a5cb603ebc2d7b38880a74aa04c108e4b037c0f543e07710ff01af3eaa4583cc

Analysis

max time kernel
1187s
max time network
699s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
17-03-2022 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5cb603ebc2d7b38880a74aa04c108e4b037c0f543e07710ff01af3eaa4583cc.pdf
Size

633KB
MD5

65e91f3e08d64db3f61c24841b289e97
SHA1

6b45950ffc4b71a03f155c0971a8ab0cd93562d7
SHA256

a5cb603ebc2d7b38880a74aa04c108e4b037c0f543e07710ff01af3eaa4583cc
SHA512

5a0c847d7ec89e8d3513f6792bc94429aaa1f23b6055a5a1ac42815f27953502af6d85b55c5cd7681d3660641a73edf0b1ab612f289dc9e0f463e1a90dd338d3

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exeAdobeARM.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
4208	AcroRd32.exe
888	msedge.exe
888	msedge.exe
4052	msedge.exe
4052	msedge.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
3952	msedge.exe
3952	msedge.exe
3328	msedge.exe
3328	msedge.exe
4204	identity_helper.exe
4204	identity_helper.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe
4080	AdobeARM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

svchost.exe

description	pid	process
Token: SeTcbPrivilege	1476	svchost.exe
Token: SeTcbPrivilege	1476	svchost.exe
Token: SeTcbPrivilege	1476	svchost.exe
Token: SeTcbPrivilege	1476	svchost.exe
Token: SeTcbPrivilege	1476	svchost.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exe

pid process

4208 AcroRd32.exe
4052 msedge.exe
4052 msedge.exe
4052 msedge.exe
4052 msedge.exe
3328 msedge.exe
3328 msedge.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid process

4208 AcroRd32.exe
4208 AcroRd32.exe
4208 AcroRd32.exe
4208 AcroRd32.exe
4208 AcroRd32.exe
4208 AcroRd32.exe
4080 AdobeARM.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 4208 wrote to memory of 3908	4208	AcroRd32.exe	RdrCEF.exe
PID 4208 wrote to memory of 3908	4208	AcroRd32.exe	RdrCEF.exe
PID 4208 wrote to memory of 3908	4208	AcroRd32.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 4328	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe
PID 3908 wrote to memory of 1496	3908	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\a5cb603ebc2d7b38880a74aa04c108e4b037c0f543e07710ff01af3eaa4583cc.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4208

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:3908

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=36A34F426D9A63D06669A13AE84E103F --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4328

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=88A1788B0BABB1DD09AACA58D8AB1586 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=88A1788B0BABB1DD09AACA58D8AB1586 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1496

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1BF6C9A5375FE24A050EA96337568386 --mojo-platform-channel-handle=2172 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3932

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=06A5C2E62A8F7A4407AF9E8A533B0C44 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=06A5C2E62A8F7A4407AF9E8A533B0C44 --renderer-client-id=5 --mojo-platform-channel-handle=2184 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2292

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FACD752879FF19D6282ED510A445734D --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5008

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=72BA55D2980C5435A10204D0B6249BCC --mojo-platform-channel-handle=2608 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://icedrive.net/s/xWV9NgtXNuyaYQB4FS4iPPxY6Sbu
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc57b146f8,0x7ffc57b14708,0x7ffc57b14718
3⤵
PID:4280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
3⤵
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3132 /prefetch:8
3⤵
PID:1828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
3⤵
PID:736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
3⤵
PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5152 /prefetch:8
3⤵
PID:1868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
3⤵
PID:1048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
3⤵
PID:2420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
3⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
3⤵
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
3⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
3⤵
PID:812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
3⤵
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
3⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
3⤵
PID:4872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
3⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
3⤵
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15398947776688558746,5961804111968554513,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
3⤵
PID:4200

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:3
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4080

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
3⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://icedrive.net/s/xWV9NgtXNuyaYQB4FS4iPPxY6Sbu
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc57b146f8,0x7ffc57b14708,0x7ffc57b14718
3⤵
PID:1288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
3⤵
PID:736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
3⤵
PID:1204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4048 /prefetch:8
3⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
3⤵
PID:1300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
3⤵
PID:5084

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
3⤵
PID:1028

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4652 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
3⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,7963433068131502345,7477606915261522218,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
3⤵
PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
1⤵
PID:2800

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
MD5
a23f526a3d128046ecf8d4d1e168672e

SHA1
2542f3631502c8aa1169cd4f557143f542a956e2

SHA256
7efcdba4e26aa8209db7ac59bed97a809693ca62355979facfff2b7a264c48c9

SHA512
c7bd8c86234ca1dc1171b29b8eb605d467fc3801c12f1f5406a40a6919d5fd4ead4cf5e0efbfbcf7a02b7615b527b97f3a6fb24734c968f135ed50a499387c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
MD5
3f284cfadf69c61be42b32b2b2cc9d61

SHA1
4a97cd3dbd7c565b111dc226d2d6dde585e1bf20

SHA256
8d5fe9c3661b8f5b225933cb56c195380e1919b9149a7b2652a14183f823ef22

SHA512
e02412b1abc7b57678c37489146f76a7be5d07d5f4378dd7b7b24c6c7f68d41c729fce749baa3e5ba8ba166736cb54a8e4fb68da2b7fe707e527114883331af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
MD5
b4f29d0ea0a13409781bbad259db306b

SHA1
f374012ab63054744cad5dc2faa9735313161d30

SHA256
24052be02a4ee42a76240a302ba8046f0c8d7cf8a3f9828fec12e51e041cc769

SHA512
415b1862e4f7c455c2046adcb4323d053eadf62b72a8832c7b7da66e87839284e2e4d361d933e3705583fa1284485c8e5762d055df49e1fa3fa6101081ded93a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
MD5
5f52c86a318d1b746822fc99d0e66768

SHA1
73e5253785afbfb7c9ffb08191148ec50071bdab

SHA256
f17fed83cb99f1170d0368b0d607e80bf46bc073b8bfdd4d5f33ade3da104aab

SHA512
7647e7633c6ad06b5489ffd3c05bc18498fd1755a9df493cf42aee73dd7132021c79afbf4b4b241372f7b19e06261054e8ff3b1eedc70253d24f969a2efb938a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
MD5
65cd93c667c82d079cf011a8000c352c

SHA1
9e69b3fa1914f287ea66d9532e26de1cbd2fdfc1

SHA256
890c1115a85b8360304327e5a9a2a3014b65b4ec22461fa326803ea7dff53d3a

SHA512
08832a9959c9b42915883bc831ffcd0dbeee3dc386701cf98942180776a3d29830e6e392290fe6e2860e33735b93cd6bb6a36365c52a6de2216676f48563803d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index
MD5
1bd628afe96bdbd000f88f9b95c722e9

SHA1
7de32237ff32e25388a90c926228b8f81a5e7376

SHA256
d2e19700f6ce7b2351a51d1cc4fc3a9e9fd8f301b439d95e3c1f4b2160ea3ed8

SHA512
0b8ac7dd47658888df52306eae21a5d3e98a203cf5108bc53b540d62fda14e01c60940ea03a4dc0b4ee8ad5731d2265225519228de1bbc4cbcfc7bd92a9d8ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
MD5
b516b6fe7a69f9ecfc874090086f1ca8

SHA1
bad44a60bd7ce786dd88b885dc4117883a74b43e

SHA256
8c8bc428e39ab2ae4192e0d59a3657b27623707579f1b6006d379dc3be68ae72

SHA512
e2683aabf8a24afd227735127268e4a9f227ac2ceb101458f5c8f5e94b5f4a70a6b8351186d6f21e214ab10ee633620e2c76a50bd3368c9d3fb2dce9fc99d846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
MD5
df54585b56ebc1de1bd895df0f13a576

SHA1
8febd9b61bf0c04dd427b9846d599fce82827c37

SHA256
d54fb9adc41a9f5db1c3d9c2847327d4a2015c9345cfbf878dfad14126950c1a

SHA512
af6a336abf2eb2742203ade2a185e98e2f18af35e843a673e884c764596d5e83dd5078d40ffe1bbdab74ba7811c6e4ef90cb5879ba2a5e6d02ca50f488b7cfe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
MD5
829d77e7d1a21ed479bb9a4992db3541

SHA1
b94164603c4261a0a8de3b62a28ff948d603bccb

SHA256
fda9694089f4da9837a136f66a4015150f835c679996859d0c99a14d46bdb95a

SHA512
54d909ce1ef7ca01a64b24da244ffe927a9943ebf1c15ae2093b36890e40fdbe6df9d5e9cf2e79427f6adeff9ba4cb885277031f633f61e5cfea7279aca52794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
MD5
4fa968317da5f16b13461c95bbc83a8b

SHA1
940d36233d0b66cd66b00dc57e9f4dd1f7a2d6ae

SHA256
5bb3be10a0d91976db2391d8efe6619fed1deb15a148e6b922ceeac449291b4f

SHA512
3740047d270006b4850a05b62f4b484e454ca11817b937dac50e11619458b08c163b2ef33c09b477197f34c4d59af1f96307c006bc45171c82987ea9a891d0df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
MD5
6f05c7f1cf3a918038221215d357154a

SHA1
5b06b75098aaa475597f2996551568268f1cb666

SHA256
6d3ada7ac15e4e37ea4c34210ac756bbb267c9035288ba4a9f01d52067a68d24

SHA512
e623f74f50d9f48b1a6ba2524729442bd006605ef471ca84621d48dc2118205f588345035403d76a09ed52ff879fd35bcec631b8b886d6d659e71df0869cb4bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
MD5
b9203b5324a1bc7ad0f6ac5af71d1465

SHA1
299d3e38e280af3131db35e2bc221ba4e7c9663b

SHA256
e31e12e2682d44c89de20cd84608be511eb7f2bb7c7ed13a57785ea39373680f

SHA512
c977b938cbea5b53bb97e732f0d2deeaa30616b4d47dc82e8d6e7ea16c0a844db28eb00a799fc2d0ccbb11100900566d94329cc5a43a9f2a21c11ac459bd55b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
MD5
9e459d80f503dd0048721870bf23a1a5

SHA1
2771df6466538f0f14180bc4cd4a59f55cf39298

SHA256
ff0c7caa5c75c683263c2981b33807d6249603c31a86219383432423239a5da5

SHA512
de2dea7b0d21e8b74059875f6cfe806aea3fa0bf40b6a2871f3dc4de66ed88c123fa68081d91d7cb250052e01146ef01d4c9005f01bc75301f3552b99452d6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
MD5
75ad9110e37abdf7094c77f3e6dfc918

SHA1
9020730439b56964d81d7661310dd56a45f889f1

SHA256
c06ef9ae8e2fcddfe6931ae04564cafe32b800fff092d0abd8d7181dbca257a1

SHA512
a1d8004d74b717b4ccf949b2e8ae1d77a01855c99ef9748c6f40ef393132199e2d31c1389a998bcb253add417fe2fe03c8d90ae9ae9c80c6ccd71d97fa507a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
MD5
541c42f1c98b3e1b011d22eba854e707

SHA1
db30188de1f22e3077e7044be1386a5d0ecaed9d

SHA256
0768e811c51ac61a8e573ac6b53f89dbb1d89eb2fcf62536a9a5f730329c584b

SHA512
47828c1b40deb8d37d6ff4fc8f7673fbb59b40e07f54f0fa4121b91941160134c251e20f7f28f7ee5185f3c8aee2b7e95a1bef573bc64c68912016accbe90604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
MD5
c42783e4e128b3f433ac2eb835236b71

SHA1
ea00c3d67fd6cbb83b979c16ccb06cd7f4dd4e33

SHA256
05f09d085fdad658c6b037aaed6a272866bcee7d68779f2cab775065038ff2ba

SHA512
441e1a275eb09f0c23c94620feee4198a346e97827abaf683ffd9647d78fe46a6dc599c00b64aed5b10477d118342397428b433e7dbda9fa2827a1051275df9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13291987637422396
MD5
121b8e31b72c6f35f31d619cadfc89b1

SHA1
2283a2289a857fed8b66b5b9023b5575328628d9

SHA256
b989840af024a9ffd251765cba0a7fc432bd1e1e4049f1e08bbb3e816ec21ba2

SHA512
a19f8db8cf5dd8006b2f9c3c1599e7e36d2a3087b20af6b0968b5b92e2036b78591c0e53254ec611ad603e02cefb1f02c37efb8c3e175c5cefa03aa817d64422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
MD5
19c5580b1c4d187b240a732f2cf56da6

SHA1
dc37bfa3054c5afd7600c9058a7ae2bf4393d06c

SHA256
83461b1bb1f35ddda37d822e9986dbec5490a9f7f261cf4ba0971768327b0672

SHA512
ab4ea41ee111d38e625aa71dcd7d0fe8aa6d680ee67c21b75a622b6dfa935a37ed7a69508178a1fe3db0ef4fa73bf8f2942ebbb4deca51761388fad2643723b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
MD5
99e911f6e0260a31d0abc56df25c0b40

SHA1
e6c893a308dc310087020652c9d5b635c3cc4c35

SHA256
c43cbfbb8cf62fd0bbe7321d695348db1010eeb95ebfe1fa840e698573a4167c

SHA512
d692608a32858e84fc36506cac4b227b64c7d4340e540be28a5b744bcbf93a62b55333a9bd66e0197bdbb3b176152c3002096dd067ca1e593dccab1082e107fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
MD5
3d3c198f42144ec00cce06799e8eae7a

SHA1
cb5411b3d1f3bcba8219597b33a022eff04d691a

SHA256
152cd49d929b217cdac890613b356e185b2cb4f9cd7fb2349b5569f8bc653ef1

SHA512
e3a47783b95cd83cb239f6994b4d6e4815d4d44ad35c3782e464b494bb1bc82f77cde62991dab8e2d8ba2438f933d37af36767904ed47893449541b47e26aac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
MD5
b3dc6c37777919805c89e5c95440a304

SHA1
657cd841210e8ef0d1875654514185a20b735bda

SHA256
c42ca895eeb87095e766ae9f360ed06b124fd4aa54fdf080ec23798870623081

SHA512
fe5745e3cac5718cca06e7b5359b2e25e3dba3ca1a081cec94f0434e89cc1ed5172d6ce47961d1685292c12290be38b07bdb87474ec5c719e9360dc4b3cfa155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
MD5
561d3972593647b20d3ee85d7d6a3e0a

SHA1
f2e560122596c02f3fb0c987470ed7ef27433ac9

SHA256
82457993ff5483f29bcedd550bb9ed7dd0bde03a7713e04ef60e4e4b111bce69

SHA512
a3c2809df48680a1cdbe1efa9581e0cb126077a6881d9535aa37e89953b146335e13c3346b71937d8236a92d4b9b184eac7cfcfc3d8eb202bf90d80f2530378e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
MD5
59f0bddf743733335ccad925182e3c58

SHA1
72dcfe4af138f35565598aa39efe237c05ec4bdc

SHA256
c08ddd60259d527152ae501dab880035857019d69f2450bee5cc907b3ea369d6

SHA512
93793decdd0d4fefeba147e53803ef28de545e5b12f8dacb3ad145730d76aff177836f54c7f20a72088fb78db2f76cfd2673675316cf6ff399cbf4dabce5a0a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
MD5
2e19a9040ed4a0c3ed82996607736b8f

SHA1
5a78ac2b74f385a12b019c420a681fd13e7b6013

SHA256
2eeb6d38d7aad1dc32e24d3ffd6438698c16a13efd1463d281c46b8af861a8ce

SHA512
86669994386b800888d4e3acb28ab36296594803824d78e095eb0c79642224f24aca5d2892596ac33b7a01b857367ed3a5e2c2fb3405f69a64eb8bf52c26753f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
MD5
55a2301a1dce04ab5ad5dffaec1d1507

SHA1
b082630cdbaa5c7df58cbafcf6ac47cb83393e5d

SHA256
d30514d42b8caf16492d4957a0b470526eb9046b85989fc640555809256f4069

SHA512
ff1cb6ab0a6d12cd80439ed6bba1502b8693e3265389e895a53cbd3eff4bc9954a8b5c9c05f09ebc5631f0452ae368e24a05e01e1c7be845187ecc22f5a4decb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
MD5
12f86f72c055e4f6384bad0d117302a3

SHA1
91154ac74cea4ce2eea4f0515b8614d7d216a88f

SHA256
b1d656a75b0935d6cbba2c65aeda45747a4dc490f3863e5c99021dfaa8e7fcd9

SHA512
bddfa495c6fefad88e048eed985e69f1adcbc36d50013acdb11093d547cd39f913b304b09ca46afe52b18d9e823e2bfb1118d1f4e8dac95d115f66952b6f918f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\??\pipe\LOCAL\crashpad_3328_VWESHNWDFKSYXQLI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4052_SEOKIQGKAZENHSGN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1308-147-0x00007FFC5F770000-0x00007FFC5F771000-memory.dmp

Filesize
4KB

Download