Analysis
-
max time kernel
1187s -
max time network
699s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
17-03-2022 10:46
Behavioral task
behavioral1
Sample
a5cb603ebc2d7b38880a74aa04c108e4b037c0f543e07710ff01af3eaa4583cc.pdf
Resource
win10v2004-en-20220113
General
-
Target
a5cb603ebc2d7b38880a74aa04c108e4b037c0f543e07710ff01af3eaa4583cc.pdf
-
Size
633KB
-
MD5
65e91f3e08d64db3f61c24841b289e97
-
SHA1
6b45950ffc4b71a03f155c0971a8ab0cd93562d7
-
SHA256
a5cb603ebc2d7b38880a74aa04c108e4b037c0f543e07710ff01af3eaa4583cc
-
SHA512
5a0c847d7ec89e8d3513f6792bc94429aaa1f23b6055a5a1ac42815f27953502af6d85b55c5cd7681d3660641a73edf0b1ab612f289dc9e0f463e1a90dd338d3
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
AcroRd32.exemsedge.exemsedge.exeAdobeARM.exemsedge.exemsedge.exeidentity_helper.exepid process 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 888 msedge.exe 888 msedge.exe 4052 msedge.exe 4052 msedge.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 3952 msedge.exe 3952 msedge.exe 3328 msedge.exe 3328 msedge.exe 4204 identity_helper.exe 4204 identity_helper.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe 4080 AdobeARM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
Processes:
msedge.exemsedge.exepid process 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe 3328 msedge.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes:
svchost.exedescription pid process Token: SeTcbPrivilege 1476 svchost.exe Token: SeTcbPrivilege 1476 svchost.exe Token: SeTcbPrivilege 1476 svchost.exe Token: SeTcbPrivilege 1476 svchost.exe Token: SeTcbPrivilege 1476 svchost.exe -
Suspicious use of FindShellTrayWindow 7 IoCs
Processes:
AcroRd32.exemsedge.exemsedge.exepid process 4208 AcroRd32.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 4052 msedge.exe 3328 msedge.exe 3328 msedge.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
AcroRd32.exeAdobeARM.exepid process 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4208 AcroRd32.exe 4080 AdobeARM.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4208 wrote to memory of 3908 4208 AcroRd32.exe RdrCEF.exe PID 4208 wrote to memory of 3908 4208 AcroRd32.exe RdrCEF.exe PID 4208 wrote to memory of 3908 4208 AcroRd32.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 4328 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe PID 3908 wrote to memory of 1496 3908 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a5cb603ebc2d7b38880a74aa04c108e4b037c0f543e07710ff01af3eaa4583cc.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4208 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:3908 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=36A34F426D9A63D06669A13AE84E103F --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4328
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=88A1788B0BABB1DD09AACA58D8AB1586 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=88A1788B0BABB1DD09AACA58D8AB1586 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:13⤵PID:1496
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1BF6C9A5375FE24A050EA96337568386 --mojo-platform-channel-handle=2172 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3932
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=06A5C2E62A8F7A4407AF9E8A533B0C44 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=06A5C2E62A8F7A4407AF9E8A533B0C44 --renderer-client-id=5 --mojo-platform-channel-handle=2184 --allow-no-sandbox-job /prefetch:13⤵PID:2292
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FACD752879FF19D6282ED510A445734D --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:5008
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=72BA55D2980C5435A10204D0B6249BCC --mojo-platform-channel-handle=2608 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://icedrive.net/s/xWV9NgtXNuyaYQB4FS4iPPxY6Sbu2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4052 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc57b146f8,0x7ffc57b14708,0x7ffc57b147183⤵PID:4280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:23⤵PID:1308
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:888 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3132 /prefetch:83⤵PID:1828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:13⤵PID:736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:13⤵PID:1240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 /prefetch:83⤵PID:1868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:13⤵PID:1048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:13⤵PID:2420
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:13⤵PID:3616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:13⤵PID:216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:13⤵PID:4856
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:13⤵PID:812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:13⤵PID:4160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:13⤵PID:4884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:13⤵PID:4872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:13⤵PID:3692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:13⤵PID:4232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:13⤵PID:4200
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:32⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4080 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"3⤵PID:4792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://icedrive.net/s/xWV9NgtXNuyaYQB4FS4iPPxY6Sbu2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3328 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc57b146f8,0x7ffc57b14708,0x7ffc57b147183⤵PID:1288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:23⤵PID:736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3952 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:13⤵PID:1204
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4048 /prefetch:83⤵PID:3148
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:13⤵PID:1300
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:83⤵PID:5084
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:83⤵PID:1028
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4204 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:13⤵PID:4920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:13⤵PID:2664
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4908
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1476
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s camsvc1⤵PID:2800
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
a23f526a3d128046ecf8d4d1e168672e
SHA12542f3631502c8aa1169cd4f557143f542a956e2
SHA2567efcdba4e26aa8209db7ac59bed97a809693ca62355979facfff2b7a264c48c9
SHA512c7bd8c86234ca1dc1171b29b8eb605d467fc3801c12f1f5406a40a6919d5fd4ead4cf5e0efbfbcf7a02b7615b527b97f3a6fb24734c968f135ed50a499387c0f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0MD5
3f284cfadf69c61be42b32b2b2cc9d61
SHA14a97cd3dbd7c565b111dc226d2d6dde585e1bf20
SHA2568d5fe9c3661b8f5b225933cb56c195380e1919b9149a7b2652a14183f823ef22
SHA512e02412b1abc7b57678c37489146f76a7be5d07d5f4378dd7b7b24c6c7f68d41c729fce749baa3e5ba8ba166736cb54a8e4fb68da2b7fe707e527114883331af7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1MD5
b4f29d0ea0a13409781bbad259db306b
SHA1f374012ab63054744cad5dc2faa9735313161d30
SHA25624052be02a4ee42a76240a302ba8046f0c8d7cf8a3f9828fec12e51e041cc769
SHA512415b1862e4f7c455c2046adcb4323d053eadf62b72a8832c7b7da66e87839284e2e4d361d933e3705583fa1284485c8e5762d055df49e1fa3fa6101081ded93a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2MD5
5f52c86a318d1b746822fc99d0e66768
SHA173e5253785afbfb7c9ffb08191148ec50071bdab
SHA256f17fed83cb99f1170d0368b0d607e80bf46bc073b8bfdd4d5f33ade3da104aab
SHA5127647e7633c6ad06b5489ffd3c05bc18498fd1755a9df493cf42aee73dd7132021c79afbf4b4b241372f7b19e06261054e8ff3b1eedc70253d24f969a2efb938a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3MD5
65cd93c667c82d079cf011a8000c352c
SHA19e69b3fa1914f287ea66d9532e26de1cbd2fdfc1
SHA256890c1115a85b8360304327e5a9a2a3014b65b4ec22461fa326803ea7dff53d3a
SHA51208832a9959c9b42915883bc831ffcd0dbeee3dc386701cf98942180776a3d29830e6e392290fe6e2860e33735b93cd6bb6a36365c52a6de2216676f48563803d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\indexMD5
1bd628afe96bdbd000f88f9b95c722e9
SHA17de32237ff32e25388a90c926228b8f81a5e7376
SHA256d2e19700f6ce7b2351a51d1cc4fc3a9e9fd8f301b439d95e3c1f4b2160ea3ed8
SHA5120b8ac7dd47658888df52306eae21a5d3e98a203cf5108bc53b540d62fda14e01c60940ea03a4dc0b4ee8ad5731d2265225519228de1bbc4cbcfc7bd92a9d8ff5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexMD5
b516b6fe7a69f9ecfc874090086f1ca8
SHA1bad44a60bd7ce786dd88b885dc4117883a74b43e
SHA2568c8bc428e39ab2ae4192e0d59a3657b27623707579f1b6006d379dc3be68ae72
SHA512e2683aabf8a24afd227735127268e4a9f227ac2ceb101458f5c8f5e94b5f4a70a6b8351186d6f21e214ab10ee633620e2c76a50bd3368c9d3fb2dce9fc99d846
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-indexMD5
df54585b56ebc1de1bd895df0f13a576
SHA18febd9b61bf0c04dd427b9846d599fce82827c37
SHA256d54fb9adc41a9f5db1c3d9c2847327d4a2015c9345cfbf878dfad14126950c1a
SHA512af6a336abf2eb2742203ade2a185e98e2f18af35e843a673e884c764596d5e83dd5078d40ffe1bbdab74ba7811c6e4ef90cb5879ba2a5e6d02ca50f488b7cfe6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CookiesMD5
829d77e7d1a21ed479bb9a4992db3541
SHA1b94164603c4261a0a8de3b62a28ff948d603bccb
SHA256fda9694089f4da9837a136f66a4015150f835c679996859d0c99a14d46bdb95a
SHA51254d909ce1ef7ca01a64b24da244ffe927a9943ebf1c15ae2093b36890e40fdbe6df9d5e9cf2e79427f6adeff9ba4cb885277031f633f61e5cfea7279aca52794
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\FaviconsMD5
4fa968317da5f16b13461c95bbc83a8b
SHA1940d36233d0b66cd66b00dc57e9f4dd1f7a2d6ae
SHA2565bb3be10a0d91976db2391d8efe6619fed1deb15a148e6b922ceeac449291b4f
SHA5123740047d270006b4850a05b62f4b484e454ca11817b937dac50e11619458b08c163b2ef33c09b477197f34c4d59af1f96307c006bc45171c82987ea9a891d0df
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0MD5
cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1MD5
f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2MD5
0962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3MD5
41876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\indexMD5
6f05c7f1cf3a918038221215d357154a
SHA15b06b75098aaa475597f2996551568268f1cb666
SHA2566d3ada7ac15e4e37ea4c34210ac756bbb267c9035288ba4a9f01d52067a68d24
SHA512e623f74f50d9f48b1a6ba2524729442bd006605ef471ca84621d48dc2118205f588345035403d76a09ed52ff879fd35bcec631b8b886d6d659e71df0869cb4bb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheMD5
a9851aa4c3c8af2d1bd8834201b2ba51
SHA1fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA51241a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOGMD5
b9203b5324a1bc7ad0f6ac5af71d1465
SHA1299d3e38e280af3131db35e2bc221ba4e7c9663b
SHA256e31e12e2682d44c89de20cd84608be511eb7f2bb7c7ed13a57785ea39373680f
SHA512c977b938cbea5b53bb97e732f0d2deeaa30616b4d47dc82e8d6e7ea16c0a844db28eb00a799fc2d0ccbb11100900566d94329cc5a43a9f2a21c11ac459bd55b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesMD5
9e459d80f503dd0048721870bf23a1a5
SHA12771df6466538f0f14180bc4cd4a59f55cf39298
SHA256ff0c7caa5c75c683263c2981b33807d6249603c31a86219383432423239a5da5
SHA512de2dea7b0d21e8b74059875f6cfe806aea3fa0bf40b6a2871f3dc4de66ed88c123fa68081d91d7cb250052e01146ef01d4c9005f01bc75301f3552b99452d6db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesMD5
75ad9110e37abdf7094c77f3e6dfc918
SHA19020730439b56964d81d7661310dd56a45f889f1
SHA256c06ef9ae8e2fcddfe6931ae04564cafe32b800fff092d0abd8d7181dbca257a1
SHA512a1d8004d74b717b4ccf949b2e8ae1d77a01855c99ef9748c6f40ef393132199e2d31c1389a998bcb253add417fe2fe03c8d90ae9ae9c80c6ccd71d97fa507a22
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.logMD5
541c42f1c98b3e1b011d22eba854e707
SHA1db30188de1f22e3077e7044be1386a5d0ecaed9d
SHA2560768e811c51ac61a8e573ac6b53f89dbb1d89eb2fcf62536a9a5f730329c584b
SHA51247828c1b40deb8d37d6ff4fc8f7673fbb59b40e07f54f0fa4121b91941160134c251e20f7f28f7ee5185f3c8aee2b7e95a1bef573bc64c68912016accbe90604
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENTMD5
46295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOGMD5
c42783e4e128b3f433ac2eb835236b71
SHA1ea00c3d67fd6cbb83b979c16ccb06cd7f4dd4e33
SHA25605f09d085fdad658c6b037aaed6a272866bcee7d68779f2cab775065038ff2ba
SHA512441e1a275eb09f0c23c94620feee4198a346e97827abaf683ffd9647d78fe46a6dc599c00b64aed5b10477d118342397428b433e7dbda9fa2827a1051275df9a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001MD5
5af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13291987637422396MD5
121b8e31b72c6f35f31d619cadfc89b1
SHA12283a2289a857fed8b66b5b9023b5575328628d9
SHA256b989840af024a9ffd251765cba0a7fc432bd1e1e4049f1e08bbb3e816ec21ba2
SHA512a19f8db8cf5dd8006b2f9c3c1599e7e36d2a3087b20af6b0968b5b92e2036b78591c0e53254ec611ad603e02cefb1f02c37efb8c3e175c5cefa03aa817d64422
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.logMD5
19c5580b1c4d187b240a732f2cf56da6
SHA1dc37bfa3054c5afd7600c9058a7ae2bf4393d06c
SHA25683461b1bb1f35ddda37d822e9986dbec5490a9f7f261cf4ba0971768327b0672
SHA512ab4ea41ee111d38e625aa71dcd7d0fe8aa6d680ee67c21b75a622b6dfa935a37ed7a69508178a1fe3db0ef4fa73bf8f2942ebbb4deca51761388fad2643723b0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGMD5
99e911f6e0260a31d0abc56df25c0b40
SHA1e6c893a308dc310087020652c9d5b635c3cc4c35
SHA256c43cbfbb8cf62fd0bbe7321d695348db1010eeb95ebfe1fa840e698573a4167c
SHA512d692608a32858e84fc36506cac4b227b64c7d4340e540be28a5b744bcbf93a62b55333a9bd66e0197bdbb3b176152c3002096dd067ca1e593dccab1082e107fc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGMD5
3d3c198f42144ec00cce06799e8eae7a
SHA1cb5411b3d1f3bcba8219597b33a022eff04d691a
SHA256152cd49d929b217cdac890613b356e185b2cb4f9cd7fb2349b5569f8bc653ef1
SHA512e3a47783b95cd83cb239f6994b4d6e4815d4d44ad35c3782e464b494bb1bc82f77cde62991dab8e2d8ba2438f933d37af36767904ed47893449541b47e26aac7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top SitesMD5
f44dc73f9788d3313e3e25140002587c
SHA15aec4edc356bc673cba64ff31148b934a41d44c4
SHA2562002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983
SHA512e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksMD5
b3dc6c37777919805c89e5c95440a304
SHA1657cd841210e8ef0d1875654514185a20b735bda
SHA256c42ca895eeb87095e766ae9f360ed06b124fd4aa54fdf080ec23798870623081
SHA512fe5745e3cac5718cca06e7b5359b2e25e3dba3ca1a081cec94f0434e89cc1ed5172d6ce47961d1685292c12290be38b07bdb87474ec5c719e9360dc4b3cfa155
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web DataMD5
f70aa3fa04f0536280f872ad17973c3d
SHA150a7b889329a92de1b272d0ecf5fce87395d3123
SHA2568d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA51230675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbMD5
561d3972593647b20d3ee85d7d6a3e0a
SHA1f2e560122596c02f3fb0c987470ed7ef27433ac9
SHA25682457993ff5483f29bcedd550bb9ed7dd0bde03a7713e04ef60e4e4b111bce69
SHA512a3c2809df48680a1cdbe1efa9581e0cb126077a6881d9535aa37e89953b146335e13c3346b71937d8236a92d4b9b184eac7cfcfc3d8eb202bf90d80f2530378e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENTMD5
46295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOGMD5
59f0bddf743733335ccad925182e3c58
SHA172dcfe4af138f35565598aa39efe237c05ec4bdc
SHA256c08ddd60259d527152ae501dab880035857019d69f2450bee5cc907b3ea369d6
SHA51293793decdd0d4fefeba147e53803ef28de545e5b12f8dacb3ad145730d76aff177836f54c7f20a72088fb78db2f76cfd2673675316cf6ff399cbf4dabce5a0a9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001MD5
5af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.logMD5
2e19a9040ed4a0c3ed82996607736b8f
SHA15a78ac2b74f385a12b019c420a681fd13e7b6013
SHA2562eeb6d38d7aad1dc32e24d3ffd6438698c16a13efd1463d281c46b8af861a8ce
SHA51286669994386b800888d4e3acb28ab36296594803824d78e095eb0c79642224f24aca5d2892596ac33b7a01b857367ed3a5e2c2fb3405f69a64eb8bf52c26753f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENTMD5
46295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOGMD5
55a2301a1dce04ab5ad5dffaec1d1507
SHA1b082630cdbaa5c7df58cbafcf6ac47cb83393e5d
SHA256d30514d42b8caf16492d4957a0b470526eb9046b85989fc640555809256f4069
SHA512ff1cb6ab0a6d12cd80439ed6bba1502b8693e3265389e895a53cbd3eff4bc9954a8b5c9c05f09ebc5631f0452ae368e24a05e01e1c7be845187ecc22f5a4decb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001MD5
5af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1MD5
f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionMD5
838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateMD5
12f86f72c055e4f6384bad0d117302a3
SHA191154ac74cea4ce2eea4f0515b8614d7d216a88f
SHA256b1d656a75b0935d6cbba2c65aeda45747a4dc490f3863e5c99021dfaa8e7fcd9
SHA512bddfa495c6fefad88e048eed985e69f1adcbc36d50013acdb11093d547cd39f913b304b09ca46afe52b18d9e823e2bfb1118d1f4e8dac95d115f66952b6f918f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1MD5
f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
\??\pipe\LOCAL\crashpad_3328_VWESHNWDFKSYXQLIMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_4052_SEOKIQGKAZENHSGNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1308-147-0x00007FFC5F770000-0x00007FFC5F771000-memory.dmpFilesize
4KB