Overview

overview

4

Static

static

3

5492204342....6.pdf

windows10_x64

4

Analysis

  • max time kernel
    151s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10-ja-20210920
  • submitted
    20-10-2021 16:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5492204342.7.2171.20.412327..0896.56.79293.0996.13731.7.35934.1715.21.1975.0.439.00.398040.3.14063.6.pdf

  • Size

    123KB

  • MD5

    1bbb3d446970904014620bbca9b8e4da

  • SHA1

    7b63cd0a70cb224b979ff2078652762c5b69012f

  • SHA256

    ede389f8057be0d1bcb2b511a9ebe3c14234999c76a7e7e24c187536c40bea73

  • SHA512

    a5242ad304919317f93c649963676e865e4d36fcd195731feb968a2138952f852b2debad06bc7fafc2e8fb4b3787ee636ff305a08fbb4f4f5dc57eb4c3ca7f66

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 8 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: MapViewOfSection 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 15 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\5492204342.7.2171.20.412327..0896.56.79293.0996.13731.7.35934.1715.21.1975.0.439.00.398040.3.14063.6.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2956
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1804
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F4099E03E98AD8006ED6FE3A8014197E --mojo-platform-channel-handle=1640 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:2692
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=17180EB0787F3FBBAE1BE4EED1971E78 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=17180EB0787F3FBBAE1BE4EED1971E78 --renderer-client-id=2 --mojo-platform-channel-handle=1652 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:2352
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=933F4A3CD98978D6EA822207BED1B122 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=933F4A3CD98978D6EA822207BED1B122 --renderer-client-id=4 --mojo-platform-channel-handle=2080 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:4564
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CA702FC886BCBA2CD332EA2D50B77471 --mojo-platform-channel-handle=2452 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:1368
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E2DBABFAE05EC228C17576578C958178 --mojo-platform-channel-handle=2564 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:3600
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=697EB392C48FFBEE3C1DBED31C47495E --mojo-platform-channel-handle=1716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:5028
                • C:\Windows\SysWOW64\LaunchWinApp.exe
                  "C:\Windows\system32\LaunchWinApp.exe" "https://www.google.com/url?q=%68%74%74%70%73%3a%2f%2f%6d%65%65%74%64%72%65%61%6d%78%74%2e%63%6f%6d%2f%3f%75%74%6d%5f%73%6f%75%72%63%65%3d%41%50%73%38%71%56%68%30%32%35%54%38%26%75%74%6d%5f%63%61%6d%70%61%69%67%6e%3d%67%5f%6f%63%32%30%26%66%64%77%3d%30%77%39%77&sa=D&sntz=1&usg=AFQjCNFQ-zXwtdld5gxJH1E_BL0rlySceQ"
                  2⤵
                    PID:1100
                  • C:\Windows\SysWOW64\LaunchWinApp.exe
                    "C:\Windows\system32\LaunchWinApp.exe" "https://www.google.com/url?q=%68%74%74%70%73%3a%2f%2f%6d%65%65%74%64%72%65%61%6d%78%74%2e%63%6f%6d%2f%3f%75%74%6d%5f%73%6f%75%72%63%65%3d%41%50%73%38%71%56%68%30%32%35%54%38%26%75%74%6d%5f%63%61%6d%70%61%69%67%6e%3d%67%5f%6f%63%32%30%26%66%64%77%3d%30%77%39%77&sa=D&sntz=1&usg=AFQjCNFQ-zXwtdld5gxJH1E_BL0rlySceQ"
                    2⤵
                      PID:1532
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of SetWindowsHookEx
                    PID:4988
                  • C:\Windows\system32\browser_broker.exe
                    C:\Windows\system32\browser_broker.exe -Embedding
                    1⤵
                    • Modifies Internet Explorer settings
                    PID:1708
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Modifies registry class
                    • Suspicious behavior: MapViewOfSection
                    • Suspicious use of SetWindowsHookEx
                    PID:3524
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1488
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies registry class
                    • Suspicious use of SetWindowsHookEx
                    PID:1368
                  • C:\Windows\system32\browser_broker.exe
                    C:\Windows\system32\browser_broker.exe -Embedding
                    1⤵
                    • Modifies Internet Explorer settings
                    PID:3400
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Suspicious behavior: MapViewOfSection
                    • Suspicious use of SetWindowsHookEx
                    PID:4124
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies registry class
                    PID:3208
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of SetWindowsHookEx
                    PID:3176
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1740
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies registry class
                    PID:1176
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Modifies registry class
                    PID:3344

                  Network

                  MITRE ATT&CK Matrix ATT&CK v6

                  Initial Access

                  Execution

                  Persistence

                  Privilege Escalation

                  Defense Evasion

                  Modify Registry

                  1
                  T1112

                  Credential Access

                  Discovery

                  Query Registry

                  1
                  T1012

                  System Information Discovery

                  1
                  T1082

                  Lateral Movement

                  Collection

                  Exfiltration

                  Command and Control

                  Impact

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                    MD5

                    fabe352caed053afbde96d0aaaa7cfc8

                    SHA1

                    34387efe887595562fd683f4c16cd79d8ba5f78d

                    SHA256

                    3ad1001d05f43e4bd8cc10956392fe3403480b89e5cc4cd68dae6aeea4b005ee

                    SHA512

                    0895e12581db5b71f8032996a68e45892389d23498674a9360d2ec103c86916ce4522a8f6ea3c858dfcc93c321553df02e572c04c7ef8879e566f4223157bf0c

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_86D88E3420C534FCF630732C19940281
                    MD5

                    879af145908d33f84ca95219c9f42470

                    SHA1

                    5f5565644594cf8a35a230238d4b2e701a0e5ca6

                    SHA256

                    b64c6a19c260dcf3bffbf4a0ff35a4b788f14c183e6d70a6dc6b96f8e5667c39

                    SHA512

                    d5cf8c0c69be4543f0971af14318b4bdc9c599f9e18155b166d897445538cae3e55f8f1cbeebee05e03db160e13000b913766c66f04f3a328b85de7d1f5e5bd7

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                    MD5

                    64e9b8bb98e2303717538ce259bec57d

                    SHA1

                    2b07bf8e0d831da42760c54feff484635009c172

                    SHA256

                    76bd459ec8e467efc3e3fb94cb21b9c77a2aa73c9d4c0f3faf823677be756331

                    SHA512

                    8980af4a87a009f1ae165182d1edd4ccbd12b40a5890de5dbaea4dbf3aeb86edffd58b088b1e35e12d6b1197cc0db658a9392283583b3cb24a516ebc1f736c56

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                    MD5

                    fd87575b3bf5acbe0faa5c4e0096efad

                    SHA1

                    c47af71c277fb94feac81ae9db72461841c71958

                    SHA256

                    cde3b957daa74219f5cc404127178ae4a8122ec0cc8c9aea93e8e374d1770045

                    SHA512

                    1fed1d3430b0e32486498684c12abba9a54e17c0efea635cfe3712f86f972fea15c919f52f4215270ee60f6d317e8093c933e2553c51738e48f90c1c5f3423af

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_86D88E3420C534FCF630732C19940281
                    MD5

                    bc58f60118b009f63422d8d3a7348ed3

                    SHA1

                    b408b96386175a37691d9c0a499a7de05f72d6f2

                    SHA256

                    8b9f0a60a4081818fc8f05bd003a2601a644c60a0a58ae95f7ce40769b425796

                    SHA512

                    21d471fb43c1d72c75907a804353da5a10c885297f94875b3deb16e674753f3ef41e66b2a12394ce71963e58f037b6cf937f4c8e01c4fbb7cb780fd7b4dcfc1b

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
                    MD5

                    56b7a1c3d5f5fe45182e7bc386ff87cf

                    SHA1

                    54751f94aff8f77d8f22bf9abe924abf90f6d13f

                    SHA256

                    da950fc395a1fc5516e01bc7d05cd56b69c5d2ca392da000bea234a30d0499a2

                    SHA512

                    f9a37e9e0641ac3ad02b8eb4ba16abce80855b7cf440172ef150bc3dbd7d779fb7761df2fb7c507532a711cfa9ee85f8104e270e343ffc308c6d05f61bf62701

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2274612954.pri
                    MD5

                    0db264b38ac3c5f6c140ba120a7fe72f

                    SHA1

                    51aa2330c597e84ed3b0d64bf6b73bf6b15f9d74

                    SHA256

                    2f6955b0f5277a7904c59e461bfa6b06c54fece0d7c11f27408fa7a281a4556d

                    SHA512

                    3534c243516cef5cee0540d5efd5cde1f378e127e6013b5e309a2e0be8393417bfe458706564b4b955f92132a51e2772c67f9fd90441476cc3512a5d9f910d84

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
                    MD5

                    4b60963539766416951c73c25dcde169

                    SHA1

                    c311714d18568d38f6ae65a78e327b33a15afef0

                    SHA256

                    76d03590bf2c3146fed1790c517f4b00f5b993c950d38088d5a9fe2c7b82ee08

                    SHA512

                    22e5b16fe70a0558ba5ff2ced8e4a96ab1e2591f0d8fc9c21fa2bb9f1849c1381180f1a2dd83a4cd01a2653493e49f3f2b3b4d7c2fa9a1052443ad102fb8d34d

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
                    MD5

                    6b9416b724cfe8aece90fe720bdc3542

                    SHA1

                    ffce156b3fc0a30304f66aca924f3fe94d452c1a

                    SHA256

                    f31a3808498e12fca4e43c4aad12599b5971210497399bae229081af910dd6d1

                    SHA512

                    a6450b005e16736529351e76e4ccbee7eb4c22becaa1bcaa4aff97cc71464c0b6275d4f96febe43a562d87a8110829edbc3079b0a996f49ad69289ee173e5c2c

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
                    MD5

                    dd9661de6926bb7429c501f515d3b6e8

                    SHA1

                    4aafc8d66ee514fc1c3fc9a32f9e9511d3517b76

                    SHA256

                    001789eb9ee13700eb21e6555c70f100a6fa8930581d44a0672b5b03215ebd48

                    SHA512

                    b0a43cc78d861cb7f1566fca6d62d3765828c095af0f6e6a21cb435cea9891a04f2c80f6018b7a864353cc65662325ddd1098051ca003468db2cc953206737df

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
                    MD5

                    f11a5eddae578862657b874c1a4fd99e

                    SHA1

                    95851964dedd74e18f503f33a930d7e2b2ed7bae

                    SHA256

                    c17552c720e196e791d31323bf6d66db035127f364a9017251eda5a3d1b34241

                    SHA512

                    8299a71f4c9346ed116057162614f4113bff595e0146792cbb00b32d9c43f50e99887ea0e40d07a10356d36c1a1dcc57af1e47a96ee0eee980a5aea535df8223

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{4A4D24AC-29C7-4560-AC3C-0D03FA0BDF84}.dat
                    MD5

                    d86913b8f649fe05c8e63d0c0efece8c

                    SHA1

                    d48462c8790ab54a96ce4f4b48fc0944dabdb43a

                    SHA256

                    25dc0c70bc4f8b72e95daa139c88a111f7621e5c81e93987a2ed99aed8957b55

                    SHA512

                    8840e271908c833d8b4380c22d277b765c03903e10824963d0e96584478267859cf85b4316426bbe3b81a11093d2f3113a2b520a8d597607ce370b4c979d28fe

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{2D22C0BA-C2A2-465A-B910-BEAECAC8DA61}.dat
                    MD5

                    a2c82651aea16eae0d0c0eba2f102391

                    SHA1

                    a8ea4d11f845fffac36bc7a732aaa2851a251e5c

                    SHA256

                    cf8fbb8131c5b6b963c22b0f2aa562810d5a029d3a9279b3a027ffcf5c7221c6

                    SHA512

                    5b80055f36b47edc26b5050e253ff2c01af044ff914644538ca699c430b355c8e4cf1e35b80effa7655fa1f1082654e07770a82c35445d510d0a0e53fe63ff1f

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2274612954.pri
                    MD5

                    0db264b38ac3c5f6c140ba120a7fe72f

                    SHA1

                    51aa2330c597e84ed3b0d64bf6b73bf6b15f9d74

                    SHA256

                    2f6955b0f5277a7904c59e461bfa6b06c54fece0d7c11f27408fa7a281a4556d

                    SHA512

                    3534c243516cef5cee0540d5efd5cde1f378e127e6013b5e309a2e0be8393417bfe458706564b4b955f92132a51e2772c67f9fd90441476cc3512a5d9f910d84

                    Download Submit
                  • memory/1100-144-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1368-132-0x0000000077552000-0x0000000077553000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/1368-133-0x0000000001B35000-0x0000000001B36000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/1368-134-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1532-145-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1804-115-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2352-125-0x0000000001C20000-0x0000000001C21000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/2352-124-0x0000000001780000-0x0000000001781000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/2352-120-0x0000000077552000-0x0000000077553000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/2352-121-0x0000000001B3A000-0x0000000001B3B000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/2352-122-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2692-118-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2692-116-0x0000000077552000-0x0000000077553000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/2692-117-0x0000000001778000-0x0000000001779000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/2692-119-0x0000000000080000-0x0000000000081000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/3600-138-0x0000000000000000-mapping.dmp
                    Download
                  • memory/3600-136-0x0000000077552000-0x0000000077553000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/3600-137-0x0000000000788000-0x0000000000789000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/4564-128-0x0000000000000000-mapping.dmp
                    Download
                  • memory/4564-127-0x0000000000D4B000-0x0000000000D4C000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/4564-126-0x0000000077552000-0x0000000077553000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/5028-142-0x0000000000000000-mapping.dmp
                    Download
                  • memory/5028-141-0x0000000001B35000-0x0000000001B36000-memory.dmp
                    Filesize

                    4KB

                    Download