Analysis
-
max time kernel
61s -
max time network
66s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
28-09-2022 00:17
Behavioral task
behavioral1
Sample
Notificacion.Acesso.Liberado.de.Productos.pdf
Resource
win10v2004-20220812-en
General
-
Target
Notificacion.Acesso.Liberado.de.Productos.pdf
-
Size
49KB
-
MD5
53d4fa2921e8e81df5112bab504670a1
-
SHA1
7e7d3f3a1dc52025b64bd6e13e94b1f5091e29dc
-
SHA256
aff3bf977f45ce268d4bc75cfee57f3b6d7ca4c2d0a7ccafa0025947e29dd7cc
-
SHA512
7fc3937bee2932c1aca9d3bafead4842d2277e64287c76dd6b3b63dd142aa29314f43fa964f599d998a21c31992a784c7fe8e9f7bae748ff36e0edce3eac2b97
-
SSDEEP
768:tvFqpQj3W80Urig3//rg2MBmL7NiLMHJzoaWN7fC/iagqSuoftgAmS/bx3Yjgbmy:tUu0I7g9MAt68goftpmQbx+Amy
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Drops file in Program Files directory 2 IoCs
Processes:
setup.exedescription ioc process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\64b749bf-ed6f-467b-8530-f4b1d3a6409e.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220928021810.pma setup.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 30 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exeAcroRd32.exemsedge.exemsedge.exeidentity_helper.exepid process 1092 msedge.exe 1092 msedge.exe 3100 msedge.exe 3100 msedge.exe 528 identity_helper.exe 528 identity_helper.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 4008 msedge.exe 4008 msedge.exe 5456 msedge.exe 5456 msedge.exe 1060 identity_helper.exe 1060 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
Processes:
msedge.exemsedge.exepid process 3100 msedge.exe 3100 msedge.exe 3100 msedge.exe 3100 msedge.exe 3100 msedge.exe 3100 msedge.exe 3100 msedge.exe 3100 msedge.exe 3100 msedge.exe 3100 msedge.exe 5456 msedge.exe 5456 msedge.exe 5456 msedge.exe 5456 msedge.exe 5456 msedge.exe 5456 msedge.exe 5456 msedge.exe -
Suspicious use of FindShellTrayWindow 7 IoCs
Processes:
AcroRd32.exemsedge.exemsedge.exepid process 3048 AcroRd32.exe 3100 msedge.exe 3100 msedge.exe 3100 msedge.exe 3100 msedge.exe 5456 msedge.exe 5456 msedge.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe 3048 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exemsedge.exeRdrCEF.exedescription pid process target process PID 3048 wrote to memory of 5020 3048 AcroRd32.exe RdrCEF.exe PID 3048 wrote to memory of 5020 3048 AcroRd32.exe RdrCEF.exe PID 3048 wrote to memory of 5020 3048 AcroRd32.exe RdrCEF.exe PID 3048 wrote to memory of 3100 3048 AcroRd32.exe msedge.exe PID 3048 wrote to memory of 3100 3048 AcroRd32.exe msedge.exe PID 3100 wrote to memory of 3392 3100 msedge.exe msedge.exe PID 3100 wrote to memory of 3392 3100 msedge.exe msedge.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 2872 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe PID 5020 wrote to memory of 4504 5020 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Notificacion.Acesso.Liberado.de.Productos.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4ECD0019FB1EB381C983C3469CC6E882 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6BEB9BDD79B91B6854D6518B9FAE506A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6BEB9BDD79B91B6854D6518B9FAE506A --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3E9683996F14694A3BF01C9312BAB152 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3E9683996F14694A3BF01C9312BAB152 --renderer-client-id=4 --mojo-platform-channel-handle=2176 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1638148DF29701E5B96404636054DD5B --mojo-platform-channel-handle=2560 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4D11C4170ECF981E0C44161A62877C62 --mojo-platform-channel-handle=2668 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BF2744A010134CAD80CAAA2CCFA79D2A --mojo-platform-channel-handle=2592 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.clkmg.com/macacopreto/210921092109210921092⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffbdc7c46f8,0x7ffbdc7c4708,0x7ffbdc7c47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5732 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6db215460,0x7ff6db215470,0x7ff6db2154804⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3868 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14432258974605961549,9268051475144385118,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.clkmg.com/macacopreto/210921092109210921092⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbdc7c46f8,0x7ffbdc7c4708,0x7ffbdc7c47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.clkmg.com/macacopreto/210921092109210921092⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbdc7c46f8,0x7ffbdc7c4708,0x7ffbdc7c47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16198700044174081453,17722804960729581267,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:13⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04Filesize
471B
MD5655d7e29a61c1a9c590b5c88b17e50bc
SHA15a0a5f5b43c6d2062c52847bdfe17d2e31216a02
SHA256a44b1c7c935356bb47cc91db76befa8b4464313bb2f27fa4bbf81903315282f6
SHA512e85231e36d48fcb4e149d8d48353672ce2101337541a80509ac3acda8e061746ee7155951fe646363af7da1986b62a31fb6d7caf3b79f96dc89a6eaa7bc8971b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04Filesize
400B
MD5f0756099c05dfc6499d4f04c7c8e47cd
SHA1ee8f707f6009b25a53b311e16a54fe651c18fa6a
SHA2569d3b86cb46dbfa64c2b22839e00f1c8b139c353c8c68e7bc92b8ba81d50972c4
SHA51214e4748c3a6a54cf3264abaa75b00685573c409d9d243240d010b95d48db16b9bdb26a38b99bbd24b242e95894733372ed7b24f16694e57fc76e35200d88c08b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57b4b103831d353776ed8bfcc7676f9df
SHA140f33a3f791fda49a35224a469cc67b94ca53a23
SHA256bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85
SHA5125cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57b4b103831d353776ed8bfcc7676f9df
SHA140f33a3f791fda49a35224a469cc67b94ca53a23
SHA256bf59580e4d4a781622abb3d43674dedc8d618d6c6da09e7d85d920cd9cea4e85
SHA5125cb3360ac602d18425bdb977be3c9ee8bbe815815278a8848488ba9097e849b7d67f993b4795216e0c168cdc9c9260de504cccb305ff808da63762c2209e532f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58be9513fd38b94d4f6b5011b68b60326
SHA147feef421fe8de09e36ca685e9cf19d404aa8917
SHA2565bf3203e8be948e62917ebab13e1b21aec105c473089b233874fac8e5748bb2d
SHA512cb3dbfa46f3ee28956deab38fefa8276f9efa6ea978ff6b7f810f7f9ba106ed569f017cf5c840ae90fc5f83a1e6dbe50efef8e3412f4f38452a00915b2cc58bc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD518f5e10c32ecfc414aa728fe19f8ee07
SHA1f43bc12ce5b21e9a0bd189f333e5d51e2104a360
SHA25644bb451331bcdc9a7f393cea1cde6e109d1d672be33f8a18872413dc9d9fc9c6
SHA512cbf1e35a6f8c96fca85525bd7b897540c4fd86753433832d0a4b0a69d7cc0ff33ec875044eddfeba036b088fce40068c57dcd4776fce1781cc510cb8dbfa88b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-indexFilesize
48B
MD5c9fd72f612153b2e63f60c8ec351f2d2
SHA1ec5a2f4f8e4a9c2061b528a690965f4a247f8edd
SHA25644f44c73896d6f47424715fa6cf1670e14511c170c0b1e0c50734b266f2ee77c
SHA51267d047096cbac77049f2a6d281c489b0236beb392241a098de995bbb2996497036f08534a9d270fe10bc0334c31e58e966fa29178712b56b9dd720f1732e633b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\FaviconsFilesize
20KB
MD58c5aded17a19dbef2fb8c3231e841562
SHA120baf7c33f43ee0ad150b0c8f78b9274f26b9608
SHA256c4dfa9dcdf831dde412eddf8ef4a60f2b6a8947854a2ed9aaaaa958a05ee6dec
SHA5129183be45d6c2ceae5745c715dcb56a4c60e278427603b9c5c9c05408d7957f3c7f14a15e6a2579b6770336fe3626d96bc4d24835dca54e656523391eba3a143e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\indexFilesize
256KB
MD546033da826ab2263578ef68439c8f637
SHA1efa441bd65c996542fd95bb07d66d2e098f87122
SHA256b69467cc726f4850e0f684388be9f05db34c9885baea4b52f50277101bb62139
SHA512139b11ebb59c7923de85e8d0833776492b5cffb10cd86807fc977aa8cddb28893cdcb067fad5d72b8d1fa787cd02ce44da4ccb634cad9c7c9a69e903214f5919
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheFilesize
6B
MD5a9851aa4c3c8af2d1bd8834201b2ba51
SHA1fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA51241a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ea23bafe39e514cd13a1c8b3b04143b5
SHA12e69070a5e65ddbefcfd66c4737d76fa95fca95b
SHA25613e2af61ebcd40d7fa5e7016c6631e51fcf7a1628fed1813ec6d970de633cc14
SHA512ee02c5e6430e9b1ec37805c5ab33a94eeed6e5c4fd7379985a0446e7dcf8eab22b4478b4695363b50fe8df24590f8f268d1441efe55d18241f2798fd66e68bfa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD596591c046fa6b20fab45353cb48f6fb6
SHA13a6691bf67feb86ea5291248f125ed7780c01173
SHA25644ec97221a1783ef88f7564e542d8e643a56b03aecf45ef1f9296f371a9d6d7e
SHA512f2014235f213c20f1019aea777f3031143cdec22c41e43a2002cad9301e6a86f9944f4551010412e3b3a68a2734bcb5563ca33f8d13c3dbc746deaf7d3c1164e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.logFilesize
99B
MD539cd8aae72310bd79f576a42aeff1f6d
SHA1eea86496223037fd1da0ff494b4f33cba39894c1
SHA256cf866ea12b3aabbccfc5f59377edc028538e1656c1ab87d27b202ee23b191910
SHA5126d1bca1929be8a9c598baef3354fd42ae66e4a727e35778b1fe151cb2985d3465facaaac2a6459ea7c0b96663bd7bfc58fb5a3e7d76911d7410b398df6d3bbcd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOGFilesize
295B
MD5efe96328a44b8fe320a8ead14c7e230a
SHA16025f65b671bc736670bb76ac74ee628964430be
SHA256ede7416d16b45d99fea85c030d49dd978d3729f21feabbaa1afca11db8913cce
SHA512c23d52fc1e2a720f2e3d9f940b33cc4dece40df0fb73a56ce4417e9bfd5daaeeec7eb1d5bdc6de09e152e0b4159287a4d0b00a8726321a5f8acb8f4a4a00c179
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13308805104844943Filesize
1KB
MD597cf8be067a0e00901ad7422ce70efaf
SHA1bb3ac85e65117d40abe5f5c9a19a2d6ac9c930a4
SHA25677eae2e7c0d342ad4ea4fdaf587e233542ef9c89f3426bce95e2f38376050083
SHA5122dcd97978a097726da3da8b5f79e09eb2d326741c28b789a30507c96e40abdf20356dafbe79d563e24844a56e2b2e81c8e578959a9146f577b83777324d46694
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.logFilesize
184B
MD5fb1a46d28cfa682f8b7e85e90b5a6c5d
SHA1d40c206cecff1b4da035f3c9093eaddf644b75c1
SHA2563bc82525121eefb26897d0e4a32e6111fca0f00904f2cc843e9fc594e6f83f8d
SHA5121f52a55cfcbe42f11329e312bb4ff8058020d68440becae74181f84346db8e45f82a02bcbc36c9e236ec16b821adb982022779d22ecd4daaca0b24c2e3510092
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGFilesize
350B
MD51a0ff7be3c9f67c8c8b6651994422967
SHA1bc9e4ca0267e8ca8cca56c8cf671bfe739afa9fe
SHA25617b7d435a494d99e515abfcdd04ee96e7d6af6a2c0d3f7bdd17f986779aa6353
SHA512a26d1b4b4b98bbd9cea063d14b1a53f3c2cbb32c54288260c3dc8dccb2d15da8758ff793cd8df0920c0a4376ed8c1bd7eaec1066c7ce1098265a61ce6c816808
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGFilesize
323B
MD5bfd34e3a10ee9078bb9a88a856b19100
SHA14a345d9ba98695dbdfaaafee9457b0ee670b5626
SHA256aff46dfa01d5dcf716de9d2ea6a6386b4a0578deff5db5a89f2d51ff6de13572
SHA512b15c88b2bcf862c61a4e1f7129a51f27274306392d21945a853545188a6427130281afb1414ec17e54d1215f7ad211201b1c5ca81fdb4488b8148630f3b6253c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top SitesFilesize
20KB
MD5f44dc73f9788d3313e3e25140002587c
SHA15aec4edc356bc673cba64ff31148b934a41d44c4
SHA2562002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983
SHA512e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksFilesize
128KB
MD5dbd80415710141c482bd1a69cd9bd47a
SHA1dab54c47381402642010d916b6e52bf07d4befaa
SHA2568304d1de47a214ece01acc61e4daa9d0558bcad2569be4f74da3d3c3d093991f
SHA5125e36d6dc503f4c1588371ba86dffcecd38b561ebac5148ad9f5459142951aedd4c42031d712db7e8dbf016b416a14d2d8362ad962729d8fca3a78d161ceab090
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web DataFilesize
116KB
MD5f70aa3fa04f0536280f872ad17973c3d
SHA150a7b889329a92de1b272d0ecf5fce87395d3123
SHA2568d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA51230675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbFilesize
52KB
MD5c3973c83dfeab2cafd8a4790bbc9cb31
SHA1b93236dfaef98dfc59a33d804a1bb3b6415b0628
SHA25671cc10540d7ec3de8b731b6c6e526cb2247b14f8f8ebfa68cb3b8a7ed5e15dc9
SHA51272c6e3b3689fcc9014707f8724f5ada38a73b92efe1b55e2ff0d66b95b3b6292aa7b622ee3d1fbda54a31d824ec1e37a9a819651c4c5b9689cd2d2a32cbae9d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOGFilesize
281B
MD5978e832eb7895322469cc68eec24313f
SHA1de239670966a04189c81868a5c48130a7c8cb358
SHA256eba212ae8a9d49706839d7eef3b0a1910fa3b0965baf9ef852cbe52868d4bfb4
SHA51260845441b7bb51e8066be136a690b897175b5d4dd174aa039cd714536b274e69a58ace785423d9b80e7b90ca4da0c614f80b1fed7749d9e6c6e0e39d7d015aa5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.logFilesize
560B
MD5accf1329e3705e88272f9be30b59d2ad
SHA1b36ad65b36c6a605d9eeff344703cf8fc9fc0397
SHA2560759ac5942d072aa31c087d427e4826d4b47aa856bd50942e2fb47ca44c72bf2
SHA5128479957c63d9b5b154a94e8550611ae6e454f7699d72e9f7abd8b240e31eb615ac12fddaa3595181aa8918a302ccb64ebed95205c58a9b234567b296815556a4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOGFilesize
299B
MD5e7bdab1ad6f0fc914ee07889998eab07
SHA19daf19ca1b35cd0335d3e0b62a900a036c5cc495
SHA256498f66a1b147a42305c4a83d47399799ed79f0cbe4f8d0b97dcac4263d7945e6
SHA512dfbac5d9b9c53fbcfc8b11f6120fe07228d7f45409ef8227acfef17a0a4b1def8550dc6242171a8252047f5ae43cf08c74e6665975e23eb21db90ebe4739cf64
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionFilesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD51c495acd15ddfdc188c32d81f4b38c4c
SHA1609362cc56e065db74f83537531a87f06fcc9f57
SHA2565e47c857fda662664653c85bb5c4bfaf8c0f4d1981825b1f737e9cb14a28a9ed
SHA51255b9239d6fa8abfe38c711782be328894d2678b9ee01386aa8ba86b4771e0d1c60aa2148d3a59498362ffc913c774a9402c1a2f4a8fdcc15f15b19fafa618703
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettingsFilesize
81B
MD5f222079e71469c4d129b335b7c91355e
SHA10056c3003874efef229a5875742559c8c59887dc
SHA256e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00
SHA512e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1Filesize
126KB
MD56698422bea0359f6d385a4d059c47301
SHA1b1107d1f8cc1ef600531ed87cea1c41b7be474f6
SHA2562f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
SHA512d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUrisFilesize
40B
MD5a178de41188304c5244ebd6a6792cde7
SHA132faef6657899d180bea8c422db7c88c13c3fca5
SHA25647fb65ee03d3dcbf22631bd238119ad3a85f9aa9a35a8ed1931d11fd745f543d
SHA51279d4bc5fdf349e6971fd5b9b00c011c438ae8957bb1af5de0ee458b9da1b7ba10d2f868ed65cf552d6efed6c802c89e737ebcfdbb5081cbd3a15cf38d9263775
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637999205900477307Filesize
1KB
MD5c236fd4e00aa000bd43b4af371e09666
SHA1c18e3f7689e9d1a0326f0b6cdc9ed19f9c151798
SHA25608dcc0e145b6896a8509da32ca611cd4043529b168a2b10af2670932f48e2da3
SHA5124ead7801dd83e8580dc1212acc0adafaec1ec5faa235049bee06298bd3481136d57791b9b5e3972c3c88f237d1cf528c282b59897db6c4876deca0101057073e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTrafficFilesize
29B
MD5ce545b52b20b2f56ffb26d2ca2ed4491
SHA1ebe904c20bb43891db4560f458e66663826aa885
SHA256e9d5684e543b573010f8b55b11bf571caf0a225cdea03f520091525978023899
SHA5121ea06c8e3f03efdd67779969b4cdf7d8e08f8327298668a7cffd67d1753f33cf19e6995a3d83fe45185c55b950f41e48ac71b422b91e8d0180b5bdd07cfacfe9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_637811103879324684Filesize
450KB
MD5a7aab197b91381bcdec092e1910a3d62
SHA135794f2d2df163223391a2b21e1610f14f46a78f
SHA2566337fe4e6e7464e319dfcdadf472987592013cf80d44916f5151950b4a4ca14b
SHA512cffd7350d1e69ada5f64cafe42a9d77e3192927e129f2903088b66b6efc9626b5d525aedca08d473ad8fa415af1d816594b243609237dc23716d70a2ca0eb774
-
\??\pipe\LOCAL\crashpad_3100_DFVRMMVIELSIORLZMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_5456_XJDYCHXUXNYQMBUOMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/528-187-0x0000000000000000-mapping.dmp
-
memory/616-182-0x0000000000000000-mapping.dmp
-
memory/672-144-0x0000000000000000-mapping.dmp
-
memory/792-184-0x0000000000000000-mapping.dmp
-
memory/1060-259-0x0000000000000000-mapping.dmp
-
memory/1092-159-0x0000000000000000-mapping.dmp
-
memory/1584-180-0x0000000000000000-mapping.dmp
-
memory/1604-191-0x0000000000000000-mapping.dmp
-
memory/1604-163-0x0000000000000000-mapping.dmp
-
memory/1668-176-0x0000000000000000-mapping.dmp
-
memory/1888-149-0x0000000000000000-mapping.dmp
-
memory/2244-178-0x0000000000000000-mapping.dmp
-
memory/2284-174-0x0000000000000000-mapping.dmp
-
memory/2528-256-0x0000000000000000-mapping.dmp
-
memory/2872-136-0x0000000000000000-mapping.dmp
-
memory/2992-252-0x0000000000000000-mapping.dmp
-
memory/3100-133-0x0000000000000000-mapping.dmp
-
memory/3168-186-0x0000000000000000-mapping.dmp
-
memory/3176-170-0x0000000000000000-mapping.dmp
-
memory/3188-185-0x0000000000000000-mapping.dmp
-
memory/3196-155-0x0000000000000000-mapping.dmp
-
memory/3392-134-0x0000000000000000-mapping.dmp
-
memory/3452-162-0x0000000000000000-mapping.dmp
-
memory/3508-209-0x0000000000000000-mapping.dmp
-
memory/3732-250-0x0000000000000000-mapping.dmp
-
memory/3900-164-0x0000000000000000-mapping.dmp
-
memory/3960-158-0x0000000000000000-mapping.dmp
-
memory/4008-212-0x0000000000000000-mapping.dmp
-
memory/4112-172-0x0000000000000000-mapping.dmp
-
memory/4348-233-0x0000000000000000-mapping.dmp
-
memory/4504-139-0x0000000000000000-mapping.dmp
-
memory/4552-152-0x0000000000000000-mapping.dmp
-
memory/4744-168-0x0000000000000000-mapping.dmp
-
memory/4748-248-0x0000000000000000-mapping.dmp
-
memory/4780-258-0x0000000000000000-mapping.dmp
-
memory/5020-132-0x0000000000000000-mapping.dmp
-
memory/5184-222-0x0000000000000000-mapping.dmp
-
memory/5196-261-0x0000000000000000-mapping.dmp
-
memory/5420-193-0x0000000000000000-mapping.dmp
-
memory/5456-196-0x0000000000000000-mapping.dmp
-
memory/5476-197-0x0000000000000000-mapping.dmp
-
memory/5620-195-0x0000000000000000-mapping.dmp
-
memory/5744-246-0x0000000000000000-mapping.dmp
-
memory/6012-254-0x0000000000000000-mapping.dmp