Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220112 -
submitted
26-02-2022 03:48
Behavioral task
behavioral1
Sample
fezolajavamiwozu.pdf
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
fezolajavamiwozu.pdf
Resource
win10v2004-en-20220112
General
-
Target
fezolajavamiwozu.pdf
-
Size
291KB
-
MD5
6f3e481c8125a4fd367ddfa7cb0fa258
-
SHA1
9e9b200e1a7cde4ea9e5ba7c326ffe80b1320caa
-
SHA256
e34006141c32e88bf9e7b9f42b69744a0a83d28cf1ae204bb82c1e15f468e865
-
SHA512
dc66cf3281ded870a181b5d2e2aff6e5b22fc21b0fbe653cae0b5d06c90aaab521ada1613a5991106c9c894e0768aa62205bce3e561f6bd24990ba4635d0c769
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 3 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Key created \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window /prefetch:5" msedge.exe -
Drops file in Program Files directory 2 IoCs
Processes:
setup.exedescription ioc process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c1818540-7641-456d-abc1-900503db469f.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220226045002.pma setup.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
Enumerates system info in registry 2 TTPs 9 IoCs
Processes:
msedge.exemsedge.exemsedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 38 IoCs
Processes:
AcroRd32.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeAdobeARM.exepid process 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 116 msedge.exe 116 msedge.exe 2024 msedge.exe 2024 msedge.exe 4860 identity_helper.exe 4860 identity_helper.exe 4876 msedge.exe 4876 msedge.exe 3612 msedge.exe 3612 msedge.exe 4068 identity_helper.exe 4068 identity_helper.exe 3744 msedge.exe 3744 msedge.exe 4588 msedge.exe 4588 msedge.exe 1560 AdobeARM.exe 1560 AdobeARM.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
AcroRd32.exepid process 1912 AcroRd32.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
Processes:
msedge.exemsedge.exepid process 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe 3612 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AcroRd32.exedescription pid process Token: SeSecurityPrivilege 1912 AcroRd32.exe Token: SeTakeOwnershipPrivilege 1912 AcroRd32.exe Token: SeSecurityPrivilege 1912 AcroRd32.exe Token: SeTakeOwnershipPrivilege 1912 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 6 IoCs
Processes:
AcroRd32.exemsedge.exemsedge.exepid process 1912 AcroRd32.exe 2024 msedge.exe 2024 msedge.exe 2024 msedge.exe 3612 msedge.exe 3612 msedge.exe -
Suspicious use of SetWindowsHookEx 11 IoCs
Processes:
AcroRd32.exeAdobeARM.exepid process 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1560 AdobeARM.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe 1912 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 1912 wrote to memory of 3036 1912 AcroRd32.exe RdrCEF.exe PID 1912 wrote to memory of 3036 1912 AcroRd32.exe RdrCEF.exe PID 1912 wrote to memory of 3036 1912 AcroRd32.exe RdrCEF.exe PID 1912 wrote to memory of 2500 1912 AcroRd32.exe RdrCEF.exe PID 1912 wrote to memory of 2500 1912 AcroRd32.exe RdrCEF.exe PID 1912 wrote to memory of 2500 1912 AcroRd32.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 1988 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe PID 3036 wrote to memory of 2000 3036 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fezolajavamiwozu.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=306AEB706FF7586AE6D254F652A28D4B --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=46057CC254523CE618A26C344F2A6595 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=46057CC254523CE618A26C344F2A6595 --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CF232584DEC746275EBA11827FAC8D45 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CF232584DEC746275EBA11827FAC8D45 --renderer-client-id=4 --mojo-platform-channel-handle=2188 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C8B100CE64AE158577D0E686B4395EB3 --mojo-platform-channel-handle=2572 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=959E8B8267C991EB7914909B6312870C --mojo-platform-channel-handle=1832 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FFF6EB56A2BB9997888EDC0DD3F4A5CB --mojo-platform-channel-handle=1968 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0A29BD69A1F5BC8AB8B9F546C584158A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0A29BD69A1F5BC8AB8B9F546C584158A --renderer-client-id=10 --mojo-platform-channel-handle=1924 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:32⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.adobe.com/go/SetAsDefaultPDFOwner2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc514846f8,0x7ffc51484708,0x7ffc514847183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff684955460,0x7ff684955470,0x7ff6849554804⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yoyep.co.za/XSRYdR1H?utm_term=fish+protein+gel+electrophoresis+lab+report2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc514846f8,0x7ffc51484708,0x7ffc514847183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yoyep.co.za/XSRYdR1H?utm_term=fish+protein+gel+electrophoresis+lab+report2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc514846f8,0x7ffc51484708,0x7ffc514847183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6068 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.PageScreenshotProcessor --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5124 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:53⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc514846f8,0x7ffc51484708,0x7ffc514847184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5831486879748155363,12947836071705074504,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,5831486879748155363,12947836071705074504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,5831486879748155363,12947836071705074504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yoyep.co.za/XSRYdR1H?utm_term=fish+protein+gel+electrophoresis+lab+report2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc514846f8,0x7ffc51484708,0x7ffc514847183⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6MD5
86a32d47ca116aa438d0a2912b204172
SHA1b57d18876a9a47fa3f9f0fd54b4d59ea93beeb8c
SHA25672aceea3769d7bab11bd4ba94d02ea757b5bc4168daaa021531dfd5ec8930505
SHA512d06607d42014fab5c8117679882f4b20bc8165b97580a3d22b2c91a4adcba090a676c6c7c1df0074245e0d1df4e4adfa956ff881cfe54f810cffb6565eaf434f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6MD5
b2cdf2cfadb0a653ee13c4cde11b24f1
SHA16d1bb491bbbe6d67d0a32231d56ac9b8d2bb5660
SHA25619232586bdb7e6d40ba77e262c9df371ecccfac547f947b5c922c0f55595a82e
SHA5125828dead75abecb76592f3d188ff0fffb0c7f7a3b7282ef9f69fe9589e2fcb9a416b58868684b7576e5ffbf8ac2137716c08022a0b452a83168378e9ca900219
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
20414aeba12cfbb2519e20f7204d3f04
SHA1952c003b8f5270ab611447e4a0ca978e889bfbe8
SHA2566ae50e5220fa511379ef3c1627ef8c3837eb12f61a7eff0f083433f4f8ddd6f1
SHA51219de0f26dbe0f36094f9f7e7598b759807cda0944413edce0f8785e5b291f8c81d0b80fbe7f8f2a124c3b637a34fe711c68435be27e42d2d8b4518a7657cada9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
6540a7891bc5e51880273f33c1778fff
SHA197e635990e8b2200c4bfd423c0506e0836d7fd93
SHA25600eeaeecfb9e14329177a0efa32e2e1fd2edf08255f88ec94dca7951eb4d8057
SHA512dd301b148f1057ef124c0a870079583f59d1f2f9ac9434f829044702b3fbb270ef8753e1e69738d902246dbfd7670369238626331d46f96a26af42d5aca846f4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
6540a7891bc5e51880273f33c1778fff
SHA197e635990e8b2200c4bfd423c0506e0836d7fd93
SHA25600eeaeecfb9e14329177a0efa32e2e1fd2edf08255f88ec94dca7951eb4d8057
SHA512dd301b148f1057ef124c0a870079583f59d1f2f9ac9434f829044702b3fbb270ef8753e1e69738d902246dbfd7670369238626331d46f96a26af42d5aca846f4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexMD5
a81fb47c7260ce46c8654f7f3babc703
SHA1a2d8406accc6483082a4ac2ad5586bc76b676766
SHA25660a8eafccba838786a97cb6d47d89ee86e7b30c9be200044cd5e1ed03d144ddf
SHA512468882c82514bc67ac3984e90661e64df48194c6a6b6e031638ff3c00108c72f01d8faaa5d05ca9bec1f1d9107834708445abd61b3595fd986c3981482904e9c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-indexMD5
60c9021c5a96242d6613122ceafb2d76
SHA1b419f9f873671a374a86c0bc8df3bfa636d25bc1
SHA256e2a718e2f37fd09ebbad80a4404c7f063c9ca78e77721b538c2e819046456e0d
SHA51276caf05e8c3e484465e6d448f3b9f093d407d6d4f23f9fba41e0e8254f9d7d5536d11726aae8fe967a859ba7ff0d72e3d1a284cbab05b0b088754e7d2c70f53a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CookiesMD5
239c2f2fb3677a81418a718d34c73f45
SHA132d192254602db3394f2a78e7affafb83ea3d2db
SHA25679ea55807b98e511c6f5ff3bc6dc79c3150d95c1489b7926e2643a929dbdbf1e
SHA512e0a4b212d96f358c7aaa9aadb880f576c91025601d34c6075a187ffe7c54321864650112ae4295f461cca73e46b717892a6a91117554f651e78f51b11c6fbf31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\FaviconsMD5
ecc044b47d4021c6a14dac89b25c9482
SHA16a1157bb8b63cab608f1c03e13a3bd41d8f19da0
SHA256ad174f1f4c6708b1dc25bb7706a01f0ec1c91af5ece4b6b20436f66ae59e3b9c
SHA5127385d22cc0dae2c15d994e36fefe465250f82bd33c237fdac1bfe07d93df9e8fa2e3030e58c850de828e2f5d8bb35d9f9a294eeaec1042c1a5c47cae67426363
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0MD5
cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1MD5
7ca4c69cd6eb85f176da37132d1c450c
SHA16bd11897a8b6a231fe0239dc07df14d7a0bde42d
SHA256056d51d9c5008b2f2d695d64b3bdb62e1d3939be3caeb1901280e110528a1b8b
SHA512ae6632e334e3100b51c09f31323d078b512ba9495a8371e59aa10a64aba352eabe3367c308af759ca18fb175440f178be80e53597a2dd4a8c3611bb21397595a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2MD5
0962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3MD5
41876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\indexMD5
e1efd9c708eaaca5d056e862db2e62b5
SHA1d12a1a3d78abeffc2851b2e4b525ee94d8fe7948
SHA256b2f759b694d6d0b7c47e41c453a8e7fa43c3256b9cc11b7c54eea6c2f5bcea42
SHA51280d554377b1230754ea74fd2d22244b3f3027ed78f75e984ed42c1eeea2a774185b864f5958fadfe570c26a7695a927a0bb965b99b4300bf24a79091d5c45452
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HistoryMD5
1054dfd141e27ed6ae83c8b7a4d5afff
SHA1fbcbf02d0b6d42841d6e0da7d722c98dc5da999e
SHA25661d9df5575035422ef61a078a3638e590d6d7f81540c32e57620d006b72b09f1
SHA51267499d6e5b81685a5d16d5efd441d9979bcf7288ed178491ceadcd2b05389bb46440de924f89be1dccb97c045cba7cd5ae3ada7b56c7720eafb5e81c18751054
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheMD5
8e01c0a30fd6de3568c62e2c0f5aa82c
SHA1038bab7d8f235f0773cc5047f286a2c8037cb77c
SHA2564e304f5688b54e4619d4667a4d086857e9d395de181e7dbc34cfe4d04c5642d4
SHA5124b3de36937b1929bbe4f98ffea728ffe736ccad64e36aa68899b05d6ec387b40934cb0f3ab2c6fba542358e65ac90742c6a21da9730ead63cd2b632415bb9d2d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.logMD5
af03ce5403d3cc6784de1b00be68fae9
SHA1e1c730866dcc0d068f7b241c19d04d9966add300
SHA256a533b30f03f5cf6f65c237cd282c08e4575ac984ce8ec13d8e3314550d009449
SHA5121efda327c7cdc84bc4b0149589fa965fb76fd8a25d999baed886b2e5e8798aa626b32d7c314b20417f2416c98eed4f148aafd2fd0217d0f7dca9e9d40c1c23b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOGMD5
d45638a915bb31dcc50634d692975c56
SHA19461bbb98bd3e68bb79bd1c67184c82c039bb2f1
SHA2565ede20b821259bb139cc6d72d763910163821023b712d47ffe92a98d7d9a3bca
SHA5126b28773c0dee03612c3dc5672b0a80239ecb566d94483f11816287383d78a4e816ddfebab0c8ce56dd51971263e4c7981a975e637f859068eb074a495289d8d3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesMD5
d0a80cc87dffd812005063539f82adc0
SHA1be84898671a236c3619cee702cea29d36cf5aea9
SHA256d20f180aaa6f7318793e2288d94af026b3c49842cc26b9a3452c1ea4868f674b
SHA5129fbc096fe1233cd0d644f12777bb8c8009115082b61b381fcfccb18208119d23304a1605604f60a13d357a4ed1db4dc3bb9b17973e138dc888d893a07844f988
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesMD5
e8b2f20ceef5bdcef18149d80d560807
SHA142d1ae06526a78d96cbb3279925f931b9f6990ed
SHA25613d3c920958763374a0ec87d2250f85da8c728bbc63c8892e8320a1ec2aeaa45
SHA51244a1f67b52fa94831f2faaf514fe75f6d47efcee40e7c413d7ffe0864e63acdf3321734b944e8ab5fc9b2166f2e9cdf6f3ad53de7995439dd14eb163dd3443f4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.logMD5
1e7e62dbcf212b9f9c04566235482ce3
SHA1ce2612cf7bde73f91226586c871ac84a9d0ae16e
SHA2563db1dd1226e29d3dcbf725948541b2c678d9815844f3173bf2a6ea05217906cb
SHA5124abb297ed1f9bb2009b0ae97fcc1021ec45c6758766a59d61fc1ec3e4aaeb2190b503b78e979856a1945d0170616c9b2442dcc15bd8ed7c9967e94ca822cd7e0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENTMD5
46295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOGMD5
528bc66193fbd80d3c6eea5888dca5be
SHA16353f2f034575eb0220cb598cc6cf967a0c32a20
SHA256c91eb71658ed316b37fe0fc16d3e279fe1d69e86f3bd6cf437f358a752b7a00a
SHA5120ee2066b8efe62ea5772189697b46c0945921721c7881fb38748e43fcd907a502b623573144f7ef5602ee0c0dbc4257316309ca39cb77d3e9268ce7fd830f9aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001MD5
5af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.logMD5
04499a41653ab66bcbb0054189ddbc5c
SHA15578d60330e8805fc1d0302b04aec3812380424c
SHA256b2a62be22fc6ff942ba213e2af9a7ed49c72483667a28f3dc2e4e281d4b3515d
SHA512545a90528734e5f4aedf7574d97bae9442a48369eab558011576ea409617059114b85961a40271ee6dc8903ba2a8d100d176cab71cb23151f77f0303e4b0b8b0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENTMD5
46295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOGMD5
fe437203501c4fc3b17bdf6d0924cb45
SHA1566007a2f2c9d55ff5d24d32e35e5585a9cd58de
SHA25674522224610acf1b06dd89250ebf92d054e5d5a7853d90c68be3a4be2c6d68b7
SHA512149f0c1be5b82a46628378d0e9ce3ede106172d4aa986176f77d556b96767d0ff50ab06df70045a843c40f2c5653c83e2c2c328f91db865bafd83a46bd8f8dc6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001MD5
5af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13290324624114882MD5
7e0fccd191a98500166b10076323381f
SHA1d83808805f20d74a825bea36e93f2343fb14a306
SHA2565bc9deacedec79aa1625ebf6ab3a62aa3bdd07e498a743e5c17c4fa4923f2eef
SHA5122887b7bd5b06d594d4333a28a229d49b723f4ed584f7496884ee67fb5fd5c6aa5306ab5730a1bf015d07ae699a56046de22be239231ed6ae1bb3f1e5400754d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.logMD5
94f03f0cdf7d9e12fe3b4921e51f782d
SHA1082003a000619f31291fe560dc7c6f7a857a7ab7
SHA256a874b9ac1d4e066379fd0d82167f263e6744865628be769a28dd62d392285bb6
SHA512fd48f76721550857b8ebb3b67d4ccc27e3db67ffa273accf864153fa6d780183c4a7e7787c17125874263a1ee8453570ad971c4106955b2f268fe0fd604610dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGMD5
fbe785aaf15b76e728eb54a8fd2453b4
SHA104f939be9de7f63489921cd97febff951242009c
SHA2568a734d0e6de16e97068e1278182e228cbe1e272d0b0e6a9b19331f1b015f676f
SHA51200a3b50ede1e70552e5048e2e1a7882d5f10c45ad48f7d6de05369ac0cc67497679ac4b9eb2b461dcfdefcf1c79b37ad9cd044a1b1b9658b126c6c368a92b1f7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGMD5
82339b6d578b3368db309e6d882643ea
SHA1ec389d4164c71541a20ba325697496ae62425d9a
SHA256627f25fd552c80629e3a2df78fed7566b39efcd8710514dd5f329954389e6e9c
SHA5128cd087497fe69b220eba9d710658ec998dd75833c2291e964051d08a24fca4d300ffe5f3faf76f34b1bde01c7633360ba86a99128d1ad5118cf3d7f4f9f02fca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top SitesMD5
f44dc73f9788d3313e3e25140002587c
SHA15aec4edc356bc673cba64ff31148b934a41d44c4
SHA2562002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983
SHA512e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksMD5
3b71230d29b762eacc85a38f4d0664d8
SHA15148a126c468ccbf3514f9530b73d27e4a4c860c
SHA256f5cf7a88408837ba15e89ac012878425036ce6b3960bf77ba247c0c61403ca3c
SHA512a28a91d746d5a4cdcccabb92b5405d1bcdd3858e03acefbafc368a0f8a3062cd84e08d6e47ef1b42d61b9f64b87458621f809ef1f926b13a5d162760db0ce59e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web DataMD5
f70aa3fa04f0536280f872ad17973c3d
SHA150a7b889329a92de1b272d0ecf5fce87395d3123
SHA2568d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA51230675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbMD5
d9f84c8cf73422f2ca07d7e7462b9534
SHA1cff6e092bf5bf1f3f47b7074847e204042a881ae
SHA2565bf7b14dde109f722782628bbcf3011a23cd2416e7621a62b49ee0333cdec6c2
SHA5121ea893c62d64304c35b9086e2c7e760716ea5ce220bafb76632670fcd2f97eca5c6693ff98004a861b190060c47c9d97ac92b41e3b1da1a4e8f89d9638548c38
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-walMD5
0af8f46a65bcc26f260b987607a2e1c9
SHA14f94bd8e35e6e12605aeadf80a37d11ed7026cc4
SHA256ab39be9e7d8faa18cd520e7138ed1d50b9e556102584f9a4db2f8384330faa52
SHA512a352805a2e439a975d9c23c1845189b7580b3ebbc7058e88e8b3f5830d9b6ff2a6b02f89eb27edc2c908e5be8756580fdae5004329961aba4a7634f2d357b082
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENTMD5
46295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOGMD5
8f4fdb2965d489ee967f356b86187828
SHA108d95f30f485a578ddce70cc3b9a26504ca308a4
SHA256548415443f65a5a8d0805f606cc791007df3634b0a2eb45d1d14e7228a0ca7f9
SHA512abd8b17b7b9824648e86d99f7398eafb95bcb922dc420cb0160f8e08927b6e666cb028e4f3278e78cfcca16b4a56597db0c229cce2b56f8f34f638b82c4c30e5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1MD5
38888eaa712236d16beccdcb666c903f
SHA19ce96bc5703e52e784b2c4439b0d8e2f51efc737
SHA256bfaef223524e14844c2de0b8d4e6b13dfef375bdcffe764f9120d6629ef56511
SHA51224e4072b4d67a3bfd9944302cb9a201388a6290f535eff7594cfd8c3b84401ab21e11a3e69fcfbc9397aaae68ff15098cab6b941ed95475f9c7e39e12facfecf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionMD5
838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateMD5
af64fe692698446030e843b9d9cd2456
SHA13e3f19553b258b0e911aa6fa001f01c8cb585a88
SHA256121eb1ee54123728eda7536ce529fe31231800229ac9a0201e71feb7614a5225
SHA5120b398a6b75f3e37e80866caf1dfb7950e7cdd27d7d0d0776ad870e342b806f3f7a53b170a91819ae383cae4f9ae2154fc6a0ce5c6acd21bd4ff11aec29598926
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1MD5
428039b3dc8e99d09295cd8c1150b11e
SHA14b0e83a41ca7ba45983159cf6b544aba23f96dcb
SHA25684c277313513f5cb812b0f12fd37b0252f8c569e94804345b8d27d854eca02c6
SHA5122a58777904d9d1d4c9d700f7feffcae18aa44b62510453939c8646ebd5e44c683d7390e974b47fd9d1e6938170f2cdeb91121d13d3f3ed830ee8a9de4232bb5a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettingsMD5
f222079e71469c4d129b335b7c91355e
SHA10056c3003874efef229a5875742559c8c59887dc
SHA256e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00
SHA512e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1MD5
6698422bea0359f6d385a4d059c47301
SHA1b1107d1f8cc1ef600531ed87cea1c41b7be474f6
SHA2562f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
SHA512d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUrisMD5
984187103d18886cfb2878d9cda02c25
SHA1301c3fe776534397878770f8b50008963d8cf06f
SHA256c544940e087e86b2ecc55d256cfaf73d7946d0c74461506682e7d5b3d1a4494c
SHA512135d13b3eb7f4b7537ad69a77c8dea398a0b886e88aeb0e022f704e6f3d9e7e5170af764d7f13aeb3cd89a5b8670a4bc5dbde77d1d09a7e471c4e7721649a224
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637814432828029560MD5
cd50dcca50e0fb832616657b64b04af5
SHA18da4d89b7db245fe38b5cd437b8c492ada42971d
SHA25677fafc40bd5eddc2c139ea01d06369caf12a2160d304b287c718ecf174190ef9
SHA512849badec5e62bdfa3c47a983ba5307d72c33266a844733793988ed1d77eb2ed3f37397610e5ce692cfe776eef8882a01a71a88f2488746a46d117718e31afe40
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTrafficMD5
ce545b52b20b2f56ffb26d2ca2ed4491
SHA1ebe904c20bb43891db4560f458e66663826aa885
SHA256e9d5684e543b573010f8b55b11bf571caf0a225cdea03f520091525978023899
SHA5121ea06c8e3f03efdd67779969b4cdf7d8e08f8327298668a7cffd67d1753f33cf19e6995a3d83fe45185c55b950f41e48ac71b422b91e8d0180b5bdd07cfacfe9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_637811103879324684MD5
a7aab197b91381bcdec092e1910a3d62
SHA135794f2d2df163223391a2b21e1610f14f46a78f
SHA2566337fe4e6e7464e319dfcdadf472987592013cf80d44916f5151950b4a4ca14b
SHA512cffd7350d1e69ada5f64cafe42a9d77e3192927e129f2903088b66b6efc9626b5d525aedca08d473ad8fa415af1d816594b243609237dc23716d70a2ca0eb774
-
\??\pipe\LOCAL\crashpad_2024_HMZUUYJJHJOMDIBZMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_3612_MBWWYTGOLVNTJGXHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2528-158-0x00007FFC6DA70000-0x00007FFC6DA71000-memory.dmpFilesize
4KB