Overview

overview

4

Static

static

3

3440085.pdf

windows7_x64

1

3440085.pdf

windows10_x64

4

Resubmissions

22-05-2021 01:37

210522-5jdlvbbkha 4

22-03-2021 19:07

210322-cxjdwefjv6 10

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    22-05-2021 01:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3440085.pdf

  • Size

    58KB

  • MD5

    548c9fb16317023983983f0042bd6471

  • SHA1

    a1ea30d71d7282926d243ceba8d5326369cb81f5

  • SHA256

    ac0358c2bfc7566f191527a248641dd32bdd2e17115c7999e068c2e31db4b593

  • SHA512

    f1659f8d3b4ccfd2f7c21fd8284cb0c20a1ad8e7b044729bef19a065a4c478f036bfb2d720884f3ae65d064bbacf11041732af3007ba29457a93b112756b222a

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3440085.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3988
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3576
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2852255F466FE2CB3D5004004BE23609 --mojo-platform-channel-handle=1636 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:1192
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=66FB9EF6B8742BD43F1333FD463C8FFE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=66FB9EF6B8742BD43F1333FD463C8FFE --renderer-client-id=2 --mojo-platform-channel-handle=1648 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:3912
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9760EEEA0EE8A37A09CE1292E08669E7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9760EEEA0EE8A37A09CE1292E08669E7 --renderer-client-id=4 --mojo-platform-channel-handle=2232 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:184
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D4C9641B2B67275DEF4DC1C056D7DBF8 --mojo-platform-channel-handle=2492 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:2764
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=02EB76B92B9D00BD338D5573E978B060 --mojo-platform-channel-handle=1712 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:4196
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6F1896214B05116F186C58357F26D711 --mojo-platform-channel-handle=2808 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:4292
                • C:\Windows\SysWOW64\LaunchWinApp.exe
                  "C:\Windows\system32\LaunchWinApp.exe" "https://cctraff.ru/wb?keyword=glasgow%20underground%20map%20.pdf"
                  2⤵
                    PID:4484
                  • C:\Windows\SysWOW64\LaunchWinApp.exe
                    "C:\Windows\system32\LaunchWinApp.exe" "https://cctraff.ru/wb?keyword=glasgow%20underground%20map%20.pdf"
                    2⤵
                      PID:4344
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of SetWindowsHookEx
                    PID:4656
                  • C:\Windows\system32\browser_broker.exe
                    C:\Windows\system32\browser_broker.exe -Embedding
                    1⤵
                    • Modifies Internet Explorer settings
                    PID:4700
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Modifies registry class
                    • Suspicious behavior: MapViewOfSection
                    • Suspicious use of SetWindowsHookEx
                    PID:4928
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    PID:4992
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2348
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies registry class
                    • Suspicious use of SetWindowsHookEx
                    PID:3808
                  • C:\Windows\system32\browser_broker.exe
                    C:\Windows\system32\browser_broker.exe -Embedding
                    1⤵
                    • Modifies Internet Explorer settings
                    PID:4420
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Modifies registry class
                    • Suspicious behavior: MapViewOfSection
                    • Suspicious use of SetWindowsHookEx
                    PID:4276
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Modifies registry class
                    PID:3260
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Modifies registry class
                    PID:4788

                  Network

                  MITRE ATT&CK Enterprise v6

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\3F1051A5B4FA82CA1FFAE3B3151D6D45
                    MD5

                    5676f60a147b920d72e4c4112259d379

                    SHA1

                    1e58788dd3004f653aa48fe4ebc04a39fbae1236

                    SHA256

                    3c7d9c0cc8d0a59c92fd3b32a0cfdb4961621b0d1056aa009df92cf28d332f5d

                    SHA512

                    244a90d9187d6001eb35c7711cb0ab0a88df53def68c4f563fb3cdef403d6300c622f06d4e90a123f98fe6d8c3834411b513d5cb026641ccc75f584418b2295d

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
                    MD5

                    9bd290c73c295139470b5a56f8d857bb

                    SHA1

                    c838907b18895bc98a601e27c30b5de9acef88e7

                    SHA256

                    bfc8f14e57e8fe77f10ec2c420b746a75291c034dd872bc673e459ebfdac5968

                    SHA512

                    c8a77182ce1832fe96f35a2816120c9df00eca1aa29dce49a111f057d3583b3b25a69c88f579cc84f4ff43fbf17f663a1e07234aacdd1831bbdb443f8f234e36

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\3F1051A5B4FA82CA1FFAE3B3151D6D45
                    MD5

                    1bcc73a699d5c040e1bc91fd7e80941f

                    SHA1

                    289e0a9a2650ec4c0357dcecdc9e73cdabd4048c

                    SHA256

                    07ef92528bc31c47052983655f190b081384af0ee41d59cc7d4e924ad2b78175

                    SHA512

                    551d08bbb395d6d5370da14eac2a213b31bd6eda0b58fb49f3a5c7468f27c4e24203095661613856a03a83b4867ca12b823e0dabb114ef6ccc2a15c6d5615c32

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
                    MD5

                    010a7c76297b9f99ac0fc23477b6906a

                    SHA1

                    4bcc6230287f143e3ae2073aa16b0b47b28bac02

                    SHA256

                    e237e3cb9493179cc2b6abead2fa32e24fef124fa127143496ba7936d050a3ed

                    SHA512

                    9974980f585da59cfdc54311a39ee0c78baedb3947be0e8469c690b4090ce262aba22a732014a0e58410690c24d746fd5aa2103bed87f06d63b31bf9a8e9468a

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
                    MD5

                    b7f4c0437d47d79ebeba5ed826c3ffb1

                    SHA1

                    21f2ccc39921be5a67a7fbbdf9f26df4e032b53e

                    SHA256

                    59f9016d5c7e8bf8bc68628f85531201fe2ca8db19c2eaa5ab44d06748740c3f

                    SHA512

                    3af8b2890889622f3ad610c005fda67095a3d6ea86be00fc3f7cd8295eb153319ca30fd3d46839b1079b1df21a27bb4845ef730da55a222c633011d36b7651d3

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
                    MD5

                    db2a852ae194c927a9a7c91db761298b

                    SHA1

                    97cb794fec963e1e07a590ccbb659d92fea31a1f

                    SHA256

                    3f3c5f4294c51f2141320abd7d7366fd940c431e4f2ae6ee6b6845d55a906921

                    SHA512

                    afbf8f885e22f01d595db99f95dde1a76d169c0ba64909b97ed5c424d8e061d2ca570495630a8e6a7c23bc08e46480908e17b9465a547680773b5fcbc5dd4d96

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
                    MD5

                    e98b6df34b64af73a9e04bdcd44e120a

                    SHA1

                    7649ed772a86b2f34782ee76639cb0dbb3685cb0

                    SHA256

                    3fed41a5e0eb998dd4e7b837d63a37d5ed2a3f0867a0775550ff237ab703eac0

                    SHA512

                    846567075f5e65f10a102dbe95bba028d8ebe58a170d331276824e4a5311e8f0f3aa96c86709e190f99b89a4c8115c58b9ae25a643e917a5f0d3f56f72feacc3

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
                    MD5

                    83720ca0efbf4ee04471d0d48b7cc55b

                    SHA1

                    22dfc6d4db7447bf561a63de865ed224fb581606

                    SHA256

                    2e2bb0c650ca5922db50a5ab54c8ebcddb2998c9cf321ab6b64ef34664457aa6

                    SHA512

                    75534e6b40a589d8fa510e071a0342bddd6bc6285b7983efec201009d97ab2162f0ffdc777b6609aa45c18059135533b139cee7862ee62fb6081a9134a4a2e7c

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{894EB16E-8D3E-4E37-9A25-93C1E1B7AAD2}.dat
                    MD5

                    338c532e614c2c4a74d05179f419dd84

                    SHA1

                    3d7e66bf0b7603923bdda7d805a12a6ec95ca564

                    SHA256

                    98c237e1992ff24337f4d3ee676f7037a1ca687de09299c59743ad5f70cfbc7e

                    SHA512

                    dd9731ac0ddc60fae4f70699afac53cc438aeaa527c584bf8d87eaab4b7e10efa2e6761dce58bb7126f412119947158f2329d527444649b80a26225663968071

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{39D1019B-791C-401A-822A-34F1EA731630}.dat
                    MD5

                    402a848225528945d2524270dbba41c8

                    SHA1

                    af68df76a0f8b4229522f7631d69da76ce5e5c23

                    SHA256

                    75bf8524928e43247e3f2bef6d0340ff5b9faccf47fe22470c66614a09b43f1a

                    SHA512

                    a14afe1a3902fe3d39ca5d6e7bf9425151ef7d685941c87c972f21592f0ff6cc7b408823f999d1943a2327ff40a998062e4f1af7312dd3353666f6ecbb876f47

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\644B8874112055B5E195ECB0E8F243A4
                    MD5

                    9bd290c73c295139470b5a56f8d857bb

                    SHA1

                    c838907b18895bc98a601e27c30b5de9acef88e7

                    SHA256

                    bfc8f14e57e8fe77f10ec2c420b746a75291c034dd872bc673e459ebfdac5968

                    SHA512

                    c8a77182ce1832fe96f35a2816120c9df00eca1aa29dce49a111f057d3583b3b25a69c88f579cc84f4ff43fbf17f663a1e07234aacdd1831bbdb443f8f234e36

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\644B8874112055B5E195ECB0E8F243A4
                    MD5

                    0d4bad6eb9652c6ac6346720ce160698

                    SHA1

                    d07027108258eee07b282f104454cb7d508c5218

                    SHA256

                    efc48015edb873dee079a400a533d7c343a409c2c008bb479752daca9f124d70

                    SHA512

                    58103c073bf9d478acd933249aa508e5d55d515443439c68150a9cdbea5a33df5d31f85c4b8d549a951dcc7811b5d964b0fa1caf5b1acf9225db16f6be8d85a4

                    Download Submit

                  • memory/184-127-0x0000000000000000-mapping.dmp

                    Download

                  • memory/184-125-0x0000000077542000-0x000000007754200C-memory.dmp

                    Filesize

                    12B

                    Download

                  • memory/1192-117-0x0000000000000000-mapping.dmp

                    Download

                  • memory/1192-115-0x0000000077542000-0x000000007754200C-memory.dmp

                    Filesize

                    12B

                    Download

                  • memory/2764-133-0x0000000000000000-mapping.dmp

                    Download

                  • memory/2764-131-0x0000000077542000-0x000000007754200C-memory.dmp

                    Filesize

                    12B

                    Download

                  • memory/3576-114-0x0000000000000000-mapping.dmp

                    Download

                  • memory/3912-121-0x0000000000000000-mapping.dmp

                    Download

                  • memory/3912-119-0x0000000077542000-0x000000007754200C-memory.dmp

                    Filesize

                    12B

                    Download

                  • memory/4196-137-0x0000000000000000-mapping.dmp

                    Download

                  • memory/4196-135-0x0000000077542000-0x000000007754200C-memory.dmp

                    Filesize

                    12B

                    Download

                  • memory/4292-139-0x0000000077542000-0x000000007754200C-memory.dmp

                    Filesize

                    12B

                    Download

                  • memory/4292-141-0x0000000000000000-mapping.dmp

                    Download

                  • memory/4344-145-0x0000000000000000-mapping.dmp

                    Download

                  • memory/4484-143-0x0000000000000000-mapping.dmp

                    Download