3b

SHA512
9e19973f0ad0353855e9cdedb1068340a6bc3369eadc00da6e78c2b8a12631dc1ae5d110e5ef657c21c7858ef0779a3863cfa62305c2e4570b67a7e84673161c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NSREJXYC\www.youtube[1].xml
MD5
2cb270fb7f0e5cbcb1cb157e74cd8e3e

SHA1
1734d923fab21f49537c948fecd7eb7216346ba3

SHA256
fcd7dba169b4b45c924f7203a39a622e390a08a6f0d2a0bbabe919a8db47fd44

SHA512
dffe97465c79e622df88c2448be70d26d83b2b3b60b6822e372553caed43ba8dfa74a64e2f0a4ffcc40e1bf6bae87f419ca0c9c9ceb79b4eb2c70feff714b376

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\NSREJXYC\www.youtube[1].xml
MD5
68578be3b7b6ac77be161aa891f2516a

SHA1
e9eec57b4757de468fe6ac9966b21570e6b4b51e

SHA256
c00af1f0ba6c73e2f4fc1029295756bb23daaf8994918685526ada55fd64818a

SHA512
88332f0778b2239e3a409bb5b06d6fa72e6b018d5b51203d3b1d3c8489b52548e37e5e94968294049a5c6349382d2280dcd180a27533678163751b350e017d21

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_DFECE1A4D0C745EF29E7B51A2DA008B8
MD5
bc03d5d3158cd113c5765ebbe7d371a0

SHA1
60e1b47f98fa8f5eaf7f5c94e17fa50507693291

SHA256
4b408b5b3f6b31290087edd8c044904a27f33a4724d50083817d0dac122c7f55

SHA512
9eb55d117c457aa605485db8ba7ebf9070e93ec42eeff416b228174ff9fc752ff43861589779dd36288e5d44dcf7fcb84d407da6d955c9ea819ab58f51947feb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
MD5
77e496fdc3917d581b2c6cc6e6ec4014

SHA1
a3734b56cf8fb877364108700e922762065d8891

SHA256
21ac7389d5fee76ea23e9162e94cab4f6f6020be66604e0cf384b81df15b1c43

SHA512
14e3496657574411a6f74bb414d60ad5519869d51e11d1db341175bc8a2896ba0dd740c855ccf101fe3735a8dff6f5124f32aa2662fd28bab1e7c332db568f6e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B
MD5
7d086e8348eb85eedd057b932c1958b0

SHA1
d833d0d337acfb9daffe9d0f15fe78a6ca698a81

SHA256
33bc3590142eaa484143c047d3897b8c9ad89076de6bac53eca3eea9095a1b72

SHA512
6dd13af6b4875082be9413a3279818defe12f5afc334eb879a7509d04f20e15106c90ff8a8f242c2ddc5f495896fc3c71d924b9fa00d60960d1577de9139e4fa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6A2279C2CA42EBEE26F14589F0736E50
MD5
8b153254225cf81983baa0400492b53e

SHA1
d2c94319c1a6d580325de5bb9921ef6ae85f0b06

SHA256
a3eb96967c5f501b5e14cf4e0a2bb4b9dfa8933352c973a1eae89c321804bc25

SHA512
8a20f17ddfc5de2aa2c535edecb63e4b6c44c94ab29032f5123cac42e8715e261bf259ff4a801ef65c2b0788bb8df25bbad9cc70c8c527911d6010e7f6e439aa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
MD5
c36634b1bc71d444a295de4f540b9935

SHA1
6ec30328f16595a33ea4b2dbfc18cb0483c9a7d0

SHA256
c7864c8f096f41fa5edb18399051427651d429f894c18c78a754d9a73ef6510a

SHA512
8be00811abe753800375b5d6fcb4ed38aeb62e6d1401eab3f6af0a78067653301f1590f408d2e90fb7530213cb08308a13974553d8dfd33ae077229830689e0b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_E5CF5E492A7F14A01597C89A423E8EF0
MD5
84110b72e8976d7381ae7375c5afe3c4

SHA1
d86971b1bd824e57e03b3b7be4a1aecfc9997913

SHA256
27c914e7fdd8657c78691cdb7bf291443b1412f9450da9c36f4bcaf541a55547

SHA512
8d9c3ac8684bbc16f3addb0014210a8e99a14f75f772124e15f4582dcfea478dd3160ea901ed7ea04c30e26b0b4e9f633f92f209efeafd4a323a985acc98a054

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
MD5
efd1d8e8293f5bd8d688fef877221ccb

SHA1
55fd26b5c3ad5242aa08d1910c2e085d30489549

SHA256
43be67b3e85dd203dfabd04252b7b5a261b21ec846e11d760a4f07e70bf528c1

SHA512
755e7c67c4a0bc84debd21727d38dca438e7ea3ac8dc98b5f4140ae3f5de32c34aacd63c7cbfb110e1a2d3859089317a4401e07b7db5c36d2d167d9b764ec2cb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
MD5
3c1f792c2a7d12618bf509ec52948402

SHA1
0314ad6aa7e0e16bab11c492263feae63df9558d

SHA256
c3d7027caffcbd467a4c65e192972c26014ba008bc3c0441f4fa0d9c86b17c59

SHA512
16569f5c4824a859b27930735190841354543dd8183e3d52aa522c4d4104a1db2c8c4af0f28496e49d666efa426c8d44f8680f86ecbe0460cbcb13c244802f50

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
MD5
3c5c4b04120a54ceeeb06c7e3881999b

SHA1
8f6bdc8e58d5fdc09db2458d3d28fedc2efc8a35

SHA256
4c745a2c5a509d28db09ea5575b2bf7c1de7f4434cf271cc3e00782c81c73803

SHA512
77e6e877b63a803545def00532493268c462d101cf85ca70e4661cf69a9da00ee449298248288a4a2f38be1e52120806a6250109e03795670b875bff9af4b8e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
MD5
64e9b8bb98e2303717538ce259bec57d

SHA1
2b07bf8e0d831da42760c54feff484635009c172

SHA256
76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331

SHA512
8980af4a87a009f1ae165182d1edd4ccbd12b40a5890de5dbaea4dbf3aeb86edffd58b088b1e35e12d6b1197cc0db658a9392283583b3cb24a516ebc1f736c56

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_751FF48C433126F519D73CADF27D4637
MD5
deefeeec83a054dd3ee6fad1f6dd2acf

SHA1
303669245f5c95d0e93cf1e503bccf3d8cf56cd7

SHA256
9037bf42d04c91b5e3415c5a23d27eb97e7727378d083f093c882c8f38bb5c36

SHA512
7957e98c79700c398d02cae1f46e72aefd63ab2c38dc22ef8034124ae9203c21044e755e84d2504a1fb256cb2035c7f6f75e96df4df4501fbfc9adf617a76638

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_236E243F97CD352248042AF77144B4DB
MD5
14d2bb54f4362155048961a34b439327

SHA1
68bab15ed97c9093b90f7398254df0c441ff8d4b

SHA256
966efc2e17b6e63d03f2a795f337a78683861c004c354405db59cdfefa250d8a

SHA512
328b747ba811bc2d5e95ecffcd8d413fd44ed6b169d4bf8dfc071ca6b18417b2a06221f0445c6d1612d99298567f82f53aaad0e5e285b89ad32dc0cb7b415b5f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_111AC30492F08E9F44014C285449AA12
MD5
9baf1f9de1d8ad213f55a433233045fa

SHA1
1dc07094a11f72ce2f3b101e226841e49dff8f69

SHA256
392bdc49f659fa4170d3dd4453ce6a0487065439494f573ed36e484fdca4f294

SHA512
4c001652ad447bc6557afdd396d574aa159d70e54afc36002995784127693dfbdea373b9bca67ef28c6d1293fc11319a1dae81f83a2801256f745e83ad6084b7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_68449E40D6F23F8A5B26E120F6AB763F
MD5
ef0b66d3246bea9fa3528b3a966e34cd

SHA1
0c0ed5761438435bd924250682d12d090f3432d8

SHA256
45351560f29a3fccbaa04477f12aa58681981969938d676fa772b98794627648

SHA512
1778eab639a85ab05814ba27bce6f8b40fd24915d5c0970c33ef888aab771cc496100dd1b51634639dddd48a5a791d3c997f0fc7f6208efd7cbf44fa0f3357b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\FB0DD30266AF9B4A57FF10335BAF014F_1C4AAB360359A5EE13374CF197B85CD7
MD5
c75ccbc524bed4fb5fd5eab0748f58fc

SHA1
7662e546ebcd8ce56222064e62328bfb6a9ebe54

SHA256
ee1316b71fb329a16d76fd469c66cfce099fda5c2b5d0570287651acff586ba4

SHA512
4d96e94061561bb8cff67028cee44355940c843b41d19d6342a75849c0f3b9f32d30ee631d7e0c86c5d44dee68cc25f221c41c469455657ae79159bb9951cee5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_DFECE1A4D0C745EF29E7B51A2DA008B8
MD5
4806dec1138bc2b79084d851c2029547

SHA1
6914e4d489bab621d5e6bf2b4c055a6d941cf3ef

SHA256
6ddd95172cbb1f1763f2d0c6a9b61c94adeea5ecaa3a117a7b6b2664ea3c197f

SHA512
f590f114ad46beb7a30671600ef9163fba5fa88e17a97d38fe8712214d6f50b8e1962a2f32f36483f636638f5b80d1f72a720f531643e2005e97c9f57ae62258

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
MD5
56494930c7441b12d46d805a3465d4b9

SHA1
0dfd081bdd410d722fabea9a3bc77018b2680cc9

SHA256
c0d87d8f826e3bbc4db227f3f680f49500eaca5a4fcb4a3eec092e29eb1da82d

SHA512
fbe260937f40920f65f06a23d803b20a95d0d6b2bdb0879147fad0bafe19e66cf7b12c973ed19873a0ec50e017ba614e8d12cca92f3d35e2445c2bc66ce09a41

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B
MD5
52df866df74dc89be2bbbd3178fd4dc7

SHA1
473c4f0d695e39f652d471551964877c1416c9f5

SHA256
59afea90a3ccf4a3a1735effb0aa532a1fc78bcc4b0339e4c5ad034bc44881c9

SHA512
20cd1db689c7efa14b3693a78497e0ccdd511eb6018556959ad1c92fd0ee5aef035bef165a90469a73b658988b6981c419df2f64fd5b6bdf34bf455630355616

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6A2279C2CA42EBEE26F14589F0736E50
MD5
6bd9ed3ba18f909d579ce27f91eb8201

SHA1
064fea1dbe9ff5b4c6db0f93a70b58f536164e61

SHA256
52c93aa153ec47c748afb448cfff80ffbe06496de45d12e399d2468a8259b6a5

SHA512
3c6f4124d180cf7a462ae251d08d25bd8e38282b049c104faebfad4e57f644986a0961b2db995ba4372a9ae581323f448857de1a617ee5cca2c6504e4f55dc14

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4F
MD5
05cdd11ec15712873c29a4f68eceba8a

SHA1
e99f9db1caf9f3c7c1afc95c2cb43e6cc83042e8

SHA256
d0106cdcb87ffb7d0ef86299a1fc85760be25c9090e0a5ad714ce4d1445604cf

SHA512
c4f1601bf16f3683816ddcb0d67d65794c913072279c345023aa71efc0f630f106e49449a8363a3b241dda2e66a4e4f10c2f2b57e601d0442b25217ab4ed6dff

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_E5CF5E492A7F14A01597C89A423E8EF0
MD5
d8c7fbc72be43722caa888f7e514c84f

SHA1
5754ca935e7cdb4e12998def6de10908f8c31c3f

SHA256
9b93ae7479afdab5c4c02beac62d81c5bc649272784558670af1a9334599bd17

SHA512
756260e4b93a75e315e5c67d586953d8f62130abebc4b344f8654072ba5a48146ae934050c36e1d586ee71de97e906d824c9eb72a99496d248d3e8ec1d439492

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
MD5
59b8e6d5954e1d4d609cdc1e9620ba8d

SHA1
4ce40a1475165cb3ebd3ce8b33b5e40a0e5fd678

SHA256
01dea485a80c657c204249c4a1248364ec0951d94a85695c6d518b0b4e32bfad

SHA512
44bf3c9d8cdf780818d1d26917d50c32ae459b304ba99218a5c0fbe87a07b057fcca1d6440efc49de1612f2c04e76b774019da0b9734aacdecbfa479ae847e29

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62
MD5
5c9ded416ec691096e1cea52e89d6310

SHA1
af068c61adf1e7076b11b032427627939b0a55b1

SHA256
651c4078cfa87d5ada6222266edeeb06eed8d2ce0f33a484f8ba6596835bd983

SHA512
44765e41bf02e758307597e28531b8b384d64e7b6afadc73e8b429d9acf4ff3480853ed6ec1ab9be9cd3866e1416a1efce221733bc7fc6235cf43d19175b961c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894
MD5
66477d88c59488f6d70d037db236ffb6

SHA1
e823cf5b7ebf44f19236c4e2521c7251ec0eaa44

SHA256
481ea2b755845decd830dc6482e1458aa9a2d095ff47289bfa5e25c7a6d05048

SHA512
56bc38295b9f6f5c19419d05b0bd16885a3a78e4ad275d009c17ff08e879129c01e216079f8a18681333fb4d7e7f40489fe860febe606735268c7b704c6086c6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
MD5
f21a11a4ffbe37e8c6ad6f5dbcfa7404

SHA1
0de7f919471e46b7de1bbd76fcb549d03bcf7d97

SHA256
242b6f322d5606326a4f3de9cc36c66646b17f1126adc75de0fe325f56e89e29

SHA512
7cfb3b91e6c453ccee342652eb65d86ea7e8cc1d0cd45637d37546e0936331cd16bba87749119f9703ed4ccd1f8773b988333c404ffc09a22eb48fbc92219de9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_751FF48C433126F519D73CADF27D4637
MD5
e82bab52de68863c0aa9cf003cc1a3ef

SHA1
8cfd5f2407e2f8b5b5a0b6a55e3601bfdc45dabe

SHA256
32265958ccf173dce30d6bd0b69edfcbde99647812794608dc8c478a47dee1cf

SHA512
a458ccfc69d776361bbbe4d8afa5b42e4a718aae5a6fe7a0c96c698805f67c630c1fba750e032948d27a67eb4efe07283a831427fa79870d6aa49feb550d3d4f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_236E243F97CD352248042AF77144B4DB
MD5
8ad98a9d50569efe181019c1925843a4

SHA1
b2724420ced94347455c1903a49a9f66b19f6e2a

SHA256
91d16fa442dceb36f668177ec3f970a1fd50b19c1054f98f42903b408e1b59f8

SHA512
a0dddeb54b860a902ef8bc9a71cd9fda306d8aceab6aa637b48340c8509c462827a21fac962726e4d49aaf5496d064e81538397e504ce9b3787f6c212985fe19

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_111AC30492F08E9F44014C285449AA12
MD5
e51fcfa1a594a66ad7ff1ecbf202f002

SHA1
dc1f20b62dd9d8ee032b491ed5fdb1a39f4f6a49

SHA256
28e3f62b366ad1d2162749202cc6eabadf8ae2eedaf6599dd46ce786842f088d

SHA512
eda304f8e5364ae327d0f4ccc6dc02c3bb049b8440c78e9771715326068e742896c254e1788566fe0921c489b1c45e6cf0167fabcd002a81876fdb214f9729ea

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_68449E40D6F23F8A5B26E120F6AB763F
MD5
bdb0162943c747cf0dea01463e5342ce

SHA1
25878b2e714d1910a3ef8a6300b9913ec7054c15

SHA256
b011a497633c5fccd6b2d77d18cb6fd97f83fda69a566f59a54f4871c40ad0f8

SHA512
9fa0f3af6fbba5b375c3d47a3122cec478c3765e44da795f60b00df5f774b370741995d140e5c1842958001853e918d1234ce98894aa51c3500d337b36693b91

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\FB0DD30266AF9B4A57FF10335BAF014F_1C4AAB360359A5EE13374CF197B85CD7
MD5
4a3c6d06c3573968eb7c25572f709412

SHA1
67fba8cd010fbdcc34805147c9fc43768e6a8c0d

SHA256
16cd7d20dc2e5b1f1dd98e3ccead686b53df39c7b08e198cc84e89dcec7a1c52

SHA512
a4c8681fdeafae2cc3365283f419ae6b82ce4a9eaef4575326029f06753c72afd27a98135d80881f178c1952e98f6be8ff33c4e6634082f692c866499603c1b1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2274612954.pri
MD5
0db264b38ac3c5f6c140ba120a7fe72f

SHA1
51aa2330c597e84ed3b0d64bf6b73bf6b15f9d74

SHA256
2f6955b0f5277a7904c59e461bfa6b06c54fece0d7c11f27408fa7a281a4556d

SHA512
3534c243516cef5cee0540d5efd5cde1f378e127e6013b5e309a2e0be8393417bfe458706564b4b955f92132a51e2772c67f9fd90441476cc3512a5d9f910d84

Download Submit
memory/1008-128-0x00000000013E0000-0x00000000013E1000-memory.dmp

Filesize
4KB

Download
memory/1008-124-0x00000000013CC000-0x00000000013CD000-memory.dmp

Filesize
4KB

Download
memory/1008-125-0x0000000000000000-mapping.dmp

Download
memory/1008-122-0x0000000077162000-0x0000000077163000-memory.dmp

Filesize
4KB

Download
memory/1008-127-0x0000000001210000-0x0000000001211000-memory.dmp

Filesize
4KB

Download
memory/1220-141-0x0000000000000000-mapping.dmp

Download
memory/1220-139-0x0000000077162000-0x0000000077163000-memory.dmp

Filesize
4KB

Download
memory/1220-140-0x0000000000D65000-0x0000000000D66000-memory.dmp

Filesize
4KB

Download
memory/1540-148-0x0000000000000000-mapping.dmp

Download
memory/1968-144-0x0000000000D64000-0x0000000000D65000-memory.dmp

Filesize
4KB

Download
memory/1968-143-0x0000000077162000-0x0000000077163000-memory.dmp

Filesize
4KB

Download
memory/1968-145-0x0000000000000000-mapping.dmp

Download
memory/2276-147-0x0000000000000000-mapping.dmp

Download
memory/2680-195-0x0000000000000000-mapping.dmp

Download
memory/2764-130-0x0000000000E50000-0x0000000000E51000-memory.dmp

Filesize
4KB

Download
memory/2764-129-0x0000000077162000-0x0000000077163000-memory.dmp

Filesize
4KB

Download
memory/2764-131-0x0000000000000000-mapping.dmp

Download
memory/3032-136-0x0000000000D45000-0x0000000000D46000-memory.dmp

Filesize
4KB

Download
memory/3032-135-0x0000000077162000-0x0000000077163000-memory.dmp

Filesize
4KB

Download
memory/3032-137-0x0000000000000000-mapping.dmp

Download
memory/3464-118-0x0000000000000000-mapping.dmp

Download
memory/3728-119-0x0000000077162000-0x0000000077163000-memory.dmp

Filesize
4KB

Download
memory/3728-120-0x0000000001025000-0x0000000001026000-memory.dmp

Filesize
4KB

Download
memory/3728-123-0x0000000000B20000-0x0000000000B21000-memory.dmp

Filesize
4KB

Download
memory/3728-121-0x0000000000000000-mapping.dmp

Download
memory/4316-182-0x0000000000000000-mapping.dmp

Download
memory/4704-168-0x0000000000000000-mapping.dmp

Download
memory/4716-192-0x0000000000000000-mapping.dmp

Download
memory/4944-177-0x0000000000000000-mapping.dmp

Download