e34006141c32e88bf9e7b9f42b69744a0a83d28cf1ae204bb82c1e15f468e865

Analysis

max time kernel
151s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-en-20220112
submitted
26-02-2022 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fezolajavamiwozu.pdf
Size

291KB
MD5

6f3e481c8125a4fd367ddfa7cb0fa258
SHA1

9e9b200e1a7cde4ea9e5ba7c326ffe80b1320caa
SHA256

e34006141c32e88bf9e7b9f42b69744a0a83d28cf1ae204bb82c1e15f468e865
SHA512

dc66cf3281ded870a181b5d2e2aff6e5b22fc21b0fbe653cae0b5d06c90aaab521ada1613a5991106c9c894e0768aa62205bce3e561f6bd24990ba4635d0c769

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window /prefetch:5"	msedge.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c1818540-7641-456d-abc1-900503db469f.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220226045002.pma	setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-790714498-1549421491-1643397139-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeAdobeARM.exe

pid	process
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
116	msedge.exe
116	msedge.exe
2024	msedge.exe
2024	msedge.exe
4860	identity_helper.exe
4860	identity_helper.exe
4876	msedge.exe
4876	msedge.exe
3612	msedge.exe
3612	msedge.exe
4068	identity_helper.exe
4068	identity_helper.exe
3744	msedge.exe
3744	msedge.exe
4588	msedge.exe
4588	msedge.exe
1560	AdobeARM.exe
1560	AdobeARM.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AcroRd32.exe

pid process

1912 AcroRd32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
2024	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AcroRd32.exe

description	pid	process
Token: SeSecurityPrivilege	1912	AcroRd32.exe
Token: SeTakeOwnershipPrivilege	1912	AcroRd32.exe
Token: SeSecurityPrivilege	1912	AcroRd32.exe
Token: SeTakeOwnershipPrivilege	1912	AcroRd32.exe

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exe

pid process

1912 AcroRd32.exe
2024 msedge.exe
2024 msedge.exe
2024 msedge.exe
3612 msedge.exe
3612 msedge.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid	process
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1560	AdobeARM.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe
1912	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 1912 wrote to memory of 3036	1912	AcroRd32.exe	RdrCEF.exe
PID 1912 wrote to memory of 3036	1912	AcroRd32.exe	RdrCEF.exe
PID 1912 wrote to memory of 3036	1912	AcroRd32.exe	RdrCEF.exe
PID 1912 wrote to memory of 2500	1912	AcroRd32.exe	RdrCEF.exe
PID 1912 wrote to memory of 2500	1912	AcroRd32.exe	RdrCEF.exe
PID 1912 wrote to memory of 2500	1912	AcroRd32.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 1988	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe
PID 3036 wrote to memory of 2000	3036	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fezolajavamiwozu.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1912

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:3036

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=306AEB706FF7586AE6D254F652A28D4B --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1988

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=46057CC254523CE618A26C344F2A6595 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=46057CC254523CE618A26C344F2A6595 --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2000

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CF232584DEC746275EBA11827FAC8D45 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CF232584DEC746275EBA11827FAC8D45 --renderer-client-id=4 --mojo-platform-channel-handle=2188 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4068

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C8B100CE64AE158577D0E686B4395EB3 --mojo-platform-channel-handle=2572 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4000

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=959E8B8267C991EB7914909B6312870C --mojo-platform-channel-handle=1832 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:644

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FFF6EB56A2BB9997888EDC0DD3F4A5CB --mojo-platform-channel-handle=1968 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2900

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0A29BD69A1F5BC8AB8B9F546C584158A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0A29BD69A1F5BC8AB8B9F546C584158A --renderer-client-id=10 --mojo-platform-channel-handle=1924 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2472

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:2500

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:3
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
3⤵
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.adobe.com/go/SetAsDefaultPDFOwner
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc514846f8,0x7ffc51484708,0x7ffc51484718
3⤵
PID:768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
3⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
3⤵
PID:2528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
3⤵
PID:4156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
3⤵
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
3⤵
PID:4380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 /prefetch:8
3⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
3⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
3⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
3⤵
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
- Drops file in Program Files directory
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff684955460,0x7ff684955470,0x7ff684955480
4⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15672192983395746162,2630620431422165270,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
3⤵
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yoyep.co.za/XSRYdR1H?utm_term=fish+protein+gel+electrophoresis+lab+report
2⤵
PID:4216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc514846f8,0x7ffc51484708,0x7ffc51484718
3⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yoyep.co.za/XSRYdR1H?utm_term=fish+protein+gel+electrophoresis+lab+report
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc514846f8,0x7ffc51484708,0x7ffc51484718
3⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
3⤵
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
3⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
3⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
3⤵
PID:4128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
3⤵
PID:1688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
3⤵
PID:2636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
3⤵
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
3⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
3⤵
PID:4772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
3⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
3⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
3⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
3⤵
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
3⤵
PID:1008

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6068 /prefetch:8
3⤵
PID:4652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
3⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.PageScreenshotProcessor --field-trial-handle=2232,13438359713317493875,2584969550919387140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5124 /prefetch:8
3⤵
PID:100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:5
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
PID:3744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc514846f8,0x7ffc51484708,0x7ffc51484718
4⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5831486879748155363,12947836071705074504,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
4⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,5831486879748155363,12947836071705074504,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
4⤵
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,5831486879748155363,12947836071705074504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yoyep.co.za/XSRYdR1H?utm_term=fish+protein+gel+electrophoresis+lab+report
2⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc514846f8,0x7ffc51484708,0x7ffc51484718
3⤵
PID:1464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
MD5
86a32d47ca116aa438d0a2912b204172

SHA1
b57d18876a9a47fa3f9f0fd54b4d59ea93beeb8c

SHA256
72aceea3769d7bab11bd4ba94d02ea757b5bc4168daaa021531dfd5ec8930505

SHA512
d06607d42014fab5c8117679882f4b20bc8165b97580a3d22b2c91a4adcba090a676c6c7c1df0074245e0d1df4e4adfa956ff881cfe54f810cffb6565eaf434f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
MD5
b2cdf2cfadb0a653ee13c4cde11b24f1

SHA1
6d1bb491bbbe6d67d0a32231d56ac9b8d2bb5660

SHA256
19232586bdb7e6d40ba77e262c9df371ecccfac547f947b5c922c0f55595a82e

SHA512
5828dead75abecb76592f3d188ff0fffb0c7f7a3b7282ef9f69fe9589e2fcb9a416b58868684b7576e5ffbf8ac2137716c08022a0b452a83168378e9ca900219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
20414aeba12cfbb2519e20f7204d3f04

SHA1
952c003b8f5270ab611447e4a0ca978e889bfbe8

SHA256
6ae50e5220fa511379ef3c1627ef8c3837eb12f61a7eff0f083433f4f8ddd6f1

SHA512
19de0f26dbe0f36094f9f7e7598b759807cda0944413edce0f8785e5b291f8c81d0b80fbe7f8f2a124c3b637a34fe711c68435be27e42d2d8b4518a7657cada9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
6540a7891bc5e51880273f33c1778fff

SHA1
97e635990e8b2200c4bfd423c0506e0836d7fd93

SHA256
00eeaeecfb9e14329177a0efa32e2e1fd2edf08255f88ec94dca7951eb4d8057

SHA512
dd301b148f1057ef124c0a870079583f59d1f2f9ac9434f829044702b3fbb270ef8753e1e69738d902246dbfd7670369238626331d46f96a26af42d5aca846f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
6540a7891bc5e51880273f33c1778fff

SHA1
97e635990e8b2200c4bfd423c0506e0836d7fd93

SHA256
00eeaeecfb9e14329177a0efa32e2e1fd2edf08255f88ec94dca7951eb4d8057

SHA512
dd301b148f1057ef124c0a870079583f59d1f2f9ac9434f829044702b3fbb270ef8753e1e69738d902246dbfd7670369238626331d46f96a26af42d5aca846f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
MD5
a81fb47c7260ce46c8654f7f3babc703

SHA1
a2d8406accc6483082a4ac2ad5586bc76b676766

SHA256
60a8eafccba838786a97cb6d47d89ee86e7b30c9be200044cd5e1ed03d144ddf

SHA512
468882c82514bc67ac3984e90661e64df48194c6a6b6e031638ff3c00108c72f01d8faaa5d05ca9bec1f1d9107834708445abd61b3595fd986c3981482904e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
MD5
60c9021c5a96242d6613122ceafb2d76

SHA1
b419f9f873671a374a86c0bc8df3bfa636d25bc1

SHA256
e2a718e2f37fd09ebbad80a4404c7f063c9ca78e77721b538c2e819046456e0d

SHA512
76caf05e8c3e484465e6d448f3b9f093d407d6d4f23f9fba41e0e8254f9d7d5536d11726aae8fe967a859ba7ff0d72e3d1a284cbab05b0b088754e7d2c70f53a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
MD5
239c2f2fb3677a81418a718d34c73f45

SHA1
32d192254602db3394f2a78e7affafb83ea3d2db

SHA256
79ea55807b98e511c6f5ff3bc6dc79c3150d95c1489b7926e2643a929dbdbf1e

SHA512
e0a4b212d96f358c7aaa9aadb880f576c91025601d34c6075a187ffe7c54321864650112ae4295f461cca73e46b717892a6a91117554f651e78f51b11c6fbf31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
MD5
ecc044b47d4021c6a14dac89b25c9482

SHA1
6a1157bb8b63cab608f1c03e13a3bd41d8f19da0

SHA256
ad174f1f4c6708b1dc25bb7706a01f0ec1c91af5ece4b6b20436f66ae59e3b9c

SHA512
7385d22cc0dae2c15d994e36fefe465250f82bd33c237fdac1bfe07d93df9e8fa2e3030e58c850de828e2f5d8bb35d9f9a294eeaec1042c1a5c47cae67426363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
MD5
7ca4c69cd6eb85f176da37132d1c450c

SHA1
6bd11897a8b6a231fe0239dc07df14d7a0bde42d

SHA256
056d51d9c5008b2f2d695d64b3bdb62e1d3939be3caeb1901280e110528a1b8b

SHA512
ae6632e334e3100b51c09f31323d078b512ba9495a8371e59aa10a64aba352eabe3367c308af759ca18fb175440f178be80e53597a2dd4a8c3611bb21397595a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
MD5
e1efd9c708eaaca5d056e862db2e62b5

SHA1
d12a1a3d78abeffc2851b2e4b525ee94d8fe7948

SHA256
b2f759b694d6d0b7c47e41c453a8e7fa43c3256b9cc11b7c54eea6c2f5bcea42

SHA512
80d554377b1230754ea74fd2d22244b3f3027ed78f75e984ed42c1eeea2a774185b864f5958fadfe570c26a7695a927a0bb965b99b4300bf24a79091d5c45452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
MD5
1054dfd141e27ed6ae83c8b7a4d5afff

SHA1
fbcbf02d0b6d42841d6e0da7d722c98dc5da999e

SHA256
61d9df5575035422ef61a078a3638e590d6d7f81540c32e57620d006b72b09f1

SHA512
67499d6e5b81685a5d16d5efd441d9979bcf7288ed178491ceadcd2b05389bb46440de924f89be1dccb97c045cba7cd5ae3ada7b56c7720eafb5e81c18751054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
MD5
8e01c0a30fd6de3568c62e2c0f5aa82c

SHA1
038bab7d8f235f0773cc5047f286a2c8037cb77c

SHA256
4e304f5688b54e4619d4667a4d086857e9d395de181e7dbc34cfe4d04c5642d4

SHA512
4b3de36937b1929bbe4f98ffea728ffe736ccad64e36aa68899b05d6ec387b40934cb0f3ab2c6fba542358e65ac90742c6a21da9730ead63cd2b632415bb9d2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
MD5
af03ce5403d3cc6784de1b00be68fae9

SHA1
e1c730866dcc0d068f7b241c19d04d9966add300

SHA256
a533b30f03f5cf6f65c237cd282c08e4575ac984ce8ec13d8e3314550d009449

SHA512
1efda327c7cdc84bc4b0149589fa965fb76fd8a25d999baed886b2e5e8798aa626b32d7c314b20417f2416c98eed4f148aafd2fd0217d0f7dca9e9d40c1c23b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
MD5
d45638a915bb31dcc50634d692975c56

SHA1
9461bbb98bd3e68bb79bd1c67184c82c039bb2f1

SHA256
5ede20b821259bb139cc6d72d763910163821023b712d47ffe92a98d7d9a3bca

SHA512
6b28773c0dee03612c3dc5672b0a80239ecb566d94483f11816287383d78a4e816ddfebab0c8ce56dd51971263e4c7981a975e637f859068eb074a495289d8d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
MD5
d0a80cc87dffd812005063539f82adc0

SHA1
be84898671a236c3619cee702cea29d36cf5aea9

SHA256
d20f180aaa6f7318793e2288d94af026b3c49842cc26b9a3452c1ea4868f674b

SHA512
9fbc096fe1233cd0d644f12777bb8c8009115082b61b381fcfccb18208119d23304a1605604f60a13d357a4ed1db4dc3bb9b17973e138dc888d893a07844f988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
MD5
e8b2f20ceef5bdcef18149d80d560807

SHA1
42d1ae06526a78d96cbb3279925f931b9f6990ed

SHA256
13d3c920958763374a0ec87d2250f85da8c728bbc63c8892e8320a1ec2aeaa45

SHA512
44a1f67b52fa94831f2faaf514fe75f6d47efcee40e7c413d7ffe0864e63acdf3321734b944e8ab5fc9b2166f2e9cdf6f3ad53de7995439dd14eb163dd3443f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
MD5
1e7e62dbcf212b9f9c04566235482ce3

SHA1
ce2612cf7bde73f91226586c871ac84a9d0ae16e

SHA256
3db1dd1226e29d3dcbf725948541b2c678d9815844f3173bf2a6ea05217906cb

SHA512
4abb297ed1f9bb2009b0ae97fcc1021ec45c6758766a59d61fc1ec3e4aaeb2190b503b78e979856a1945d0170616c9b2442dcc15bd8ed7c9967e94ca822cd7e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
MD5
528bc66193fbd80d3c6eea5888dca5be

SHA1
6353f2f034575eb0220cb598cc6cf967a0c32a20

SHA256
c91eb71658ed316b37fe0fc16d3e279fe1d69e86f3bd6cf437f358a752b7a00a

SHA512
0ee2066b8efe62ea5772189697b46c0945921721c7881fb38748e43fcd907a502b623573144f7ef5602ee0c0dbc4257316309ca39cb77d3e9268ce7fd830f9aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
MD5
04499a41653ab66bcbb0054189ddbc5c

SHA1
5578d60330e8805fc1d0302b04aec3812380424c

SHA256
b2a62be22fc6ff942ba213e2af9a7ed49c72483667a28f3dc2e4e281d4b3515d

SHA512
545a90528734e5f4aedf7574d97bae9442a48369eab558011576ea409617059114b85961a40271ee6dc8903ba2a8d100d176cab71cb23151f77f0303e4b0b8b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
MD5
fe437203501c4fc3b17bdf6d0924cb45

SHA1
566007a2f2c9d55ff5d24d32e35e5585a9cd58de

SHA256
74522224610acf1b06dd89250ebf92d054e5d5a7853d90c68be3a4be2c6d68b7

SHA512
149f0c1be5b82a46628378d0e9ce3ede106172d4aa986176f77d556b96767d0ff50ab06df70045a843c40f2c5653c83e2c2c328f91db865bafd83a46bd8f8dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13290324624114882
MD5
7e0fccd191a98500166b10076323381f

SHA1
d83808805f20d74a825bea36e93f2343fb14a306

SHA256
5bc9deacedec79aa1625ebf6ab3a62aa3bdd07e498a743e5c17c4fa4923f2eef

SHA512
2887b7bd5b06d594d4333a28a229d49b723f4ed584f7496884ee67fb5fd5c6aa5306ab5730a1bf015d07ae699a56046de22be239231ed6ae1bb3f1e5400754d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
MD5
94f03f0cdf7d9e12fe3b4921e51f782d

SHA1
082003a000619f31291fe560dc7c6f7a857a7ab7

SHA256
a874b9ac1d4e066379fd0d82167f263e6744865628be769a28dd62d392285bb6

SHA512
fd48f76721550857b8ebb3b67d4ccc27e3db67ffa273accf864153fa6d780183c4a7e7787c17125874263a1ee8453570ad971c4106955b2f268fe0fd604610dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
MD5
fbe785aaf15b76e728eb54a8fd2453b4

SHA1
04f939be9de7f63489921cd97febff951242009c

SHA256
8a734d0e6de16e97068e1278182e228cbe1e272d0b0e6a9b19331f1b015f676f

SHA512
00a3b50ede1e70552e5048e2e1a7882d5f10c45ad48f7d6de05369ac0cc67497679ac4b9eb2b461dcfdefcf1c79b37ad9cd044a1b1b9658b126c6c368a92b1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
MD5
82339b6d578b3368db309e6d882643ea

SHA1
ec389d4164c71541a20ba325697496ae62425d9a

SHA256
627f25fd552c80629e3a2df78fed7566b39efcd8710514dd5f329954389e6e9c

SHA512
8cd087497fe69b220eba9d710658ec998dd75833c2291e964051d08a24fca4d300ffe5f3faf76f34b1bde01c7633360ba86a99128d1ad5118cf3d7f4f9f02fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
MD5
3b71230d29b762eacc85a38f4d0664d8

SHA1
5148a126c468ccbf3514f9530b73d27e4a4c860c

SHA256
f5cf7a88408837ba15e89ac012878425036ce6b3960bf77ba247c0c61403ca3c

SHA512
a28a91d746d5a4cdcccabb92b5405d1bcdd3858e03acefbafc368a0f8a3062cd84e08d6e47ef1b42d61b9f64b87458621f809ef1f926b13a5d162760db0ce59e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
MD5
d9f84c8cf73422f2ca07d7e7462b9534

SHA1
cff6e092bf5bf1f3f47b7074847e204042a881ae

SHA256
5bf7b14dde109f722782628bbcf3011a23cd2416e7621a62b49ee0333cdec6c2

SHA512
1ea893c62d64304c35b9086e2c7e760716ea5ce220bafb76632670fcd2f97eca5c6693ff98004a861b190060c47c9d97ac92b41e3b1da1a4e8f89d9638548c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
MD5
0af8f46a65bcc26f260b987607a2e1c9

SHA1
4f94bd8e35e6e12605aeadf80a37d11ed7026cc4

SHA256
ab39be9e7d8faa18cd520e7138ed1d50b9e556102584f9a4db2f8384330faa52

SHA512
a352805a2e439a975d9c23c1845189b7580b3ebbc7058e88e8b3f5830d9b6ff2a6b02f89eb27edc2c908e5be8756580fdae5004329961aba4a7634f2d357b082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
MD5
8f4fdb2965d489ee967f356b86187828

SHA1
08d95f30f485a578ddce70cc3b9a26504ca308a4

SHA256
548415443f65a5a8d0805f606cc791007df3634b0a2eb45d1d14e7228a0ca7f9

SHA512
abd8b17b7b9824648e86d99f7398eafb95bcb922dc420cb0160f8e08927b6e666cb028e4f3278e78cfcca16b4a56597db0c229cce2b56f8f34f638b82c4c30e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
MD5
38888eaa712236d16beccdcb666c903f

SHA1
9ce96bc5703e52e784b2c4439b0d8e2f51efc737

SHA256
bfaef223524e14844c2de0b8d4e6b13dfef375bdcffe764f9120d6629ef56511

SHA512
24e4072b4d67a3bfd9944302cb9a201388a6290f535eff7594cfd8c3b84401ab21e11a3e69fcfbc9397aaae68ff15098cab6b941ed95475f9c7e39e12facfecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
MD5
af64fe692698446030e843b9d9cd2456

SHA1
3e3f19553b258b0e911aa6fa001f01c8cb585a88

SHA256
121eb1ee54123728eda7536ce529fe31231800229ac9a0201e71feb7614a5225

SHA512
0b398a6b75f3e37e80866caf1dfb7950e7cdd27d7d0d0776ad870e342b806f3f7a53b170a91819ae383cae4f9ae2154fc6a0ce5c6acd21bd4ff11aec29598926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
MD5
428039b3dc8e99d09295cd8c1150b11e

SHA1
4b0e83a41ca7ba45983159cf6b544aba23f96dcb

SHA256
84c277313513f5cb812b0f12fd37b0252f8c569e94804345b8d27d854eca02c6

SHA512
2a58777904d9d1d4c9d700f7feffcae18aa44b62510453939c8646ebd5e44c683d7390e974b47fd9d1e6938170f2cdeb91121d13d3f3ed830ee8a9de4232bb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings
MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris
MD5
984187103d18886cfb2878d9cda02c25

SHA1
301c3fe776534397878770f8b50008963d8cf06f

SHA256
c544940e087e86b2ecc55d256cfaf73d7946d0c74461506682e7d5b3d1a4494c

SHA512
135d13b3eb7f4b7537ad69a77c8dea398a0b886e88aeb0e022f704e6f3d9e7e5170af764d7f13aeb3cd89a5b8670a4bc5dbde77d1d09a7e471c4e7721649a224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637814432828029560
MD5
cd50dcca50e0fb832616657b64b04af5

SHA1
8da4d89b7db245fe38b5cd437b8c492ada42971d

SHA256
77fafc40bd5eddc2c139ea01d06369caf12a2160d304b287c718ecf174190ef9

SHA512
849badec5e62bdfa3c47a983ba5307d72c33266a844733793988ed1d77eb2ed3f37397610e5ce692cfe776eef8882a01a71a88f2488746a46d117718e31afe40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic
MD5
ce545b52b20b2f56ffb26d2ca2ed4491

SHA1
ebe904c20bb43891db4560f458e66663826aa885

SHA256
e9d5684e543b573010f8b55b11bf571caf0a225cdea03f520091525978023899

SHA512
1ea06c8e3f03efdd67779969b4cdf7d8e08f8327298668a7cffd67d1753f33cf19e6995a3d83fe45185c55b950f41e48ac71b422b91e8d0180b5bdd07cfacfe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_637811103879324684
MD5
a7aab197b91381bcdec092e1910a3d62

SHA1
35794f2d2df163223391a2b21e1610f14f46a78f

SHA256
6337fe4e6e7464e319dfcdadf472987592013cf80d44916f5151950b4a4ca14b

SHA512
cffd7350d1e69ada5f64cafe42a9d77e3192927e129f2903088b66b6efc9626b5d525aedca08d473ad8fa415af1d816594b243609237dc23716d70a2ca0eb774

Download Submit
\??\pipe\LOCAL\crashpad_2024_HMZUUYJJHJOMDIBZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_3612_MBWWYTGOLVNTJGXH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2528-158-0x00007FFC6DA70000-0x00007FFC6DA71000-memory.dmp

Filesize
4KB

Download