a2adb32d2058d835639b4d5d7968206dcf3d06f5f8fafea49c20e6d857aa6e10

Analysis

max time kernel
152s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
01-05-2022 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

discord-nitro-generator.pdf
Size

71KB
MD5

06ba36ec8ee62bc7e896b57c1b5377d4
SHA1

29e0415d16f52b4bf4f143e120a777233835ed2c
SHA256

a2adb32d2058d835639b4d5d7968206dcf3d06f5f8fafea49c20e6d857aa6e10
SHA512

e24516e5674967dab69e9457182bc0c491818eb3e74b782816cf436e191aba8f9bb833183715e114a86234a4643cb22c874cbb1debb73d8fe394d772b320cdf1

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20846aa4-fb29-4c72-86df-72a03ec87951.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220501213425.pma	setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exeAcroRd32.exeidentity_helper.exeAdobeARM.exemsedge.exe

pid	process
876	msedge.exe
876	msedge.exe
4792	msedge.exe
4792	msedge.exe
664	msedge.exe
664	msedge.exe
4280	msedge.exe
4280	msedge.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2240	identity_helper.exe
2240	identity_helper.exe
1848	AdobeARM.exe
1848	AdobeARM.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe
1780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

4280 msedge.exe
4280 msedge.exe
4280 msedge.exe
4280 msedge.exe
4280 msedge.exe
4280 msedge.exe
4280 msedge.exe
4280 msedge.exe
4280 msedge.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

AcroRd32.exemsedge.exe

pid process

2384 AcroRd32.exe
4280 msedge.exe
4280 msedge.exe
4280 msedge.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid process

2384 AcroRd32.exe
2384 AcroRd32.exe
2384 AcroRd32.exe
2384 AcroRd32.exe
2384 AcroRd32.exe
2384 AcroRd32.exe
1848 AdobeARM.exe

pid	process
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe

pid	process
2384	AcroRd32.exe
4280	msedge.exe
4280	msedge.exe
4280	msedge.exe

pid	process
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
2384	AcroRd32.exe
1848	AdobeARM.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 2384 wrote to memory of 4440	2384	AcroRd32.exe	RdrCEF.exe
PID 2384 wrote to memory of 4440	2384	AcroRd32.exe	RdrCEF.exe
PID 2384 wrote to memory of 4440	2384	AcroRd32.exe	RdrCEF.exe
PID 2384 wrote to memory of 3596	2384	AcroRd32.exe	RdrCEF.exe
PID 2384 wrote to memory of 3596	2384	AcroRd32.exe	RdrCEF.exe
PID 2384 wrote to memory of 3596	2384	AcroRd32.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 2384 wrote to memory of 116	2384	AcroRd32.exe	msedge.exe
PID 2384 wrote to memory of 116	2384	AcroRd32.exe	msedge.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 220	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe
PID 3596 wrote to memory of 4776	3596	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\discord-nitro-generator.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:4440

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:3596

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=542CA0DF83EFA824F93ED04B7B92DD62 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:220

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A46C3271176D449A96FD9B25B0549E22 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A46C3271176D449A96FD9B25B0549E22 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4776

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CA87B2307A63ED5EAF42B2D46F7DDB21 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CA87B2307A63ED5EAF42B2D46F7DDB21 --renderer-client-id=4 --mojo-platform-channel-handle=2180 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4896

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3E488BBE4C68055E6B491AD19658716C --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4908

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=10D99D2E8201493D2C3983B661D71ED5 --mojo-platform-channel-handle=2548 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4820

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DB4BA5BBCBEC72ADFD6A60BF2913AF4B --mojo-platform-channel-handle=2368 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.freehlp.com/
2⤵
PID:116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff83e9746f8,0x7ff83e974708,0x7ff83e974718
3⤵
PID:1760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,13455269254970568477,16273166835353436426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
3⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,13455269254970568477,16273166835353436426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.freehlp.com/
2⤵
PID:4044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff83e9746f8,0x7ff83e974708,0x7ff83e974718
3⤵
PID:2604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5622948243670783848,12730498093389337436,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
3⤵
PID:1156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5622948243670783848,12730498093389337436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.freehlp.com/
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff83e9746f8,0x7ff83e974708,0x7ff83e974718
3⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
3⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
3⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
3⤵
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
3⤵
PID:5272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
3⤵
PID:5456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
3⤵
PID:5592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5832 /prefetch:8
3⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
3⤵
PID:5916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
3⤵
PID:5980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
3⤵
PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3816 /prefetch:8
3⤵
PID:5288

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6712 /prefetch:8
3⤵
PID:5792

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
- Drops file in Program Files directory
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x240,0x244,0x248,0x21c,0x24c,0x7ff6a2e25460,0x7ff6a2e25470,0x7ff6a2e25480
4⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6712 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
3⤵
PID:1156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
3⤵
PID:224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3140 /prefetch:2
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2076,2815875936394184917,406739643555743357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3112 /prefetch:8
3⤵
PID:684

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:3
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
3⤵
PID:5508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5200

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
1⤵
PID:4568

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
Filesize
471B

MD5
4e198b633a601a637885ddeb5269c34f

SHA1
c8c5db74019821aca1de872065d9252a416d16e0

SHA256
e3e8cbe4318ca0b6f0c3c1870aae65f969d7c15b084a45127e03d6bab6b380f8

SHA512
876b58ce241ae66b3e0906b73b55e6ec5f92be1c8d2ce25ffe0e5ddf1f0a2f449b0ca8bc48db8a072f034b7b38029597a605b085b5675b5df7c210ce30abcaeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
Filesize
471B

MD5
d0cf0ee3640add6997d3d75d473bb637

SHA1
3fec8d0f12dbe470da36dfd0f723c1c10147790d

SHA256
703655e18d173d3fa7332476cfabbe37c0bdbe14eb58a554298fa2c4fa5945aa

SHA512
5a02f49b2bd0fa76dca3cf4d68c36acd4baccf4024a3102f47d947bbb7b74dfc0344573417a922c01fb7fc69ec600fec70c40c1925faf67f5bec9d84e789fe53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
Filesize
434B

MD5
34648c6f09cca7252df06cf2eeb77692

SHA1
da6df636b20cbe2fdc4cd80c0336a4a2267ba61f

SHA256
d91eb410530ca1c9d524ccab60c6636466f731f7a6ab3aa26a8eaf11e025a8bb

SHA512
ed164531e719995daf11a8df52025182463a72c17f8bf818b8e89ffccf415f91a81f4befa59f49f08328f06a61041bf6743974dc7ceaa75c35a24b45220997d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
Filesize
442B

MD5
44018ecfe6f099c55ca289abb4d5c407

SHA1
5f47d843e082f42e37ff2486b1f5a560f2afd446

SHA256
509f539162efa0c5cfa89d71ea5d2f82ecea8ff024ba8a4215dcdd0a4bd077fb

SHA512
4e4cab68282eddd2c771d514d8f3bc6fb29c007a719c4d03f2f285da4db225e6be1fc0294349392f036aa7da14ccf4aaa7680beeac747b88d39a4b6ff4192a7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a18a109bb6cb1cc7f81791a89eb27564

SHA1
44f4dd33c5fe31d3137439f1786d7f9a81167f03

SHA256
f3f8694f3c043727f800096340b7acc0585f732a441e23c082bf41f2c2ecede1

SHA512
31a3c9169e293767ae857b1ac6987288a24bd63bbf3a85e2485f6a9b69ce5d3967d87e623e58284efc557015bd4416337f216740fe066fb918c6ab3a200b5f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a18a109bb6cb1cc7f81791a89eb27564

SHA1
44f4dd33c5fe31d3137439f1786d7f9a81167f03

SHA256
f3f8694f3c043727f800096340b7acc0585f732a441e23c082bf41f2c2ecede1

SHA512
31a3c9169e293767ae857b1ac6987288a24bd63bbf3a85e2485f6a9b69ce5d3967d87e623e58284efc557015bd4416337f216740fe066fb918c6ab3a200b5f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a18a109bb6cb1cc7f81791a89eb27564

SHA1
44f4dd33c5fe31d3137439f1786d7f9a81167f03

SHA256
f3f8694f3c043727f800096340b7acc0585f732a441e23c082bf41f2c2ecede1

SHA512
31a3c9169e293767ae857b1ac6987288a24bd63bbf3a85e2485f6a9b69ce5d3967d87e623e58284efc557015bd4416337f216740fe066fb918c6ab3a200b5f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a18a109bb6cb1cc7f81791a89eb27564

SHA1
44f4dd33c5fe31d3137439f1786d7f9a81167f03

SHA256
f3f8694f3c043727f800096340b7acc0585f732a441e23c082bf41f2c2ecede1

SHA512
31a3c9169e293767ae857b1ac6987288a24bd63bbf3a85e2485f6a9b69ce5d3967d87e623e58284efc557015bd4416337f216740fe066fb918c6ab3a200b5f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7b19308400c504bdc9aa1312921fec33

SHA1
61e57f79133ab680952321360d802207f23548bc

SHA256
a484d0a2e73a22c910c8de019c540e3f3cc4a77adc9ca4a1fa8aa91bde1cd31b

SHA512
c1702cd63375494612b814ea3852cfd75761dd45a12c2be0971ac86b505a03dfb2ce82ab773c6b43baec3e6b0310dddf39f7bcac10425ef2a7d3574e33b2a699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7b19308400c504bdc9aa1312921fec33

SHA1
61e57f79133ab680952321360d802207f23548bc

SHA256
a484d0a2e73a22c910c8de019c540e3f3cc4a77adc9ca4a1fa8aa91bde1cd31b

SHA512
c1702cd63375494612b814ea3852cfd75761dd45a12c2be0971ac86b505a03dfb2ce82ab773c6b43baec3e6b0310dddf39f7bcac10425ef2a7d3574e33b2a699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7b19308400c504bdc9aa1312921fec33

SHA1
61e57f79133ab680952321360d802207f23548bc

SHA256
a484d0a2e73a22c910c8de019c540e3f3cc4a77adc9ca4a1fa8aa91bde1cd31b

SHA512
c1702cd63375494612b814ea3852cfd75761dd45a12c2be0971ac86b505a03dfb2ce82ab773c6b43baec3e6b0310dddf39f7bcac10425ef2a7d3574e33b2a699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
7151ad7cce05884e6fbeff9b5826d718

SHA1
c46e29abaa5ad441059c7b44190a85ece1768997

SHA256
eaa281b52ef379f11ec373cd1d366a524b97155a61f353b515fc22a60287de74

SHA512
076d16c3c94523826c8ff655e950f3a04a712fa1de8d71d27482daac667d3c2c20ad6cbb34b5ea02fe6a9c32114d81d11feecf59594376f89ab4453512083e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
0ac5acc771dabd5c1ab6fce197100c23

SHA1
cef86c9e022577ac3d0d75179188cdc2c16b91b0

SHA256
ee25af86ee25c9719c499fc9248c4ad41e91bfde0db233dac5cd794561b670f8

SHA512
0cc1b1f2f8271a41d94c4d8e2eb4b0931b6b39a6a0d85c4fc236ee2a8c3a89baed8aaf9934765637ac89af21e04779212fc7422f2a55505a4ef62aedb7c54b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
7151ad7cce05884e6fbeff9b5826d718

SHA1
c46e29abaa5ad441059c7b44190a85ece1768997

SHA256
eaa281b52ef379f11ec373cd1d366a524b97155a61f353b515fc22a60287de74

SHA512
076d16c3c94523826c8ff655e950f3a04a712fa1de8d71d27482daac667d3c2c20ad6cbb34b5ea02fe6a9c32114d81d11feecf59594376f89ab4453512083e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
0ac5acc771dabd5c1ab6fce197100c23

SHA1
cef86c9e022577ac3d0d75179188cdc2c16b91b0

SHA256
ee25af86ee25c9719c499fc9248c4ad41e91bfde0db233dac5cd794561b670f8

SHA512
0cc1b1f2f8271a41d94c4d8e2eb4b0931b6b39a6a0d85c4fc236ee2a8c3a89baed8aaf9934765637ac89af21e04779212fc7422f2a55505a4ef62aedb7c54b6e

Download Submit
\??\pipe\LOCAL\crashpad_116_HUHSPDDPCTCJZXGR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4044_DFGGJGNEIFBCIXVH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4280_REDVCXXYYQJCFRLK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/116-133-0x0000000000000000-mapping.dmp

Download
memory/220-134-0x0000000000000000-mapping.dmp

Download
memory/220-172-0x0000000000000000-mapping.dmp

Download
memory/224-211-0x0000000000000000-mapping.dmp

Download
memory/664-178-0x0000000000000000-mapping.dmp

Download
memory/684-218-0x0000000000000000-mapping.dmp

Download
memory/876-166-0x0000000000000000-mapping.dmp

Download
memory/1132-157-0x0000000000000000-mapping.dmp

Download
memory/1156-177-0x0000000000000000-mapping.dmp

Download
memory/1156-209-0x0000000000000000-mapping.dmp

Download
memory/1760-139-0x0000000000000000-mapping.dmp

Download
memory/1780-216-0x0000000000000000-mapping.dmp

Download
memory/1848-214-0x0000000000000000-mapping.dmp

Download
memory/2240-207-0x0000000000000000-mapping.dmp

Download
memory/2408-165-0x0000000000000000-mapping.dmp

Download
memory/2604-143-0x0000000000000000-mapping.dmp

Download
memory/3596-131-0x0000000000000000-mapping.dmp

Download
memory/3948-206-0x0000000000000000-mapping.dmp

Download
memory/4044-142-0x0000000000000000-mapping.dmp

Download
memory/4280-161-0x0000000000000000-mapping.dmp

Download
memory/4440-130-0x0000000000000000-mapping.dmp

Download
memory/4444-169-0x0000000000000000-mapping.dmp

Download
memory/4728-162-0x0000000000000000-mapping.dmp

Download
memory/4776-137-0x0000000000000000-mapping.dmp

Download
memory/4792-173-0x0000000000000000-mapping.dmp

Download
memory/4820-154-0x0000000000000000-mapping.dmp

Download
memory/4896-146-0x0000000000000000-mapping.dmp

Download
memory/4908-150-0x0000000000000000-mapping.dmp

Download
memory/5236-183-0x0000000000000000-mapping.dmp

Download
memory/5272-185-0x0000000000000000-mapping.dmp

Download
memory/5288-203-0x0000000000000000-mapping.dmp

Download
memory/5456-189-0x0000000000000000-mapping.dmp

Download
memory/5508-215-0x0000000000000000-mapping.dmp

Download
memory/5592-191-0x0000000000000000-mapping.dmp

Download
memory/5724-205-0x0000000000000000-mapping.dmp

Download
memory/5724-195-0x0000000000000000-mapping.dmp

Download
memory/5916-197-0x0000000000000000-mapping.dmp

Download
memory/5980-199-0x0000000000000000-mapping.dmp

Download
memory/6000-201-0x0000000000000000-mapping.dmp

Download