e2e0b07cf6f82a50a7875022f5d3bf13ccd0b8e25d5d23a884ad5eb18ca8d306

Resubmissions

09/04/2024, 02:52

240409-dc1rssfh6x 8

09/04/2024, 02:49

240409-da6v2acc46 3

09/04/2024, 02:45

240409-c8yrmscb55 7

09/04/2024, 02:41

240409-c6xfssff6v 1

Analysis

max time kernel
143s
max time network
159s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
09/04/2024, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unconfirmed 786937.exe
Size

2.9MB
MD5

dc29dd92582fe161658ceea65e314239
SHA1

22cbba5817885e3bd99470cfda7a49a7aa005a65
SHA256

e2e0b07cf6f82a50a7875022f5d3bf13ccd0b8e25d5d23a884ad5eb18ca8d306
SHA512

0ca785098d55efa83b1bebac71cc9d926661d67eb0dba85db3afdcf54653c1e9902f74a2e094c1ee1b0645833216b9653e71d354fdbfa5e8ec43ab149c4ff413
SSDEEP

24576:yJyn9l7TSInUrer2lTL2Kk8cfLDxvqGos7S8m657w6ZBLmkitKqBCjC0PDgM5A4C:9Ka29L218cvxiVV1BCjBknWo

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
111	api.ipify.org
121	api.ipify.org

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\crdownload_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\奚樀耀-	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\crdownload_auto_file\shell\Read	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\crdownload_auto_file\shell\Read\command	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{2DE79752-0D56-4F6F-B7A8-B2FC859006C3}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\.crdownload\ = "crdownload_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\奚樀耀-\ = "crdownload_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\crdownload_auto_file\shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\crdownload_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\.crdownload	OpenWith.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Vega X Windows_63129641.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 431142.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 575321.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
3900	Unconfirmed 786937.exe
2020	Unconfirmed 786937.exe
2232	msedge.exe
2232	msedge.exe
4356	msedge.exe
4356	msedge.exe
2292	msedge.exe
2292	msedge.exe
4840	msedge.exe
4840	msedge.exe
4572	identity_helper.exe
4572	identity_helper.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
6060	msedge.exe
6060	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5924	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3900	Unconfirmed 786937.exe
Token: SeDebugPrivilege	2020	Unconfirmed 786937.exe
Token: 33	2284	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2284	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
6016	AcroRd32.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
5544	MiniSearchHost.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
5924	OpenWith.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe
6016	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 1856	2232	msedge.exe	83
PID 2232 wrote to memory of 1856	2232	msedge.exe	83
PID 3900 wrote to memory of 2020	3900	Unconfirmed 786937.exe	84
PID 3900 wrote to memory of 2020	3900	Unconfirmed 786937.exe	84
PID 3900 wrote to memory of 2020	3900	Unconfirmed 786937.exe	84
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 3160	2232	msedge.exe	85
PID 2232 wrote to memory of 4356	2232	msedge.exe	86
PID 2232 wrote to memory of 4356	2232	msedge.exe	86
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87
PID 2232 wrote to memory of 2740	2232	msedge.exe	87

C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe
"C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe
  "C:\Users\Admin\AppData\Local\Temp\Unconfirmed 786937.exe" --monitor 1948
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd3d3a3cb8,0x7ffd3d3a3cc8,0x7ffd3d3a3cd8
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4640 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7864 /prefetch:8
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7592 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4040 /prefetch:8
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,8276525830021912892,16152347550955391094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4040 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6060
- C:\Users\Admin\Downloads\Vega X Windows_63129641.exe
  "C:\Users\Admin\Downloads\Vega X Windows_63129641.exe"
  2⤵
  PID:3700
- - C:\Users\Admin\AppData\Local\setup63129641.exe
    C:\Users\Admin\AppData\Local\setup63129641.exe hhwnd=459072 hreturntoinstaller hextras=id:d8d090d10951db6-AU-0QYhN
    3⤵
    PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4380

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5476

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5856

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5924
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Unconfirmed 431142.crdownload"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:6016
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:4840
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=74D4683AF269A30962F7A2F2D4825180 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5424
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4F35AA0ED59DF785095A0F93BF3FC684 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4F35AA0ED59DF785095A0F93BF3FC684 --renderer-client-id=2 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:4724
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EAF4F0D18EC2534F62AEE0D20318D199 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4604
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DC80DD78379A2DA88204BF7474922815 --mojo-platform-channel-handle=2372 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5776
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EC9BBDC31EC459EA0B4CDC7A801009DE --mojo-platform-channel-handle=1872 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:488
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4F70D0D67059C76712E13AB0249EC492 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4F70D0D67059C76712E13AB0249EC492 --renderer-client-id=8 --mojo-platform-channel-handle=2372 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:5188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e52856bfcd65d043fda7b760bea61852

SHA1
7c2d96579732bd7e309950b41603374966ae9fa6

SHA256
5bfad8eecea83b2c6b19368b0219214ec9a2664fca149d8667b48292edda8440

SHA512
04ba016eeb34cf460bd44835590bceb394bbd6f70441c4f637fb3b8e3f641a909d780f92ac0f5572a5ca5c335ab504f812848eea3aa75e2ffe59df571344620d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0dba2c9b-379c-4079-980b-20101c412b1f.tmp

Filesize
2KB

MD5
6e08ae792813e178cd91dbcad13f6c96

SHA1
b96afedf57bf6193d4dee3e27ca9d966898a46fa

SHA256
7f31c5a63d8d4ce9a7733d77dc713301c8b11dedab9f126c7035f9b4e838b8b3

SHA512
0d818045ef439044e7c9c2c4e128c44cbb9388c167d6db0994adf201674ff5c9f5795db8c9d092fbd06d8c25b7db4ed6da575b84f04d9891f8d5f4b3167ca9b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
20KB

MD5
5ab20dc75d9646ac68bd4fb7302ee4d3

SHA1
6d17ccf612ead5029df513e913276c4af5886ee6

SHA256
5dcb949a36e2a53a04af4cab8063b628fa707eb050e55e174d8140cb549a4731

SHA512
2c6eae14528e3411deaaa039e1044e96d474d3680cd62d15a0b9c9d4f600c4abbba8d0473a455a9e7cef393bfd50c8773380fa50197a3809a8da8c334c0b3c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
23KB

MD5
9847aeb80aa8bea69c8f8983f97ea139

SHA1
e8170bcd8c9254218c029153e5eb11da2591ae63

SHA256
409f1ce879f378c06c4ddffa2cdade07303f703062bc92e13f1428c12c670504

SHA512
0e1aa9496dd3f2e08859ce30255b43af92abc357fbf78fc4cd0cb30bc37a7709bc1bafaafe1581f5e88643b69c4a3f6564769776f884c194089b762f48fa1ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
29KB

MD5
2ed5acad173f8f43fb1b8b1f481d55af

SHA1
f67abddd76910133f457b202669dd0e1c9a95f48

SHA256
c3d776289486572b6fc38c33bfe5425d765eb7b5174fc7888deb96ee82e6b8c1

SHA512
fdf0cd235c33916df9deb0fb251acbc0f1c834467f6843e13c4bda7dad089074bd5d4b997871a3a03fc62348976495c25ce664099f8c2376e530868e521fc030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
45KB

MD5
30a274cd01b6eeb0b082c918b0697f1e

SHA1
393311bde26b99a4ad935fa55bad1dce7994388b

SHA256
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

SHA512
c02c5894dfb5fbf47db7e9eda5e0843c02e667b32e6c6844262dd5ded92dd95cc72830a336450781167bd21fbfad35d8e74943c2817baac1e4ca34eaad317777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
17KB

MD5
45c760b8a3df3679c8eb050a0f81022e

SHA1
41447e2a6ba5fc4856c45b61f8465c8e452c31a7

SHA256
2f6727a336296c64726656338d5d62a7d1de9f649d8a948241d9110d5bfb5bc2

SHA512
6add25d44b6add8fd80b093673924d71d647b0b649f7608bba8701e32d9b5a79b123b6b3e36663bb466ed084b516409ea96ab234b2b87c1a51d472a988bfb791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
47KB

MD5
045937268a2acced894a9996af39f816

SHA1
dfbdbd744565fdc5722a2e5a96a55c881b659ed4

SHA256
cc05f08525e5eaf762d1c1c66bef78dec5f3517cf6f7e86e89368c6d4a1ef0cf

SHA512
71a025a421384ed1e88d0c5ffadc6450a9e1efd827fe929f5ef447d2901cd87572fccf13dfa8b2706c9fab8160163e3a0c80bfe1ab49d63ffbbcb0e4e591a84f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
785KB

MD5
d36a279a33de96214071fd7f70c747d8

SHA1
ceac09f798320386352d961e3b8a1c557361c2eb

SHA256
1b07b593ad68e1a8a0d1b0e3ae27ef5c9d9512f6638bbef8555dd046580b92a7

SHA512
d58b0a54678ceed317222ba60eb1ed34c08e92a44839e83047640294bd79edbb2237962892be029110843de7c9c3bcf8ea6d5d9dabe687027669f27d5fc2ffa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
33KB

MD5
d6f27248d0b338a5e9aa64b7969b301d

SHA1
f222d3d95d3b6df50a66b19392501a90ad60c4dc

SHA256
677bede5209907bc7ebb241580d7e5b723477fab974cf86a96bfce1036816b74

SHA512
787512056bd45957c202d13710ae382f3c55480a1c6fc28b1c4e4bbb62aeb2d072c27a1757bd0cbbb1eb185bea0bfd2173b8820ea64f3364072996ef768ad49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
19KB

MD5
145db11ab21a8c672c80137921b21d10

SHA1
443e581b7ae0220d222b4ba83c3c4c5087588e91

SHA256
c775e434423850dbd49358d05dfa0e8c139acb491e30a88cce0d63142ae06bad

SHA512
6d6e41cd23ed2c650990da67cc2b82e2919e2282906b8029b3d8fafb2b37983baafcb86d2baac8d85d7078e2e34bb27633361bd5c8751d7db7c0d6eeb6db33ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
00ebdae07c81479f18db1d064d152bd8

SHA1
e7589fce6eded07abb0aa83090923b47ab4f8486

SHA256
ed0e35b32df99bcacbc3bafb2c04c40dc9c8ec6c06db21aee6f752e28bd7a65d

SHA512
9b16318235fc8f5878e11064f8f9d38ab72c40aa6c0d136fdb13b83e5f1ccd496ac038ab0aacdc547016c0b1cf6866311b3ce59206645c856b6fdb0650410183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0d67da0b33bf69b2134d88bdcd051ffb

SHA1
70c93071d4402330d8a0153865b277510741fb00

SHA256
f2d03da12196cce6d132a5da7f14f5cfcf070fe649038b02dc65cfd71af908f7

SHA512
7e10a6f833efd5cb6203a70c304d5e558a1896a0fa2cfea2723ac65cc8218ab136ddfc8e2f4718a659e7e85d572601595cac70db07d0732b264a5ca0cedf6895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
3a4378909a0778e028b08f15e4b356ab

SHA1
1dc22001db084c5d030de50090e21c00e571c32c

SHA256
88183c4c16fd4235a00f2999913a1f7127f3f21704d50b9d18c5979d2b3e341e

SHA512
e0bdd17e017038478bb89c3ad2ae5f5fc40eb884fb8dda6c194b86a38a7d295d4a94b89636e794dbe9ccd54c231bab485a088ad50ed96d368d38c825a43e6106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
1085c771169b28c10947a9fff67a4c37

SHA1
b83bbed25753b3fe0168468356567759f0209e21

SHA256
1265a6f104bc4bfae5a0012aaf5902ba6c8d0419054a6184b16b2bba7e54fccc

SHA512
140edd64d944ee6e0cef1184f91d559b60209f8635e5602ad56a1e884072a7826bedda3eaa33a0e7ac5d645a8d0c6075c94d54a8c581747e5f3023ce18c2442e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3333a226e2b37b875a9cad2163b50ed1

SHA1
cc10399bcda698dfc1e950e1203f66e504fb5329

SHA256
c9717ad9e4042eac69442d0724441dbbd499594d7ac0f7162c2a44751fb1141c

SHA512
598cf049a4ebc836f69c18a295116ca4e6dcc16ee6a8422662bd42a0b7e10a7cc96e24810f26dfdd5af6af00546d739ad48dd0ac20f267126b8c7a24cc01d32c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3db771eecf6b93abad02819667f5bbe4

SHA1
0fe73cc152a73b5e9d183c174359ff78ed2a01c2

SHA256
ad3cfe5cd73270316ff29ac7c469423653faf81b11967db3634dc2704ccfee1d

SHA512
0edad135bfe065a92fcbcba0db2b79a641930f77ec66076cf575b6495af29566acc27988a6b0bd8ea892637518c91003014ae6ec06e6135893a049c30820b27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
112b54128747bff36a130720f7e984b0

SHA1
f2f284fa4d899748f67e16c6c2c4afc36cb48c60

SHA256
0c92febefb2cec8103ea3ff1dd9bc8477b548d6d6c72d5f2374aff016f99cbb5

SHA512
06e90c9352077a0a58780febcd11c9686998b75172be219298e2484257ed156797dc39bc184f57d59d3ed03b6c351eb38496cedffd413767b8e6af029d1c742f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9016f428169191096543c54a2060f046

SHA1
1b045c49dbd4ce38c9f6f3764facc542f91443fb

SHA256
f1756c91f634c6b0a76bd67a02baad70833b99a9f858100c062ea1037a0f573e

SHA512
e0917ae7c0cc2537ea4a4fe8481051fc7c757fb6297ff51309ed4d7c153f79444045a6aa13a4c58d0e24ccd0f11e46a8e204ed0b7c3899a166958c94a31927b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c7a927681b6ed14925b5fc065437afbd

SHA1
1200a9e09156458eca7907481abbb3d5d4b8c490

SHA256
975654c2f4ad48948bb4b405bff020c9944f9590983a8ab4cd1d8bc5ab7955b4

SHA512
d575bc70cc0cf42738a533478fe18cf85c0011ee5da5aad87ab351dde3b2b548743ba539000c4b1863aba341cd19ba826900be95c6b32aa51f44a516117451d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4984562410652aa6758e1a8635c7640b

SHA1
66f3cd507a0da76bd472fd70cec94db17c3ce26b

SHA256
023e9d5eb83027b6a871563fc8de602d2ba7be7980739265839cc7430863dc34

SHA512
7af9a239f7035254b24883c790ffa02ec00e3fa2fc1fd99410e7a14b6dd4dad1a9b53b1561498ceb074db3ed1cb7d323c30ff8e148e428ddb1f59abc14cfe0f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3a238617-abff-4ae4-9b27-a2c66512ce7e\index-dir\the-real-index

Filesize
2KB

MD5
7c74d33e209e1db4626ddc0724ff4422

SHA1
0e985b9c06cee07ca2b5efe153868e237031603b

SHA256
7da3f9445383733e5b89a9ffd98e65d035bc4605509be1f0c7721c89db910aa1

SHA512
eea10d43f35708cdd57f8a94e400939a9ebb9b3ef27c9dae9462a3bc6465195511ec3dcd2c65fa9fa9cf9a89433ba79a305ac36457cb97f6db2ab7994b1f0496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3a238617-abff-4ae4-9b27-a2c66512ce7e\index-dir\the-real-index~RFe586666.TMP

Filesize
48B

MD5
de4dc986ad4420f9036d2427e054ca48

SHA1
2f94e5137c43439205dc42dd3ecd2eb4b0c1c722

SHA256
5e0af8f27d2813924b5970045e653cbd7cde563b91ac0814f2dff4c1016efd0f

SHA512
00128dfd6629dde7e583f74c24626b314ed7dcbc86f1b3ce01e98cb77c71d3f1605fe93f4f1f12870206a63ef3c96e353f92af087d60b4f462881182e73d0913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
b33bbeae38b18322550b9eea67f4ef68

SHA1
b63ee19ff9cef405a83f7c299a899d6fbdc9b330

SHA256
fbd91b4d7b7302d43a29b369f9f4fb847b717f893e244ecc4c2581bc84135595

SHA512
85bb69d818e4b74bdd31e94d5959b0ad34e016a21dd38442c3d74e2d3241235eb94001182a9710a21b29c2bccb12bbbdf183206aace4c1cf867a8b9f4e6e1c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
4dd8b807b8e79d7023a66e360a92d101

SHA1
05d9a9b45b28bf1644006d39af040c9b4ec82c29

SHA256
f68b1e1bfce0a77a5e4fd709dd621c74b4c259aae66ccdf8c8f01edcf2c78cbe

SHA512
906aa7bf851030bc31c82a9428d0b24a0dcae46f17c939aa35ec5bec5c27244357fe9107278e3cac640c696013280e4b179f3e13e57b50e76ae0d1594ea642c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
76e540488e022a7598a9843209783e8d

SHA1
2d6da76e8ccd49802cd02bc9b7448c9c9e6a6ec8

SHA256
38271cea9b46dc5a1f2c89006f07b167094bef3956cfc486612c3aab63713508

SHA512
a1b135f35613d6f8216fdb41b710e57358352bf9bbe946de9ca62d6504b51c21fbed76ebcd270384ebeb7473908b8bfc7eaef5548eb9ecadf4e03c7c7eaf443e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
e5d33bff54d13fd485c77db80d3d9823

SHA1
f826809e5dcb05a2eee4ab852cf20f6714ef3da4

SHA256
a1736b319cc04795f316df1ca8717c96ebebcec97ab98efe654a82ba8297ff04

SHA512
4a26cb44e2d009e6053ea83dc07a9a6d60ab6e32adc1ef1446d815b354e1fa897a74f572102b27aa5fbe0410444d082e1df61e7a1059679bd0145ad87a606d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0da03ebf1eb8afd277177ee174238357

SHA1
cf87cdcdf9e2640328d7c23db2784ad2bf7d0c22

SHA256
9c17a3ba4f4a8a670df4c4d35a60218bf2cea5bcbf5ae4f1c49046b45335b1ca

SHA512
314664e39c016cbf7dbc94d119c9fcb28e7106f201a6512939247fafb141826990ba01f1b5f4d262291e17de2fa0f7f00f14511f5c992f149c75c636003b8815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584d02.TMP

Filesize
48B

MD5
ee144d2d914c62330f07ef18ef4f2a33

SHA1
85fb009af24d4a9e9f68d22cdf945b29b266847f

SHA256
54825378aab4c6996f71afef7aefad8e1ab0d0287360afe1b0a7e8e05cea85a8

SHA512
32a771608c5c401524fff13304e9caeeededbce5f68bb23bfa2d2d3cf6be0b9efa0194a98e46045cd4ad921bfaad5c3082d019b423589367fdc675b1aa87dcd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
05a74a97ba8a6ca15460a848c673e782

SHA1
4b42946748382bb4c129d596c03027dbfc54b6a3

SHA256
c6429b9b0df7fa60df9285f52368cad581ff293a08d81ed69fef5f8527fc90aa

SHA512
c1d25933713aaee6152f1b51a53fcfa442a081884330eac5c79c5c4473b886fa0f9a7c875faf381a7cf0a2c45558e243d56af795a56e2b35994dd82b98b29e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
aa6977ebc465de435848d3b58975051c

SHA1
c0120e678c3e87e3629b2f8ccd001c8fe3f036ad

SHA256
106fd167ffe0fce34adf0a9b481ac63fb7f56875dfe48731c301760c8cf7777b

SHA512
c90818113f8f3aaf1c66533a114b2ba3a14d355634d676cabb6c796c78a2ff9e46944495a353c87feda580e9bd722743ab8cbba25cb7bd1ece52143172bf227c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
25d6591569d226091d71ed0f2af73c89

SHA1
40bb793d8343cedd20eca01654a005c1ecc59c3b

SHA256
2442b6d0c55b3c61627b34c9c9b45eda5d575b7fc9ad83fddd20dc823b228a5e

SHA512
008de743fb4133d28ecd7f7dc76b5e9b7ba3760a6bdd4d6f86602b41c418c0799bd6b2ca8f48d17c470f77a08e230adc5b3e138796837e1322573b02776e36b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f4ff.TMP

Filesize
706B

MD5
6e27a01d12a987bf8a03dcda9c1414d4

SHA1
8ad7e91c429cec2b4db36b2678a761557078b39d

SHA256
df314b303a95bf6d4cab4fdde5a7afe31867e7db313bde66da581afa9ca53d1f

SHA512
fcf9bda7319da04d3cd1e9f9f8c5526940f47cc143a70461c4b8bfe5a69ec097d062d17664b94735690757b19fb61254f36b81f3bfef4aadb3cb0a6c01566a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
48267336139bd408eda01d257e39514c

SHA1
93a903feb5d71b9b77eb331276703fb7384e3c2a

SHA256
406f81f8de3a80ea32377197b61a2e3ca0e4195cb94b9bff108f063862f3e505

SHA512
26d7ed46ddb5b400b059a80f7cf8fb5060b3c63c675658e3879f1c6710241288ac19c50a784d513f36b8f66664d29fc15b080244b76515bdc628c5a4cde68cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a63e8591fc29b708f9992cc5b4d1bfe1

SHA1
655c5ac3155f043728ca74a58af3923a52f11ab2

SHA256
fa5bd3a0537579ba7e90a3dda6631b3ef410e2d013a4bf19b59d5585f1b409ae

SHA512
741712a48ea5462119d37d7ee734ba4af6a659b9d9f3095429de51f93ba4d6f4c240735220f9be1feab6cfa7bfcbf9d8d0afef3799a88a88b643811ae1036d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll

Filesize
5.1MB

MD5
a088cfaae4fafd7abc8d18dc36e1b194

SHA1
5dccfb2e9dcaff78b5e9a028e7e1391cb5d86506

SHA256
4fe42dce778fcb62f7719f6150ddc2c07a1c0a8a50e81c21cb3fd5d6e957eb65

SHA512
da9199b75e94bfaf20dd7eb9f28c09ffa8b0d93ef8370e0c603f2fd3e10a3f17463015d60b769f8dc29242b10745cf61210deb4ef8197596906d3105cb03240f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll

Filesize
15KB

MD5
422be1a0c08185b107050fcf32f8fa40

SHA1
c8746a8dad7b4bf18380207b0c7c848362567a92

SHA256
723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528

SHA512
dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll

Filesize
75KB

MD5
c06ac6dcfa7780cd781fc9af269e33c0

SHA1
f6b69337b369df50427f6d5968eb75b6283c199d

SHA256
b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d

SHA512
ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll

Filesize
19KB

MD5
554c3e1d68c8b5d04ca7a2264ca44e71

SHA1
ef749e325f52179e6875e9b2dd397bee2ca41bb4

SHA256
1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e

SHA512
58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll

Filesize
119KB

MD5
9d2c520bfa294a6aa0c5cbc6d87caeec

SHA1
20b390db533153e4bf84f3d17225384b924b391f

SHA256
669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89

SHA512
7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll

Filesize
8KB

MD5
be4c2b0862d2fc399c393fca163094df

SHA1
7c03c84b2871c27fa0f1914825e504a090c2a550

SHA256
c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a

SHA512
d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll

Filesize
172KB

MD5
b199dcd6824a02522a4d29a69ab65058

SHA1
f9c7f8c5c6543b80fa6f1940402430b37fa8dce4

SHA256
9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4

SHA512
1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll

Filesize
101KB

MD5
83d37fb4f754c7f4e41605ec3c8608ea

SHA1
70401de8ce89f809c6e601834d48768c0d65159f

SHA256
56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020

SHA512
f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\setup63129641.exe

Filesize
3.8MB

MD5
29d3a70cec060614e1691e64162a6c1e

SHA1
ce4daf2b1d39a1a881635b393450e435bfb7f7d1

SHA256
cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

SHA512
69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 431142.crdownload

Filesize
9.5MB

MD5
1198daaa23f0af650c7cd4555fbef9e8

SHA1
783f86460785027a41a84e41b42a05b4d4a1a462

SHA256
25c846183e10bd2a146325effecddbabf0f390717fd11d597012a033e6daf600

SHA512
1a67d52794c2047936fc4814b70dd6474837b90df7a8b5653eb8a09cf98d4df2c93fb07451a29254e2e161e9e3f0c3f87e9f5e1252a2c89f2b7f95537e80227d

Download Submit
C:\Users\Admin\Downloads\Vega X Windows_63129641.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2020-11-0x00000000751D0000-0x0000000075981000-memory.dmp

Filesize
7.7MB

Download
memory/2020-537-0x0000000005080000-0x0000000005090000-memory.dmp

Filesize
64KB

Download
memory/2020-391-0x00000000751D0000-0x0000000075981000-memory.dmp

Filesize
7.7MB

Download
memory/2020-14-0x0000000005080000-0x0000000005090000-memory.dmp

Filesize
64KB

Download
memory/2268-1231-0x0000000005620000-0x000000000562A000-memory.dmp

Filesize
40KB

Download
memory/2268-1225-0x00000000056A0000-0x00000000056C4000-memory.dmp

Filesize
144KB

Download
memory/2268-1316-0x00000000083D0000-0x00000000083FE000-memory.dmp

Filesize
184KB

Download
memory/2268-1291-0x0000000007B90000-0x0000000008144000-memory.dmp

Filesize
5.7MB

Download
memory/2268-1285-0x0000000006A40000-0x0000000006A4C000-memory.dmp

Filesize
48KB

Download
memory/2268-1179-0x0000000005500000-0x0000000005524000-memory.dmp

Filesize
144KB

Download
memory/2268-1276-0x00000000064B0000-0x000000000653C000-memory.dmp

Filesize
560KB

Download
memory/2268-1281-0x0000000006430000-0x000000000643A000-memory.dmp

Filesize
40KB

Download
memory/2268-1195-0x0000000005560000-0x000000000558E000-memory.dmp

Filesize
184KB

Download
memory/2268-1203-0x00000000055C0000-0x00000000055E8000-memory.dmp

Filesize
160KB

Download
memory/2268-1211-0x0000000005630000-0x0000000005662000-memory.dmp

Filesize
200KB

Download
memory/2268-1143-0x00000000007A0000-0x0000000000B78000-memory.dmp

Filesize
3.8MB

Download
memory/2268-1169-0x00000000054B0000-0x00000000054C4000-memory.dmp

Filesize
80KB

Download
memory/2268-1243-0x0000000005740000-0x000000000576C000-memory.dmp

Filesize
176KB

Download
memory/2268-1170-0x00000000751D0000-0x0000000075981000-memory.dmp

Filesize
7.7MB

Download
memory/2268-1251-0x00000000056D0000-0x00000000056ED000-memory.dmp

Filesize
116KB

Download
memory/2268-1173-0x00000000054A0000-0x00000000054B0000-memory.dmp

Filesize
64KB

Download
memory/2268-1265-0x0000000005DB0000-0x0000000005DC2000-memory.dmp

Filesize
72KB

Download
memory/2268-1187-0x0000000005530000-0x0000000005558000-memory.dmp

Filesize
160KB

Download
memory/2268-1237-0x00000000056F0000-0x00000000056F8000-memory.dmp

Filesize
32KB

Download
memory/2268-1219-0x00000000055F0000-0x000000000560A000-memory.dmp

Filesize
104KB

Download
memory/3900-13-0x0000000007240000-0x000000000724E000-memory.dmp

Filesize
56KB

Download
memory/3900-44-0x0000000005D70000-0x0000000005D80000-memory.dmp

Filesize
64KB

Download
memory/3900-591-0x0000000005D70000-0x0000000005D80000-memory.dmp

Filesize
64KB

Download
memory/3900-34-0x0000000009D20000-0x0000000009D42000-memory.dmp

Filesize
136KB

Download
memory/3900-35-0x0000000009FD0000-0x000000000A327000-memory.dmp

Filesize
3.3MB

Download
memory/3900-36-0x000000000A430000-0x000000000A4C2000-memory.dmp

Filesize
584KB

Download
memory/3900-37-0x000000000AB80000-0x000000000B126000-memory.dmp

Filesize
5.6MB

Download
memory/3900-33-0x00000000097B0000-0x00000000097F4000-memory.dmp

Filesize
272KB

Download
memory/3900-32-0x0000000006F80000-0x0000000006F88000-memory.dmp

Filesize
32KB

Download
memory/3900-606-0x0000000005D70000-0x0000000005D80000-memory.dmp

Filesize
64KB

Download
memory/3900-31-0x0000000005D70000-0x0000000005D80000-memory.dmp

Filesize
64KB

Download
memory/3900-1-0x0000000000FC0000-0x00000000012A0000-memory.dmp

Filesize
2.9MB

Download
memory/3900-12-0x0000000007270000-0x00000000072A8000-memory.dmp

Filesize
224KB

Download
memory/3900-5-0x0000000006A90000-0x0000000006AE6000-memory.dmp

Filesize
344KB

Download
memory/3900-258-0x00000000751D0000-0x0000000075981000-memory.dmp

Filesize
7.7MB

Download
memory/3900-3-0x0000000006030000-0x00000000060E0000-memory.dmp

Filesize
704KB

Download
memory/3900-0-0x00000000751D0000-0x0000000075981000-memory.dmp

Filesize
7.7MB

Download
memory/3900-325-0x0000000005D70000-0x0000000005D80000-memory.dmp

Filesize
64KB

Download
memory/3900-2-0x0000000005D70000-0x0000000005D80000-memory.dmp

Filesize
64KB

Download
memory/6016-830-0x0000000007F20000-0x0000000007F41000-memory.dmp

Filesize
132KB

Download
memory/6016-935-0x000000000BB80000-0x000000000BCCD000-memory.dmp

Filesize
1.3MB

Download