Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10_x64 -
resource
win10-en-20211104 -
submitted
26-11-2021 15:20
General
-
Target
https://modernsprinkler.filecloudonline.com/url/rpfggw2debhsdxic?shareto=pglennon@modernsprinkler.com
Malware Config
Signatures
-
Drops file in Windows directory 6 IoCs
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 62 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SendNotifyMessage 14 IoCs
-
Suspicious use of SetWindowsHookEx 23 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://modernsprinkler.filecloudonline.com/url/rpfggw2debhsdxic?shareto=pglennon@modernsprinkler.com1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LOEA0KPG\New Document.pdf"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B7B66D934390402253F2A09A9A2A69E6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B7B66D934390402253F2A09A9A2A69E6 --renderer-client-id=2 --mojo-platform-channel-handle=1648 --allow-no-sandbox-job /prefetch:14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=63A4436B173D64ECFDD959D62392AC5A --mojo-platform-channel-handle=1764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7CCC9F6173FA10E2697C2FB23B9ACA0D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7CCC9F6173FA10E2697C2FB23B9ACA0D --renderer-client-id=4 --mojo-platform-channel-handle=2084 --allow-no-sandbox-job /prefetch:14⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=784450833E083CC078364C4865BF3766 --mojo-platform-channel-handle=2588 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2B12C3D6FD49F6C73DF3C12348FA9ACE --mojo-platform-channel-handle=2716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F4CB783299F73B9E72AF1CF97926B53E --mojo-platform-channel-handle=2596 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
-
C:\Windows\SysWOW64\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://gaudy-frill-cicada.glitch.me/docss.html"3⤵
-
C:\Windows\SysWOW64\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://gaudy-frill-cicada.glitch.me/docss.html"3⤵
-
C:\Windows\SysWOW64\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://gaudy-frill-cicada.glitch.me/docss.html"3⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850DMD5
f38465988ba273bb822b84568d682669
SHA1566d8520422def07cdd88475317401d28aafb381
SHA25694f64b5a32e13b896b8cefb103757a4e4ae5d1c4df3f4ce6a8f0747e83ce5d7d
SHA51268796c406f4cada9e11a467f4aea3d8e6555173c94a125b93e06219139b983c813f94d6da98b0849e01e26255ef16d10274d9e67aaca3aaa77e35b6ac64a52a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EF5B6E8FB46B63DFD6A93EC1E0743AEMD5
633f235fe42aea2d5782ae8be19acaad
SHA153abeb6f84b482dcd234ffed85901e4b84beb863
SHA256eb2cf094709037d4ed392490fd1c143ae62f215893ef586af3c2ccd6ec4358fb
SHA512615f335e452a724e2012dda21769cd6cdd1ce52b6a898cc0f4587f26ebe1859a488211ec133481678f060c0be55ac63710102143833b9c38dde9c2757e73aae2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711EMD5
bb5b6bfd10c107593232ff1254853e03
SHA10a8a2aa6efec37e8b425a91c90f27d9de1b125e9
SHA2566783b1f10f27824de2708f3eec3d1d0e080ce94457b256afd8f6ce1409e6e8ba
SHA51248973f31f7fcd5795fdfefb63fb5e6b41a375dc57b57052f632f6a8fecf47ae6ba90fafb0946a28b7b631c40095c1b8ad62cef20ce8a2111af5a750425519bf4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850DMD5
21d6b5c745d3b6085d1e43644122697b
SHA178836e10550b8e9fc53c333688ca0ff8a261b564
SHA25643214c58d3d9f8f36f1257f6a65f97643cad33d62973404941b424ec8bcbb7db
SHA51224047ff90613355cd08fe0682186d10b6562c909f3cf0822887ef4179cef806188bf742c7d6de8ebd21f2ba40a40bca8f187d47393debb63cdf6bef9f37528dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EF5B6E8FB46B63DFD6A93EC1E0743AEMD5
010c0750f60dd65281f4547f68203b03
SHA19051eb0837c5374eb7c1f78869132ee3f9f52722
SHA25687be8301fe4fffe2ba2c3eea2830aaa43134e7522e87ed93ed4a1a0dc10718a5
SHA5126ebf91ba1d32b351b8b2ec7c04a095f6191e36e3e659e87dd14b7d7ae7da707674e472b1e49b43dd3b19e78bd5a2bdb8f4c79357d53db8b93c8e112a6f6c4e36
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711EMD5
e928985644211c8391ce8de3803a039c
SHA1d53aef9d858f9b4ae99fd6554fe802a1e404973e
SHA2565458a1a1075ee8588c396fca62e34927f4333307d0e1866140dfae7667ea4949
SHA512900de3dbe2731e6d588aa9c78d53b268d71d9a5833a1cde682ac7dccab1c08b9d4aa9f8227c2f6543b5e58451ae97f453b7aa257d92cd20f5ea45668c9671c4d
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LOEA0KPG\New Document.pdf.mc6vig9.partialMD5
85284e6807b343b6b0fa97bdaa2e8496
SHA145eb42ce0d026576648bffe3bde3443b92aa1ec8
SHA25693f1ed4c3e443d8775cf599c4b524fd6093694227e473b715d92d2bff96ac2f4
SHA512b08fddd647215aadf036bbde98742cb6fe03af80d98c944e42c9b7b6a25e1a13fa08634fc8e9a5e8c328083a12b95f102c33eb0ea4b65d4a38408c732478e3db
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\BXA27D8P.cookieMD5
9f5bd734809a8ca0ba93f945f51a648a
SHA1f67563329b48e14e8378826db358f4ab31fc99a4
SHA256895b51a98a763d14a988e18f64ce37a47d20313f998699828d7bf828428fede0
SHA512c69175b30ad4381d53fdc6f1f4bbe795c9b1bfb5ef07c3eff92d527e781841292a3887c7438e7d35efba8ea3fdb36e158f7bbe86134b3fce376398905b5b8397
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4FMD5
e0fcf3ca705ff9b6741c7b3c02515030
SHA1356156e982ffaaa96a480aa6bf64a6f64aab5d82
SHA256aaf5395847b70c0e0b3e32fa3d388c9acb027db24204ba61562dab9477907ed6
SHA512273347b22a6ddb3e8f4e8051dc20e640ecb3661899e274963cef08d8a5aa2b80894244928c9464f55fcfe74ad16010b54f995d13d0525702d349c4fd1afc901b
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62MD5
870dcdfa06bfbce6120d7d7eeaa440a1
SHA149a42acbc21120bf83e105363632017502b6370a
SHA256b511716918619bdefa6440b53708f385f24b76c747ec1ac9420916b3cc7aba9c
SHA51240b2bb983d4005d20873803d41c0b808c6c3275dc7a5bf741bb4e12acb7dcf5f82074e79a1d49563020a8ea1a98ccf88ea746e7bcabb0f22812307ff362aaf18
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894MD5
d1d6e2d8fd72f8e7b6a0f544765023f2
SHA1db07e90515b9dc6e094acb4f27584df14be801ef
SHA2562a9c32cf065f7d2df8c8b1d152a1c8409563107c691e91492a60a839b713e7b7
SHA5127dc9b6c79c421990ea054018a63e9d6beeca6f23c81d1bac6382117e7be8aba071b275c536fe2daa2e8ec0376c016a71003a5d5c84fab77673375bc395ff4237
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\FC5A820A001B41D68902E051F36A5282_30F701A5D3F3E340D2DF9758F7784007MD5
d6f7dd1defd4d75cbd7cf7339d20483a
SHA1ee2597a04cd3785ae7e8fb4fe54d54e794ad4504
SHA2561638b57742052d565c1bf826bffd45723806d07eb7b2cda373d9c2069dd3dbff
SHA512a5e107fc86d99562ebcf38cd8507a3202b8fcfff91862e8427c07b4536ceca9e96fdc5738e729b59143529792bac670dfeec935f8c3722dd667a20b21485a608
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_93E4B2BA79A897B3100CCB27F2D3BF4FMD5
40127db194c31613beef6790cc7cd0ef
SHA1db73f8ffa6ff3e3a8d39fea2fb0aa895f12b1e67
SHA2560732e7ce891ef9ddc09ea3c523311cbe64670640dbd94d7bc42186f6e90ddba3
SHA51210f9e4937bdf331628726d53d93fbf8c4136005b7a7254fd88e4534a4da5bbdbdd2608efa1e5e79b64fe00fd811e3c2bb671fe05f18345ff0db07769880692da
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62MD5
33f15bb1fe7ac60304376cf985599c27
SHA1a2fd6e1cb0c764409a1b6a90175ac9389c05168f
SHA2561e0facace17af51ba1464c2fa51aac736faba502d416db29d511076569f6b758
SHA512e1f7349e0a2349f3c8c89f58c6a1fae74fd3a5ab21163906b5bd2aedefe83e2281d1b3c7d77701fad600221b02464eaa4b4a4ce47c53aa5dfc881b0815049fd4
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894MD5
ceae9b8156b5097c71a150bdaec3037c
SHA1c36260be8c059cb7e70ba6505a1c2c527654ffbc
SHA2562e5376d419e789281521588818a696f6effb62e90056964f7a6a9bf484648b2f
SHA51254b418d241f45262eb30efd9bb005a24aabeab211e151e6466c3e036f8026da375ef9258fd574ae5b56a03b47ceaafff3a735de17020d3f1e688207e56709df0
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\FC5A820A001B41D68902E051F36A5282_30F701A5D3F3E340D2DF9758F7784007MD5
8171b319a29754ed6813632c7ddccd9a
SHA14b4903715d03ea6660d5ee55e4bee8487a4a043b
SHA2564182bcd2e577a16096840217e63ec63e5affc1a302c43c0d96ba01de6a5ba61f
SHA5120be14f5c69f7af51963776a0e741b848788578daaea8ab819722557b5fa91880e51a44b15ac9894488cb48fc25d30d72de79412e9bb4d8ad7c9ec37eaa74a4e5
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2274612954.priMD5
0db264b38ac3c5f6c140ba120a7fe72f
SHA151aa2330c597e84ed3b0d64bf6b73bf6b15f9d74
SHA2562f6955b0f5277a7904c59e461bfa6b06c54fece0d7c11f27408fa7a281a4556d
SHA5123534c243516cef5cee0540d5efd5cde1f378e127e6013b5e309a2e0be8393417bfe458706564b4b955f92132a51e2772c67f9fd90441476cc3512a5d9f910d84
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.logMD5
2d314e879e875d8a54872b9c9db664b5
SHA1ca7f785a60a70cef3f3f57cb53d624447a09ee69
SHA256ac5cc74d434b75197871fe28bf9db43041caa9a0032afcc842df8175edb4656e
SHA512ac8f2e2966eca822ea825cfa4f858a95ee1ad52c7c19cd3991c6dee86facf182cc3808391c14d2345b090600fc06265878141df2538e129d4c59a8d085d1bfb0
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chkMD5
5356b6677b027eb8fd4e36a39c189e51
SHA127191eeb2d923440e7c84bcbfde7e7b9170bf361
SHA256f10ece336ea1831e20caddd2891ccbde6fb29b4a13d4d94059170f250dd9ed8f
SHA512da658519720deecfc8330abf87f01f07bba746c89518a9f21a7aefa1f043f7c81a4c2ef79c8da4152e183a4ad96709cab0493e9cf0bd90a09450df776fb6b0b1
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edbMD5
21e6ffa689d05a7035f994703cc3418b
SHA1e8465a9fb605c9cb9a878cfe41d99147eeef9e1f
SHA2569f8f0aeba00c955dbc883761c2503aa89a411432bc4894ea6e181bbd0a06bdc2
SHA5124c32eb8acf7805ebb47035d972ab1b8ae1eb3a7a3511fee480af34ba85cde6ef1931e65e1ffbe4e5573c1f60c289beb8c199f4cf4d4c4c4717cdb33979d8ffb8
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfmMD5
5164739cfac77453f25dec1ac5aa5c92
SHA1556c1e59d7e207e52b37f4e7ae9032a3c650613d
SHA256631e911eeb8dcbf95e5e17c9cf069eb1814c8d1ee56b82fe5e6fb628a025159d
SHA51236cdcb1946357a713b4f08116edec435ca9bdf80f33a2fd935d3d7bb3820efe3eac451b8d70f59f33a13402312d07c75acf6741b952f6bed3e405480d34d196b
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{29E97694-0618-4E59-B842-F7EBB2BD4C45}.datMD5
e5642cafa3884d88cb69dddb0a1c992a
SHA1b6995139c638eb7c92db538dd1390eda59a232e6
SHA256b906ec5c52a0f877604d9c61180acf5ac06efba08a031b291e272b00cc478153
SHA5121589d7b4b720b1d4635c2e33ace36010f0602db7696a457d0ae49024df50508c23798a4775911daebc92c6e5797a09b556fd5618a451eb41c433a31e419d2551
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{E5D21B6D-87F8-433B-8D0E-AE461C2B7343}.datMD5
16f0cad7d07c82e61b7be26aaade7638
SHA1b0f7f3906fc12adab13d545943a8c6866a369ae9
SHA256a3b6f380bc67d0af22b882db6647da0dffb50beda8df07194c5deac875796c22
SHA512285294c7b1ba7d605dcbba3bc5b445d6f67ae806edee7ed082f05987f598be58ee251d616484e798606914df344ce94b99c93042f2e11f4dc50b5c680ec8d76c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2274612954.priMD5
0db264b38ac3c5f6c140ba120a7fe72f
SHA151aa2330c597e84ed3b0d64bf6b73bf6b15f9d74
SHA2562f6955b0f5277a7904c59e461bfa6b06c54fece0d7c11f27408fa7a281a4556d
SHA5123534c243516cef5cee0540d5efd5cde1f378e127e6013b5e309a2e0be8393417bfe458706564b4b955f92132a51e2772c67f9fd90441476cc3512a5d9f910d84
-
memory/1084-219-0x0000000000000000-mapping.dmp
-
memory/1256-228-0x0000000000000000-mapping.dmp
-
memory/1368-232-0x0000000000000000-mapping.dmp
-
memory/1480-236-0x0000000000000000-mapping.dmp
-
memory/1852-210-0x0000000000000000-mapping.dmp
-
memory/2592-243-0x0000000000000000-mapping.dmp
-
memory/2604-141-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-135-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-166-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-167-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-168-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-169-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-170-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-171-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-172-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-173-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-174-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-177-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-181-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-159-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-158-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-154-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-153-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-152-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-150-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-148-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-147-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-119-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-145-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-120-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-144-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-122-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-118-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-123-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-140-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-124-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-125-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-139-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-138-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-136-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-160-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-134-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-132-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-131-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-130-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-128-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-127-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2604-126-0x00007FFF12D50000-0x00007FFF12DBB000-memory.dmpFilesize
428KB
-
memory/2616-143-0x0000000000000000-mapping.dmp
-
memory/3212-239-0x0000000000000000-mapping.dmp
-
memory/3632-218-0x0000000000000000-mapping.dmp
-
memory/3732-222-0x0000000000000000-mapping.dmp
-
memory/4112-247-0x0000000000000000-mapping.dmp
-
memory/4732-250-0x0000000000000000-mapping.dmp