91573e2aad89c56aafd30ee2dd1155ef1e2b38a2d2856a3201e1f600e6685217

Analysis

max time kernel
151s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
21-05-2022 23:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91573e2aad89c56aafd30ee2dd1155ef1e2b38a2d2856a3201e1f600e6685217.pdf
Size

38KB
MD5

e9f991cbda73482d20734d9cc7572c78
SHA1

a0137943995f841b37ead9d62e2d3c15e1027615
SHA256

91573e2aad89c56aafd30ee2dd1155ef1e2b38a2d2856a3201e1f600e6685217
SHA512

0448d38a7e817cf342eaa63f50962683e30e5c7b1aa0be8c836cee29d174a35c806a9d14f259e4388f9d25be08534250a419af42a5ed6a2e937c8a6f27cd35ff

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e1b48d42-f9e6-4c22-9e10-d3fdcb5a6ae8.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220522012429.pma	setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exeidentity_helper.exeAdobeARM.exemsedge.exemsedge.exe

pid	process
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
4704	AcroRd32.exe
2352	msedge.exe
2352	msedge.exe
4288	msedge.exe
4288	msedge.exe
5136	identity_helper.exe
5136	identity_helper.exe
4604	AdobeARM.exe
4604	AdobeARM.exe
6084	msedge.exe
6084	msedge.exe
5812	msedge.exe
5812	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exemsedge.exe

pid process

4288 msedge.exe
4288 msedge.exe
4288 msedge.exe
4288 msedge.exe
4288 msedge.exe
4288 msedge.exe
4288 msedge.exe
5812 msedge.exe
5812 msedge.exe
Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exe

pid process

4704 AcroRd32.exe
4288 msedge.exe
4288 msedge.exe
4288 msedge.exe
4288 msedge.exe
4288 msedge.exe
5812 msedge.exe
Suspicious use of SendNotifyMessage 2 IoCs

Processes:

msedge.exe

pid process

4288 msedge.exe
4288 msedge.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid process

4704 AcroRd32.exe
4704 AcroRd32.exe
4704 AcroRd32.exe
4704 AcroRd32.exe
4704 AcroRd32.exe
4704 AcroRd32.exe
4604 AdobeARM.exe

pid	process
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
4288	msedge.exe
5812	msedge.exe
5812	msedge.exe

pid	process
4288	msedge.exe
4288	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 4704 wrote to memory of 2780	4704	AcroRd32.exe	RdrCEF.exe
PID 4704 wrote to memory of 2780	4704	AcroRd32.exe	RdrCEF.exe
PID 4704 wrote to memory of 2780	4704	AcroRd32.exe	RdrCEF.exe
PID 4704 wrote to memory of 3032	4704	AcroRd32.exe	RdrCEF.exe
PID 4704 wrote to memory of 3032	4704	AcroRd32.exe	RdrCEF.exe
PID 4704 wrote to memory of 3032	4704	AcroRd32.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 3036	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe
PID 2780 wrote to memory of 4084	2780	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\91573e2aad89c56aafd30ee2dd1155ef1e2b38a2d2856a3201e1f600e6685217.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4704

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:2780

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=532D185254BE14759344F2B41F81AA80 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3036

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=908EDCC246892E44B90D461C5485A5FA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=908EDCC246892E44B90D461C5485A5FA --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4084

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=38342CC61CD177F6D5C0C66E8431E3EB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=38342CC61CD177F6D5C0C66E8431E3EB --renderer-client-id=4 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4480

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=61B854947742C70E5A0105B0360053FC --mojo-platform-channel-handle=2576 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4824

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D029BB97589BD4260AFAFF6656021624 --mojo-platform-channel-handle=1896 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4468

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A73D8D5591A617D7E2B973E37F39FA1B --mojo-platform-channel-handle=2556 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5036

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bit.ly/3cBxHoA
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffd672446f8,0x7ffd67244708,0x7ffd67244718
3⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
3⤵
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3024 /prefetch:8
3⤵
PID:3780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
3⤵
PID:4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
3⤵
PID:4024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
3⤵
PID:2756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5264 /prefetch:8
3⤵
PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
3⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
3⤵
PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4208 /prefetch:8
3⤵
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
3⤵
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
3⤵
PID:1492

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
3⤵
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
- Drops file in Program Files directory
PID:2904

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1bc,0x22c,0x7ff7cfdd5460,0x7ff7cfdd5470,0x7ff7cfdd5480
4⤵
PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5136

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:3
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4604

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
3⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bit.ly/3cBxHoA
2⤵
PID:1416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x84,0x104,0x7ffd672446f8,0x7ffd67244708,0x7ffd67244718
3⤵
PID:3204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3384

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
1⤵
PID:1216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0x11c,0x128,0x7ffd672446f8,0x7ffd67244708,0x7ffd67244718
2⤵
PID:5836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9204369411491290206,9657741786951824308,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
2⤵
PID:6068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,9204369411491290206,9657741786951824308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,9204369411491290206,9657741786951824308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
2⤵
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9204369411491290206,9657741786951824308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
2⤵
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9204369411491290206,9657741786951824308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
2⤵
PID:2288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2176,9204369411491290206,9657741786951824308,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 /prefetch:8
2⤵
PID:5172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4332

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
Filesize
471B

MD5
b1eac539ecc6b08ea2692c719c4cce78

SHA1
41f5d699c6d9a323f541ee1540452d08c35f2222

SHA256
5a271241e64b31711d273186c61eeb9e431ca96028da8475aec88a0fc616778a

SHA512
0713def9fb15e02e74a9124e35e8008a1f3bb5e5c6e8539577e7b20dcf7858dc085e85856fa1cbf227f95bde1a6ea994d1840b4f2523793340433aa97fe6ad87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
Filesize
434B

MD5
94ae332aa675683c6ec417e388589e1d

SHA1
d1bc1e9ca0d29e29ff693c3674404b85c927cc11

SHA256
38e6754224444b6d451adaf9f255e649a9607c7b58442cb856d1a679ab65f901

SHA512
e46e343481890e2ae6b81a54e12f19e793432ea17a9a93bfbfb56aabf125c1bf15a2a44bb3c02158e11c84f4eb2e4dd45f63e0708e6d16beb07448a42bb7f39f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
95e22ee8bac6765a868c13fc5ca5017c

SHA1
dff7d454639c700bb4408bf2cef900337977eb56

SHA256
cb320ebc79962dfd60205d687132b62ac884924f6cf5c5a40aea28fd2bc44802

SHA512
47fb43256f59834aaf626e3c9c9e20f71afbb018f64755d8e05f6cbd8dde21e1c14049192a90bffd99413a58a0cacebdd8bce7b3d464aa622d7eefad71145428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
95e22ee8bac6765a868c13fc5ca5017c

SHA1
dff7d454639c700bb4408bf2cef900337977eb56

SHA256
cb320ebc79962dfd60205d687132b62ac884924f6cf5c5a40aea28fd2bc44802

SHA512
47fb43256f59834aaf626e3c9c9e20f71afbb018f64755d8e05f6cbd8dde21e1c14049192a90bffd99413a58a0cacebdd8bce7b3d464aa622d7eefad71145428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
05721a05c0541504b0919239db9c2ef9

SHA1
24bf885138e7a17d20dc9ce68a05d45faaf853aa

SHA256
5ae291c088eeb9671bed130a3c2d0ffe4024cfe846f0ace439f735f92eeda28a

SHA512
b4b337cf5fb7fc1459b307b9554a2ced53410a465ed32434b1bff9ff194bc9d7e09b0b00623cd2a7209a3bb4d11408bfd7ffff86e6581ef8762d3ddc6a4780ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
64c8d514c8e3bd88618e2c078d2b85df

SHA1
cf536d51c7b8fa7dea053ebddf0a50a0a010f2c8

SHA256
93cb03f76d8e36d71f1d575e680fb29079fa829ec18b1b29a7ff72c78d79a28c

SHA512
93b4c0944af789da1700b81aa8cd5d7da0fce299936d2a9f48312d3e7dc41f44e831e189edda67be88bb0e23a7d68297da6d37afbcf8000c58a83e2aabeaac97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
cadc17c44250d766f5492d01b9f23bc0

SHA1
993e4843fa84f8c3056a6ab2b00cc79a12eed02f

SHA256
58f58c0947737cba841e83ff24b595fe8a4da46d566a1304c532afcda133060b

SHA512
b9ca2cc1501eb25832704fdf0eecce752c48baedecd554f4125486d7bbcad482762087a5517bae1d3f67ee7eb74f936696c6621a897064106a3e9f78a0fa4395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
388a4fef4fd6dbe0124d7b678ed0ed4d

SHA1
5954014aaaa6dc77669ff8cf39f7e757a8cfb415

SHA256
f63d63ee44049b9e8bebb77afcca8a7d4f19ef4debda015d211e5dceddc39385

SHA512
822fb8caf0678dcff97863e529f71f9b743bc092195fc754c8cae4db30a86e3d1fa9500457b3f4408f4636de19b36d058a9ed25a629b678e8468650041be700a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
fe449d93573e5a7772b97ba7511186c7

SHA1
a5dc882dd45884e2937045171b2f3a62530485b3

SHA256
859bce5bb9852189df8e0a62996f9e2782bee2f7224a797fe95947d98cbfcb13

SHA512
01b1bf48a9dabdd391870f5934082df3e48fb5b901fd08cd843c3e4cd9c7959dd1acb83dc1d6e21cd8e89306adb614fa6cd31b180c2b47b064dd364ac89e58b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
9b594864562096aa175ef6919ab8ad10

SHA1
989417e281593e0c412be84df99d941824f2969c

SHA256
2cecabaaf67d0d64e2b0f814817f24e2daf3435fd3aaeea5ffe334c2628221cf

SHA512
10a9796677731fa23ff1472b75b077790305f077aa90ae724d3fb5b9737c54f97b546d0957b7ee8e83de75f74f6e1bbb8630ada28a7d0ddba4bdcf875ef731a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
7695b2e7c9347dfd396a59a7cc988449

SHA1
ec9c7ef4c35ff4a75f0a0d1d7cae9e9ebb6d3b42

SHA256
0cb751e08f5298362cb36a2e60844f17976af2733728863ca6a5bb8ebe972137

SHA512
3c5360e123cd314bea2c4804f6d03c6ee0391029a5aedc435e9617f4bba7d05449c418059ffa0c9923f39ea53b01a6f4f75f14575e77927a56d8081f46e6266f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
1KB

MD5
62d1ed719b064c5d2be43b016d6e699c

SHA1
43e9797350ed22e414ab3020f2299b162222d93d

SHA256
80f3fc950f632c655673d97af5973bded672f589553e3af1e5f796bf9600fde6

SHA512
738c79f7c57e97fd9ab233947232a13c79cfb22c270a721737b72dfa0fdcade6982b1c293dc0c04fa9b645fea93c0d452241acd1ddcd87f5eb5d213869fa65c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
84cd668c9f91b1f2d9e3c11a4c84b0cb

SHA1
99c70fc6fc0dd237dd6eff507cc2569973e87ba8

SHA256
6ca88a5e0b43b26bf202a433d57dc92151156723949473cedff805f234b86c93

SHA512
f2af68a16ff3d65d279349dc608edcb0242c53bf483144feaf5ea2c120c0afb2d9ce5b8a3f11e9b9da7c12363eac09fbdf9da2eb04dfbf215a51e0061b5b31f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
29d56fc305e40f01032bf0076b086ef4

SHA1
b3f62e1be6c185481d0181550e55ac228e5e98f0

SHA256
b54c09a00f8f979364b45651faf823a656e6072759b630fe05f7c0c1ad23ff1f

SHA512
562a487fbeddb48902b34fbfca63454d6ec116c479b0eab7a964489b7c2bba67c4371b6c5bf6bcf8fed9fe6c29800e990e2f9fabf02805500df63d1f10622016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8c21ef6cf6203ed810c59a1243fc38a9

SHA1
8311c37c0ac452e5d302b277a1ed9a5cf859e328

SHA256
7ca3be630ce173bf0a18d83541284f10340e5a55fb81be1df2360909430ffe6f

SHA512
f54f9297b07945ee8edfb7123855f9cff61051277411855aaae91503ce8cb23aef0ae3ba37d6def7293f572a34b148af3a86b82b8ab8aff8bb4c88f9a8db3fbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
9648b61cf547c74ebfd5d58d8b9508e5

SHA1
7f183f759aba7582ee6a1bf306b559cfab2962fd

SHA256
b0b8594fce4b1b57bb18433bf8d8213769d73f752c7c4536ef54ff91d17036a4

SHA512
bc08032c4799659340a1c0d74a351c478b4f12bf05998aef2d44a325567f4b38b49353f74a22c25f68a9333371a37cf07e34cbc23310da5e2df163aad7bb8493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
Filesize
752B

MD5
10507d84d893e72387d7e38ed4940f8e

SHA1
3355ab0bfae2b3b6298c77346f183a320b191895

SHA256
7dc407f0e283ab87f0f934da64151dfffcf7e72831a67c0e1de9043a05feeedf

SHA512
1a64059fa0771e210acb8d1905dfc6e5ab90656db7cc33d0e891604440fa3ff7081efd491652696f71f718923657f6996bfeb7f8d3dde3b218f10254aa41ae7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
Filesize
295B

MD5
738a989b465c3675cf02b2522b52fb8a

SHA1
6d63da13fff527d7e85f72402264c48a947fac4e

SHA256
6c327e8a6091524b6aad76354167ca8b265e08f84df9897b40bd8617349962c7

SHA512
4cdb1592928bac2afad512606a06b9040c180a9a138b8fda8252565927fc4c9dcd4f925b23cf8b24769c80cc64e46aacbc7d8fd111294954b1e87dab5543898f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13297656329263348
Filesize
1KB

MD5
7e2018fc59287094f3945c0549a5cfca

SHA1
1a8674bd0e8f69ca22d01f68e1041b9865103f1e

SHA256
f29626fc4e68e41e0d2c288c36da25ff6067a46cbac140b2b5a215ea41832332

SHA512
e0802617894519372fc08e816609e0a8df643166a322336842734e95536d3194890cae33a751757c54f24897868440ed1d76b5d550fdf176342a0da28bcbeaa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
184B

MD5
934af34453e0ea621ca5cc60688bfec3

SHA1
891c30d787aaa6d862df72bce1b68b5e30051769

SHA256
8a6618595c7f5fd0ea6377913040d327d3ac2ddcf398a8301a3a4c350d70e90a

SHA512
72a1a3f5bd7c1e2229638a9d73628980809775418cc90f9f3eba818df3c66997c2f42b0c4c10d3f5dcd4b3882baf07aaea332e2a68f1a937f3ec62f8ea0bb8be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
f1fb71fed99307cd229c54263b74763f

SHA1
39e1524fa57802920d9fc2586a149c7acee9af5d

SHA256
adace98222bb3d7f1ab09d8cf61272c678fadfbd4b74bac16606d4a1978428d2

SHA512
f03b8d2abaf23bbcc452ebdba187e50ca180722eaebfba199db7850b179f2cb15ae6563e0eddfc200593de4f52831943ddac11dab0672ed8236c0ed338da2070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
de3e549bfdd69ebf1dc4c6e51cacb0c0

SHA1
23c43480a707ca11a3c46f374f8e39e30fca09ca

SHA256
823be956d989ad859d9e6c3758dd24d433880e6283c0a828c1fd1c1486880cbb

SHA512
82df844a5f81fe3008635a37579eb061a63b2f2cd34223d81443bfa4a62a5a5a8f9911ab8de27709f5ea9a01993f641879c68a50f34f3441ab791ef7a409aceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
7f005eaa803e43d4419e3370178bd05e

SHA1
8defbe7a9f065542c8f813e2f09b5490fd56310e

SHA256
cdb5c6dc419e7976f15be130e636501e60b7e15c2d7a7e650b840c8a266ae718

SHA512
231b6b7a29e3325086b7ca47bfbd66ab90b9caefffb8c0f187148ccb18d09d579d6c83aaafb0086c4551a6eed4a24dfa3f385f5e4b10d5740a49626458925e1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
4b3722c78f76e8aff067803731ab9f92

SHA1
51603976609cf38a6d7c7dd70c4ad2ecafd67c20

SHA256
d5a77e75a5e7879585c25536f4ac100d5964884eb53f3fb998c26e178808474f

SHA512
0d49581d8207d3378996571f1c14ba32b78c227aea3dc11da4b1b080b72752cff9264986365230331e6492038c9deca6424a919175e1bb89b4cced74aaeff633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
52KB

MD5
f539f7e706c06900d5c208d253617295

SHA1
a6c2638273d196354ac365c45b1e9433b6320b53

SHA256
5ed2218d5e3550c225123e32d34dcacd76bfcf19fc2f1852570a97f027d2860e

SHA512
40a3b55c9615f968ff6ce8e71860eed8ec8ef18bc0dceab00b00d079c4d4e6f1702c7de3860729c1996cd345c8917ea86ef337b84e2626e483124890f475ec79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
297B

MD5
6d7c538793a6562396e2b0c219756986

SHA1
d6ef0120c689d77969b4ca1e41f77e164c88712e

SHA256
ebc5663a0b5f90661df82a4be8f787c5bdb3cc31c97c844775024f1b65e29438

SHA512
0a1b54df0f5a5dc50ee4aa3b6587571cc5c70ed6ddda317c35adb4a1d6cb164e420be68b7d7dfcbb8a69413cab956820de0204a7d094e292641aa875106bd338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
affa134fc91d666fef8e91c01985bd35

SHA1
12d5c84de6e1adc584b5d2020ee0c93609b896d8

SHA256
e8ecfcde6166c5d32e9f171e76dbad42ae51894951922672a3609a5d224ba950

SHA512
5297ae3582cb067325b111465ce959f0978cdc6af3bdb03b8708dd4f0ec3d0d42a6332dc0ed8ab248e2743ff0b3d42b3f4c7b4310e219ea1aa713decafaf0a83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
1662d440645917e187aa6cc56d55fc0e

SHA1
2698b08f336b40e59b03ab0d5adba33787a4663c

SHA256
6f8c892d26cbfe9f7d5dd29d6a7f4a3b266aa45934e84d41d8ee2eeb39e15704

SHA512
d1c9e127979e41d79f69cf7d5a682ee72cd0ac523661dbf03469ac5e76316228a4db48c8d92b73babb05ab40cdc31a3445d709edb2adb7127a7cec5a177c50f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store
Filesize
1.2MB

MD5
ab055b2a2d668e483f5df59a469f0f37

SHA1
84350e1d65a84a7bd8906b372f03b5d45d70bce7

SHA256
f343a3ccf7e887ec6ef90d8e500cf3b7253c5e67e2e7fa6fcc03ae48f661260a

SHA512
bc9d3dff7bd32fadcf2f8b0b360bf268b74240b297e8876bfc047228b01a6fee028854e81fc62da5d3e03fa78eaf8256b010521c32318b18e7d089b18bff8674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
0346ed0a5606d0cb46d8b737aceb70a6

SHA1
85506891ad4619bc57eeb1273ba8a715c2f6a0aa

SHA256
d33c595aea90e0c5cd23bb7e67fc9d3a62a85e93e985edc7d6d54822eddd2256

SHA512
a98432e9b98afcb549b1b5ae25bf3e498cf445f463ee1fa682d6469db0cb3dca1e9d5b1c40e8205e06ccee4ae87b888a9bbe29bb394cd1947009bdb04dd70269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings
Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris
Filesize
40B

MD5
cde9d60139fadda7aadecd7cf0d576f9

SHA1
6c0d79e8641db0bfc8f6f5c029a6afe2b062d254

SHA256
95ca91f50a0e66e50d46ba039b06b2d1753433760426ab4a9da974fe7e7bf259

SHA512
59cc8c2eb2bee9d69034359cc05e8e93fdddd642efe5bccea9f12e9f74e5675970d841657dc3dedbd8f73b31d47abbb470e63167de89674e2cbc85ab41c86299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637887714333160345
Filesize
5KB

MD5
3ac68f63141f5f2a6f88eedc3a3572c1

SHA1
586c031bebea3e88bc311a7a77eac6c3bc8bd63a

SHA256
b9bde97d4b0c08d6ca20771a951f1ddd286a550349eb97e560dd7cefaf2dbf45

SHA512
0065efe27f4b330331a4ec5a83e865df131ab6ab8fd1e60bb9604f31effdd5ee4dc6de714fa0134800ffbd33c255de72898ba34bbe892068f429fc46eb1707e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic
Filesize
29B

MD5
ce545b52b20b2f56ffb26d2ca2ed4491

SHA1
ebe904c20bb43891db4560f458e66663826aa885

SHA256
e9d5684e543b573010f8b55b11bf571caf0a225cdea03f520091525978023899

SHA512
1ea06c8e3f03efdd67779969b4cdf7d8e08f8327298668a7cffd67d1753f33cf19e6995a3d83fe45185c55b950f41e48ac71b422b91e8d0180b5bdd07cfacfe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_637811103879324684
Filesize
450KB

MD5
a7aab197b91381bcdec092e1910a3d62

SHA1
35794f2d2df163223391a2b21e1610f14f46a78f

SHA256
6337fe4e6e7464e319dfcdadf472987592013cf80d44916f5151950b4a4ca14b

SHA512
cffd7350d1e69ada5f64cafe42a9d77e3192927e129f2903088b66b6efc9626b5d525aedca08d473ad8fa415af1d816594b243609237dc23716d70a2ca0eb774

Download Submit
\??\pipe\LOCAL\crashpad_4288_WRSMNSYWBFDJKQZG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5812_JFNBKZBGXNHRHWJP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/692-189-0x0000000000000000-mapping.dmp

Download
memory/1372-230-0x0000000000000000-mapping.dmp

Download
memory/1416-162-0x0000000000000000-mapping.dmp

Download
memory/1492-185-0x0000000000000000-mapping.dmp

Download
memory/2020-159-0x0000000000000000-mapping.dmp

Download
memory/2288-243-0x0000000000000000-mapping.dmp

Download
memory/2352-160-0x0000000000000000-mapping.dmp

Download
memory/2756-173-0x0000000000000000-mapping.dmp

Download
memory/2780-130-0x0000000000000000-mapping.dmp

Download
memory/2904-188-0x0000000000000000-mapping.dmp

Download
memory/3032-131-0x0000000000000000-mapping.dmp

Download
memory/3036-133-0x0000000000000000-mapping.dmp

Download
memory/3204-163-0x0000000000000000-mapping.dmp

Download
memory/3388-175-0x0000000000000000-mapping.dmp

Download
memory/3508-157-0x0000000000000000-mapping.dmp

Download
memory/3620-155-0x0000000000000000-mapping.dmp

Download
memory/3780-166-0x0000000000000000-mapping.dmp

Download
memory/3952-177-0x0000000000000000-mapping.dmp

Download
memory/3960-179-0x0000000000000000-mapping.dmp

Download
memory/4000-183-0x0000000000000000-mapping.dmp

Download
memory/4024-171-0x0000000000000000-mapping.dmp

Download
memory/4084-136-0x0000000000000000-mapping.dmp

Download
memory/4288-154-0x0000000000000000-mapping.dmp

Download
memory/4468-149-0x0000000000000000-mapping.dmp

Download
memory/4480-141-0x0000000000000000-mapping.dmp

Download
memory/4504-169-0x0000000000000000-mapping.dmp

Download
memory/4604-156-0x0000000000000000-mapping.dmp

Download
memory/4804-181-0x0000000000000000-mapping.dmp

Download
memory/4824-146-0x0000000000000000-mapping.dmp

Download
memory/5036-152-0x0000000000000000-mapping.dmp

Download
memory/5136-190-0x0000000000000000-mapping.dmp

Download
memory/5172-245-0x0000000000000000-mapping.dmp

Download
memory/5236-218-0x0000000000000000-mapping.dmp

Download
memory/5836-191-0x0000000000000000-mapping.dmp

Download
memory/6068-202-0x0000000000000000-mapping.dmp

Download
memory/6084-203-0x0000000000000000-mapping.dmp

Download