Analysis
-
max time kernel
182s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
28-04-2022 00:47
Behavioral task
behavioral1
Sample
0TKPbITb 7006605.pdf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0TKPbITb 7006605.pdf
Resource
win10v2004-20220414-en
General
-
Target
0TKPbITb 7006605.pdf
-
Size
269KB
-
MD5
da51b0d952fe382550e3cc436e94e4b8
-
SHA1
2d231e859e27c058bf0d062d361d855f56b882f7
-
SHA256
8adb42f035758ba31143b6132e54ab4fe07d67a7cac639a6724f18c7e5603150
-
SHA512
3d474ac491b36a55f0b21251b35238b5e2178b94e148c9130f5289afa043c8829e1312ffc7083136ae41d2c1b9976eb1c4c7076a53bc54e9f4b48821aebcf5a7
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 3 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window /prefetch:5" msedge.exe -
Drops file in Program Files directory 2 IoCs
Processes:
setup.exedescription ioc process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f1f7055b-de75-4f78-88e5-6e212e774d77.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220428004833.pma setup.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 32 IoCs
Processes:
AcroRd32.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exepid process 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 4588 msedge.exe 4588 msedge.exe 4744 msedge.exe 4744 msedge.exe 5328 identity_helper.exe 5328 identity_helper.exe 4160 msedge.exe 4160 msedge.exe 5952 msedge.exe 5952 msedge.exe 5624 identity_helper.exe 5624 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
Processes:
msedge.exemsedge.exepid process 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 5952 msedge.exe 5952 msedge.exe 5952 msedge.exe 5952 msedge.exe 5952 msedge.exe 5952 msedge.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
Processes:
AcroRd32.exemsedge.exemsedge.exepid process 716 AcroRd32.exe 4744 msedge.exe 4744 msedge.exe 4744 msedge.exe 5952 msedge.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
AcroRd32.exeAdobeARM.exepid process 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 716 AcroRd32.exe 5560 AdobeARM.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 716 wrote to memory of 3124 716 AcroRd32.exe RdrCEF.exe PID 716 wrote to memory of 3124 716 AcroRd32.exe RdrCEF.exe PID 716 wrote to memory of 3124 716 AcroRd32.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4672 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe PID 3124 wrote to memory of 4844 3124 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0TKPbITb 7006605.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D38432DE91FF8B39255202F544DF5003 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EFA7B982FF2C6788723DFDD26A747147 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EFA7B982FF2C6788723DFDD26A747147 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FC1545C05BEBC676EF66C4CB3D5658AA --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DAC2F18AF41DFCB83B28F734A820C1EF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DAC2F18AF41DFCB83B28F734A820C1EF --renderer-client-id=5 --mojo-platform-channel-handle=2444 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A99703A07AE45D1C587DACED3C34B033 --mojo-platform-channel-handle=1828 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=848F852216E71B21B87A2B0DE9328402 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/drawings/d/1EH497Pi3g_ID1vGJVAbTUSGOJ_5w4m8_rvUrfijtx-Y/preview#Nm2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe80f346f8,0x7ffe80f34708,0x7ffe80f347183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6bfda5460,0x7ff6bfda5470,0x7ff6bfda54804⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:13⤵
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:32⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/drawings/d/1EH497Pi3g_ID1vGJVAbTUSGOJ_5w4m8_rvUrfijtx-Y/preview#Nm2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe80f346f8,0x7ffe80f34708,0x7ffe80f347183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4116 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4220 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5148 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:13⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s camsvc1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6Filesize
471B
MD5e8c699f98e3f4002b505a818df3a060b
SHA15473119665f6924c9abfbc6708e3a7d1b45764f5
SHA256e22b04be25543cb54b0302909cf3ecc76c0bd7ac9c2a3a63d2d25c17a1867bd4
SHA51213d1c420665c0f34723cb0329fdb54c52ddfa03e99299b2efaf7211ec5b48d5584d3dae0f759c86d28a737c57f93af13b9919ff99ea108005be570af1be9e9a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6Filesize
434B
MD501306ab2af1d761ee1bc1387b86a2a49
SHA196ee1635bca1e02984e5342c22440d02fe49148c
SHA256e9f2bda5ce6ee6ddb594ba05466297b4a85110e73357db882c3d66bb2820a7e3
SHA5121a0e453c6ee687d6d6e242c525550dbe4e14de8a3883e543598bc7aa9fe6428faf27bc191635560abb96696616cf21166dc4423a5710343728a355fd41b1219c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c8ce7285f4bd4ade99ffd08c0351e308
SHA1c3de927f710893a2821e9ade59c80cbaab3b6e12
SHA256d434784b824ab0d1279c8d37b95219c3b9de8840827d9fb08e4f22a9022ef297
SHA5127a958b60031dc96e7212be39dd999193029089992f0ed6c95e299f6914b6cfd5f126d9c98121c1f316b51f3e6806785cceaafa1e3d6c9bd317e7a858ff3f0646
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0Filesize
44KB
MD5fa8a7228a4b721cd019faf57fdd11172
SHA1c2a327111fafe219a66fb958f4874a1503655bcd
SHA25681a99405ba70c018f879c3bbfc9b47b85e7f6a6618df1becde8967199d7d25f7
SHA512dc532d62291caa2bc3ca99abee2ef7b4bb26eadf47dc0e761522ccabf8c21626bbdb504c8eb7eaead222f1350beb818d46390e9f1b0cf2847198edf41d50b94c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\indexFilesize
256KB
MD540e579c043fcb911191fdd595e1e3606
SHA1db223d281441e6fc8885c135b8c64726ef7cb34d
SHA2564423c2b74333c787892c3d5b1b06adecdc045e4a2fbea83462337e439dc2f789
SHA51259a39ceab1e65434a09357b4ff6389ff115db5040340575091035d9fc281d98dedd1f17830ca09026572fc8bda1f1f7ca009ab096ab4666b4244b5f6477b2b6d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5e0fdeaab4f87684b8754de24585aa42d
SHA1ba25c277b752f6d01548789003ad12870efe6f2e
SHA25665b367cc3209633aa6f4a9b46e4ea92434b4b3fde8dd2a8635afb954c8f0e92f
SHA51237445c3fed6ac0f27321278122e54626fefa76a992a3737fa3ecc190a84954e65aba3f02567eef6cb46777ccc8b5e5d285a94ab774bca7434ff029eb58552904
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-indexFilesize
48B
MD55dc787a114f607fe98ef9149d1ab3553
SHA1d23f84af709cd8ef1beeb854987e5ddd8b7dd414
SHA256a27c18ef6c8a5aee22fafa178536079645e74a6b622af964652b8782503defaf
SHA512438e830e7b79d5bc2d12dc1c1b5d75c98671ca7b66220420cd563b35f2e029a2ebc14e5aaacf6600f0503a37ae0b874711bcf765c01e3156d3ce188210a02c72
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CookiesFilesize
20KB
MD5634a2673c62529bdb4085ba6530e69df
SHA1ed784da759282ab3b8a959d46a45d081db9f4e99
SHA25684c9c3c5052a4e86a8f125fb5b7ba007cafbc3326b51fe92ec8c3805bb401cfd
SHA5129dd936a71101b803836c17da1c76c92de53e53ba1821d40e282cfd31adb250021de9c415a9daff83354d7f91232cca96aa45b337dba4ffd29542b6de704ec068
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\FaviconsFilesize
20KB
MD508e2dfa2c5cace689d3118d5401a2616
SHA19699b86e42afdcd68b368cc81646978092bd17ac
SHA25627ff655ae8f31b1aa8902d00aa91d47ab6998330488de5565307d14eeb16894e
SHA512850b31417bcb7be6e005e1c7953dc8dab6c947939cb3e6ec0be071e45c9589c4e14e9f2ea122ddf87de10a1b3748791df8a8a225311caa3d2fadb8eb05f194b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1Filesize
264KB
MD59ea80dd84530f90ba04eeb637a392080
SHA1b5362b33ddb431bda6b18d45402213c7e085f935
SHA256ee285ea210d923336d22af85ce4f0bed97f3245e919131f4dd245e0f7596f0b9
SHA5122e1b2484a6c5a02d722feeb3191928cc8b90a1ca9c96d6a7cb4699bf2c2fb67b2d519a890c64717fa56f298d987e22b8058f8a50d860ab38b44ed16e1638784b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\indexFilesize
256KB
MD5cd0955db0fc6c03ce25afc83a0b50e37
SHA1d8247b5538e53ab1f53d95d676b8ff8e41b73cd8
SHA25634486935a4644f4552389442f9a10336a039490c541489cb84a9aa634198847f
SHA512976b84de5b3d2125e9cb27f8d785f2f76b7011a275f92f30edc105b6afab0a4ff608c9d4835b3394a8add45afc2920207d485ee81c7f13295ae517d849321a99
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HistoryFilesize
124KB
MD5fbdfc7bc4652858f9af2cab6ecca6c6d
SHA1b0cd347867b774214583b80992855a919a7a2bd0
SHA256277d23172a231dc54953ced94d129fbd4644513a6d197957649d0f4c36de2866
SHA51208c609b1544a89b4f0ed093bbf4069cfec38330bcfafedfb5296c85e611b78ed07cb1a10b7b374ff1bf4f2967e8e1c89727acadada6e8ed742838e56387f289d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheFilesize
3KB
MD595d414bcd3a75528b6df5c4706a0f7cd
SHA1a098d2cf61ccd9f44ca06f46ae3e11e850695418
SHA256df2d34cdc0f4c0b7762f0559afa53ccdca76a8e50d8db313d93519f770c521a9
SHA512b4f9eca10c639df657e89e7bb5c7325569dcd6ab2b68bd2cc45f6fee6d02b30f6f3a7e456e29d7f1c2ff511b1c094870ba7b5790ca5d760f4672a799186cb6db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5d7161650c3171c2c3fe556b4b8bfccde
SHA13f86732121092d4eaf3ca254650b64f15de43a49
SHA2560d71fee9ba35734f6b986a09fab674ea87db1bdce0c2c32d950250c85b8d5c3d
SHA512953623d66e838c4a4118ab0f058c4120a8040711530f57f5059d23c022a11e40b35edab9ea2a3ee58898bcfbb86f8a43da2c16f94afb8a905643e3f9c8d580dd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD58f50ff044b54bf9704a6832c384a73fe
SHA1ad52f647266590a6329ed6d41801a1ee38651df6
SHA25695301e27efa637e6d0d86e4c22dbb85438f1e912bebe835f69d422b5c7703b22
SHA5121f0764e751e2d9061d064a9cebdb98e9644d5e757be670c8d92abff03c72cf404ff1b415e6f5de12d64d37de810fcdf33033384349b8d9120beab645d98751a5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.logFilesize
752B
MD56ff47d6fac72b4d6079489cc0f92a509
SHA177ae08085789f008d69dbd93e748047e0debdf5b
SHA2562c27a6f9696737a74dc30266d41ef9caa25d2c41c1f6bc93f1b089af5b95b6f6
SHA5128235ed02e63e393508ec5bb1cef7f0cfe5329212be572bc240d13371cc91746f8cf0d37638269511ac5a7cb824895448d010e26aaa8ec390c63b1e35f61b8d6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOGFilesize
295B
MD54bee1a00a54dd0fc45b18183ae1a241f
SHA1eb8d17d4b54d76ebaf26fe0c151f828dc181a832
SHA2569ccd48620cf7f4c9b7a0d0b7fa368d24ef82c0f4457b9b94ce269eef7ccd6dbe
SHA512ca211e8eb9acd79e65607426673865198b6b5afc67dfc39d6952d16d690a370638fc6eb15a11c62cb3ab33fcccfaba07babc3d4da1f8db513787da14bb664ade
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13295580580944226Filesize
3KB
MD5ba81d7c04e86c5fe583c80457f3548cc
SHA1bb1dbd523ff6d9a7f0658de0a6fb4d9374b5d578
SHA256d6855f311ab87a0cf7ea0ed03a5cf77f480d85848da07317c327b26c29981d05
SHA5121a40e3bf817a95f0db10b0b9fe3b2ad6d718da566b4c84d792222f384e8b96b8636d2c5da9da973bf861ab148c52beb6a3019936af0ee126b91e07fa16860cc4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.logFilesize
244B
MD5380759578150be7b905ff7bc2e0aa7fa
SHA11a1e29d3c3d7055ac6c2361442584784be69403f
SHA25677a06e247ac47889db679b39d9cef48fbf1bace79c0b5434eb4beda7ac929b5a
SHA51278b3ba71f99b1dd746e6a471f3d956519b5b77bb1e2ca8fe53ec5c094c4cf2acf7f35abc706085314217b8c3f65970ef08cd56a11c7f2fa4efd0f403db755c06
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGFilesize
347B
MD522f82272b8fb5b31212243c1744625ef
SHA19441be4698917f51ac32a0e8185445c153a706ca
SHA256eaa04bd0c0164ffa20f95d18fd8fe67a8540ed7c5a8c093e6ef7182f82b81e8b
SHA5126af53691beead0a2447b7a91d81d42645c5da302a588fb9d1b4544f6831dbe87dece18e83716545314e18787f153f3b05f8da2d6b99d3cde63d4763884975738
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGFilesize
323B
MD51ef50dfbe4cd4ea158e13c862f0d64e3
SHA1a49018ea627457174a804132a55b530f7ed4d217
SHA256159569f404c3520a2b73a16275fca7966dbdce3c94f2196b4bdc2739bba32607
SHA51263d0221bd8ff011482552a3e96ca7d1c765851eee20ca167b81f29b774366eec442fab73526622556913bcd8c17a42048dcf3cb9382f06309ccf20d1e490efd1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top SitesFilesize
20KB
MD5f44dc73f9788d3313e3e25140002587c
SHA15aec4edc356bc673cba64ff31148b934a41d44c4
SHA2562002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983
SHA512e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksFilesize
128KB
MD505787a4b035c079b02aa442f60c053ff
SHA106f153285b254fee6d364a1e6ffd39fe750a9093
SHA2560d3e8c731997aa6f2fd0179660e732272933bbd4236163f50a863c7030a2f176
SHA5122190a53a330095bac7b8476ff08bb82bbfa7f3cece135a656bdc72778bea077e31c65ad2ece993b1d44b4b3eda9e40cf9b3449d2519994ba45bbd7eb6c45d58c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web DataFilesize
116KB
MD5f70aa3fa04f0536280f872ad17973c3d
SHA150a7b889329a92de1b272d0ecf5fce87395d3123
SHA2568d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA51230675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbFilesize
72KB
MD580e960c9d8237e623039bc58bf7cce88
SHA1293bdc4d6586fb43af0b1c6abc7c76af1cf5aff6
SHA256258911c991f296ef77ca3890428340a36de854f09ac1a7300eac720f4662b890
SHA512e80872b7c79576ba4ea8debf0f507f12b0d1b137810b8336809e13580beb9531e2c98907ea214d6a20138b84915a25b7b6d30b94ee3ce8e83bf535fdb8d40894
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.logFilesize
187B
MD5ec1d6edeb44d6c98f41d84ab37aaab90
SHA10b33ce5ce6e8be616a2f8534dac35241f9523e12
SHA256d0ac7d76dcf3101b0ecded2684ac42dcca058d9f107d64d855ab72f3e44722c9
SHA51206acfa8eeaa88ca6e42c4af27fe0994065fbabe753d6ed81c86e7c5966ca30501235da52667d2e8833c8f63d82cf1989d2ef1f24d5d7537fd27f5814d6c6ae71
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOGFilesize
279B
MD57319086d09b8e852ee2a54351bfaa48c
SHA14a9c48ca481c2aff60f953ac8809b006341a6340
SHA2562a8c1d34d96e720466ab682c66c74279565d8dc5b8f7a5ab0d6c85964ca6305b
SHA51252402e1abef208f2d408d3e7e6c599f4b7387ce6983fb0759149dc9d7828bf48e323885157082f46703139a3818841bf89d9b76585c4855f44952b0b5ab98692
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.logFilesize
531B
MD523f76f5c9e45c87ce2746257a187eec7
SHA1e4af2686722f0f24e7d7f541c3298f56bcb416cb
SHA256bc61dd5417bf4ec7e0bee1442a6abed7d35ab0986b6f1282c5914d350849f701
SHA512c4b086b3740a78df0e3e70d03588c5fa46a65ac8037606a1900faf611cfde4cba1125394214c0ebc7851f0044fde65585707dacf10c30552b354b31185b08b8c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOGFilesize
297B
MD531f979f0ab4de4100c9675fd23dab5fb
SHA15e0f626119063880bfcf5c5f4649ef3089b5d506
SHA256ef4f6d831a9b5b544ba2d407b207ac499581d126034082aba6468f9c4f89b708
SHA512557a5d2463df26cd5624caabc634f4ee133d9a53b69cf50c33ba4bf3b15403a295636989a78d2a46841fed0eccf585adbc1668bf1db92d756bdcf99a387ce3cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD51c624dd94e609a4ce6a7c9a3ece49622
SHA1e294cf6655cfcc46fa84ed6fc43fd5b952f295c3
SHA25667c6b0fb2d4b547f2e695dc8d7b2457b086de0fe3d2ab1b18d452550bb869241
SHA5124285c59125ab0de667bad9d4181314218fa8812eab213fe6b5bd706168fd47784c3810ab5c85a30659d6eced5a72240daf70055036185af706be53acabcd79e8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionFilesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
14KB
MD54b70ffa01b03ab6e8450ff804d65b7f7
SHA18b9d1804cf06c19403e00f504ce9e04bcb6cf4dc
SHA256a5cbcdca3f6b84a794971e1b9d081bbadc7d74e9bd83064c81d9aef484901a03
SHA5127580a8ca648c9137f54927f06a1e24dc4ed3e77c7eb5fa5f600e2aa1f7fceddd472a9e60cb04a000615bbb3f537a3a230ab489aee6ed5cbff390457abcccd4a1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.storeFilesize
1.2MB
MD5b0ea4a5517549a67ea3432ed59daea42
SHA1bbc9b4a33cb2c4196dd1b74411e39c6139652931
SHA25668d76b1148db410462ed95a79585cfd6622aae7759618409d3a38b0a71e35895
SHA51237b2a211477ae1bf15fcafd4dfc236caf44b2c01f50e6d1ebca41f0cfb4ddd53616534da7e1660e39371fcac2ee40da4f186f6d97c578fab1042649f790d1bb1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD524abedf0bfe0a879f81d65c78c4d7325
SHA19b6caadb8e250e0e235f7fe842af673395c9e112
SHA25676eca3c0b770c87a643dd7c64113e96ffd4e0a4382028947d2b26418f6df7aeb
SHA51225a1890cb4a79772b940c2d19ca6c57ddf7bf67e305361cea9ac1cca56a949c1ee8862b729f71068360a952c200e62b4b0387ecfc3f46c703ced3d4429c9f0a4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettingsFilesize
81B
MD5f222079e71469c4d129b335b7c91355e
SHA10056c3003874efef229a5875742559c8c59887dc
SHA256e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00
SHA512e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1Filesize
126KB
MD56698422bea0359f6d385a4d059c47301
SHA1b1107d1f8cc1ef600531ed87cea1c41b7be474f6
SHA2562f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
SHA512d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUrisFilesize
40B
MD5f6ea3ea9babbe2049f62e86eedbb6768
SHA157cbb104150278b7849319d944a191ff3d4072b1
SHA25614488ce82d3916c55aa053defb8dd53ceb600afa7c9a50681ff596ed34d6baab
SHA512f29b905248da8e2eb5d2b3724d731d2095514df1410cad152e50118e54d2cf1b916c7e256ba0ffeb7669da719c89f217c1841bcf10260bda700009182f4b218b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637866999728553404Filesize
5KB
MD532d72f5496490673b05813b9704822bf
SHA1a2da423ccc6f9535aace32b9366f47a3ab592bf7
SHA256b1546fac5a587e3c2d7f388c0f4d76905e0f22c9da30ae52d0112abf762cadd8
SHA512a7e004d0dc2739aaca780ce5c7b06fb00d82b5031e9b8fe9847d6784f3d8de7ad235e61bfab91d77ead4b9599a83aece6f2ba1c58d963a481531d79e34f427eb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTrafficFilesize
29B
MD5ce545b52b20b2f56ffb26d2ca2ed4491
SHA1ebe904c20bb43891db4560f458e66663826aa885
SHA256e9d5684e543b573010f8b55b11bf571caf0a225cdea03f520091525978023899
SHA5121ea06c8e3f03efdd67779969b4cdf7d8e08f8327298668a7cffd67d1753f33cf19e6995a3d83fe45185c55b950f41e48ac71b422b91e8d0180b5bdd07cfacfe9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_637811103879324684Filesize
450KB
MD5a7aab197b91381bcdec092e1910a3d62
SHA135794f2d2df163223391a2b21e1610f14f46a78f
SHA2566337fe4e6e7464e319dfcdadf472987592013cf80d44916f5151950b4a4ca14b
SHA512cffd7350d1e69ada5f64cafe42a9d77e3192927e129f2903088b66b6efc9626b5d525aedca08d473ad8fa415af1d816594b243609237dc23716d70a2ca0eb774
-
\??\pipe\LOCAL\crashpad_4744_VIIMJJXTPLLERUGMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_5952_AMIRBUHVJVMODBKTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/216-159-0x0000000000000000-mapping.dmp
-
memory/1076-151-0x0000000000000000-mapping.dmp
-
memory/1424-251-0x0000000000000000-mapping.dmp
-
memory/1628-164-0x0000000000000000-mapping.dmp
-
memory/1628-140-0x0000000000000000-mapping.dmp
-
memory/1744-143-0x0000000000000000-mapping.dmp
-
memory/2204-244-0x0000000000000000-mapping.dmp
-
memory/2448-148-0x0000000000000000-mapping.dmp
-
memory/2508-169-0x0000000000000000-mapping.dmp
-
memory/2940-246-0x0000000000000000-mapping.dmp
-
memory/3124-130-0x0000000000000000-mapping.dmp
-
memory/3476-257-0x0000000000000000-mapping.dmp
-
memory/3652-162-0x0000000000000000-mapping.dmp
-
memory/3664-242-0x0000000000000000-mapping.dmp
-
memory/3776-170-0x0000000000000000-mapping.dmp
-
memory/4072-156-0x0000000000000000-mapping.dmp
-
memory/4160-207-0x0000000000000000-mapping.dmp
-
memory/4324-224-0x0000000000000000-mapping.dmp
-
memory/4352-168-0x0000000000000000-mapping.dmp
-
memory/4580-221-0x0000000000000000-mapping.dmp
-
memory/4588-157-0x0000000000000000-mapping.dmp
-
memory/4624-166-0x0000000000000000-mapping.dmp
-
memory/4672-132-0x0000000000000000-mapping.dmp
-
memory/4744-153-0x0000000000000000-mapping.dmp
-
memory/4844-135-0x0000000000000000-mapping.dmp
-
memory/4912-154-0x0000000000000000-mapping.dmp
-
memory/5296-249-0x0000000000000000-mapping.dmp
-
memory/5328-171-0x0000000000000000-mapping.dmp
-
memory/5348-173-0x0000000000000000-mapping.dmp
-
memory/5420-253-0x0000000000000000-mapping.dmp
-
memory/5452-183-0x0000000000000000-mapping.dmp
-
memory/5560-174-0x0000000000000000-mapping.dmp
-
memory/5624-247-0x0000000000000000-mapping.dmp
-
memory/5672-175-0x0000000000000000-mapping.dmp
-
memory/5704-177-0x0000000000000000-mapping.dmp
-
memory/5720-179-0x0000000000000000-mapping.dmp
-
memory/5768-255-0x0000000000000000-mapping.dmp
-
memory/5868-199-0x0000000000000000-mapping.dmp
-
memory/5952-184-0x0000000000000000-mapping.dmp
-
memory/6108-185-0x0000000000000000-mapping.dmp