375c360f6c6a935a996531f54bc6d3fc1baa8b62adb8552c72961f06356d8271

Analysis

max time kernel
182s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
28-04-2022 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0TKPbITb 7006605.pdf
Size

269KB
MD5

da51b0d952fe382550e3cc436e94e4b8
SHA1

2d231e859e27c058bf0d062d361d855f56b882f7
SHA256

8adb42f035758ba31143b6132e54ab4fe07d67a7cac639a6724f18c7e5603150
SHA512

3d474ac491b36a55f0b21251b35238b5e2178b94e148c9130f5289afa043c8829e1312ffc7083136ae41d2c1b9976eb1c4c7076a53bc54e9f4b48821aebcf5a7

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftEdgeAutoLaunch_5EFC0ECB77A7585FE9DCDD0B2E946A2B = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe\" --no-startup-window /prefetch:5"	msedge.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f1f7055b-de75-4f78-88e5-6e212e774d77.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220428004833.pma	setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
716	AcroRd32.exe
4588	msedge.exe
4588	msedge.exe
4744	msedge.exe
4744	msedge.exe
5328	identity_helper.exe
5328	identity_helper.exe
4160	msedge.exe
4160	msedge.exe
5952	msedge.exe
5952	msedge.exe
5624	identity_helper.exe
5624	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe
5952	msedge.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exe

pid process

716 AcroRd32.exe
4744 msedge.exe
4744 msedge.exe
4744 msedge.exe
5952 msedge.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid process

716 AcroRd32.exe
716 AcroRd32.exe
716 AcroRd32.exe
716 AcroRd32.exe
716 AcroRd32.exe
716 AcroRd32.exe
5560 AdobeARM.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 716 wrote to memory of 3124	716	AcroRd32.exe	RdrCEF.exe
PID 716 wrote to memory of 3124	716	AcroRd32.exe	RdrCEF.exe
PID 716 wrote to memory of 3124	716	AcroRd32.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4672	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe
PID 3124 wrote to memory of 4844	3124	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\0TKPbITb 7006605.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:716

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:3124

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D38432DE91FF8B39255202F544DF5003 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4672

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EFA7B982FF2C6788723DFDD26A747147 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EFA7B982FF2C6788723DFDD26A747147 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4844

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FC1545C05BEBC676EF66C4CB3D5658AA --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1628

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DAC2F18AF41DFCB83B28F734A820C1EF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DAC2F18AF41DFCB83B28F734A820C1EF --renderer-client-id=5 --mojo-platform-channel-handle=2444 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1744

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A99703A07AE45D1C587DACED3C34B033 --mojo-platform-channel-handle=1828 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2448

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=848F852216E71B21B87A2B0DE9328402 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/drawings/d/1EH497Pi3g_ID1vGJVAbTUSGOJ_5w4m8_rvUrfijtx-Y/preview#Nm
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe80f346f8,0x7ffe80f34708,0x7ffe80f34718
3⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:2
3⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
3⤵
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
3⤵
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
3⤵
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 /prefetch:8
3⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5552 /prefetch:8
3⤵
PID:4352

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
3⤵
PID:2776

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
- Drops file in Program Files directory
PID:2508

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6bfda5460,0x7ff6bfda5470,0x7ff6bfda5480
4⤵
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
3⤵
PID:5348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
3⤵
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
3⤵
PID:5720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,8473421832773119663,11897522451120167061,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
3⤵
PID:5452

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:3
2⤵
- Suspicious use of SetWindowsHookEx
PID:5560

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
3⤵
PID:5672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/drawings/d/1EH497Pi3g_ID1vGJVAbTUSGOJ_5w4m8_rvUrfijtx-Y/preview#Nm
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe80f346f8,0x7ffe80f34708,0x7ffe80f34718
3⤵
PID:6108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
3⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
3⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
3⤵
PID:5868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
3⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4116 /prefetch:8
3⤵
PID:2204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4220 /prefetch:8
3⤵
PID:2940

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
3⤵
PID:5584

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5148 /prefetch:8
3⤵
PID:5296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
3⤵
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
3⤵
PID:5420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
3⤵
PID:5768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7910974537412520593,12443273331357301581,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
3⤵
PID:3476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
1⤵
PID:5196

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
Filesize
471B

MD5
e8c699f98e3f4002b505a818df3a060b

SHA1
5473119665f6924c9abfbc6708e3a7d1b45764f5

SHA256
e22b04be25543cb54b0302909cf3ecc76c0bd7ac9c2a3a63d2d25c17a1867bd4

SHA512
13d1c420665c0f34723cb0329fdb54c52ddfa03e99299b2efaf7211ec5b48d5584d3dae0f759c86d28a737c57f93af13b9919ff99ea108005be570af1be9e9a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6
Filesize
434B

MD5
01306ab2af1d761ee1bc1387b86a2a49

SHA1
96ee1635bca1e02984e5342c22440d02fe49148c

SHA256
e9f2bda5ce6ee6ddb594ba05466297b4a85110e73357db882c3d66bb2820a7e3

SHA512
1a0e453c6ee687d6d6e242c525550dbe4e14de8a3883e543598bc7aa9fe6428faf27bc191635560abb96696616cf21166dc4423a5710343728a355fd41b1219c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c8ce7285f4bd4ade99ffd08c0351e308

SHA1
c3de927f710893a2821e9ade59c80cbaab3b6e12

SHA256
d434784b824ab0d1279c8d37b95219c3b9de8840827d9fb08e4f22a9022ef297

SHA512
7a958b60031dc96e7212be39dd999193029089992f0ed6c95e299f6914b6cfd5f126d9c98121c1f316b51f3e6806785cceaafa1e3d6c9bd317e7a858ff3f0646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
fa8a7228a4b721cd019faf57fdd11172

SHA1
c2a327111fafe219a66fb958f4874a1503655bcd

SHA256
81a99405ba70c018f879c3bbfc9b47b85e7f6a6618df1becde8967199d7d25f7

SHA512
dc532d62291caa2bc3ca99abee2ef7b4bb26eadf47dc0e761522ccabf8c21626bbdb504c8eb7eaead222f1350beb818d46390e9f1b0cf2847198edf41d50b94c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\index
Filesize
256KB

MD5
40e579c043fcb911191fdd595e1e3606

SHA1
db223d281441e6fc8885c135b8c64726ef7cb34d

SHA256
4423c2b74333c787892c3d5b1b06adecdc045e4a2fbea83462337e439dc2f789

SHA512
59a39ceab1e65434a09357b4ff6389ff115db5040340575091035d9fc281d98dedd1f17830ca09026572fc8bda1f1f7ca009ab096ab4666b4244b5f6477b2b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
e0fdeaab4f87684b8754de24585aa42d

SHA1
ba25c277b752f6d01548789003ad12870efe6f2e

SHA256
65b367cc3209633aa6f4a9b46e4ea92434b4b3fde8dd2a8635afb954c8f0e92f

SHA512
37445c3fed6ac0f27321278122e54626fefa76a992a3737fa3ecc190a84954e65aba3f02567eef6cb46777ccc8b5e5d285a94ab774bca7434ff029eb58552904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
5dc787a114f607fe98ef9149d1ab3553

SHA1
d23f84af709cd8ef1beeb854987e5ddd8b7dd414

SHA256
a27c18ef6c8a5aee22fafa178536079645e74a6b622af964652b8782503defaf

SHA512
438e830e7b79d5bc2d12dc1c1b5d75c98671ca7b66220420cd563b35f2e029a2ebc14e5aaacf6600f0503a37ae0b874711bcf765c01e3156d3ce188210a02c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
634a2673c62529bdb4085ba6530e69df

SHA1
ed784da759282ab3b8a959d46a45d081db9f4e99

SHA256
84c9c3c5052a4e86a8f125fb5b7ba007cafbc3326b51fe92ec8c3805bb401cfd

SHA512
9dd936a71101b803836c17da1c76c92de53e53ba1821d40e282cfd31adb250021de9c415a9daff83354d7f91232cca96aa45b337dba4ffd29542b6de704ec068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
08e2dfa2c5cace689d3118d5401a2616

SHA1
9699b86e42afdcd68b368cc81646978092bd17ac

SHA256
27ff655ae8f31b1aa8902d00aa91d47ab6998330488de5565307d14eeb16894e

SHA512
850b31417bcb7be6e005e1c7953dc8dab6c947939cb3e6ec0be071e45c9589c4e14e9f2ea122ddf87de10a1b3748791df8a8a225311caa3d2fadb8eb05f194b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
9ea80dd84530f90ba04eeb637a392080

SHA1
b5362b33ddb431bda6b18d45402213c7e085f935

SHA256
ee285ea210d923336d22af85ce4f0bed97f3245e919131f4dd245e0f7596f0b9

SHA512
2e1b2484a6c5a02d722feeb3191928cc8b90a1ca9c96d6a7cb4699bf2c2fb67b2d519a890c64717fa56f298d987e22b8058f8a50d860ab38b44ed16e1638784b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
cd0955db0fc6c03ce25afc83a0b50e37

SHA1
d8247b5538e53ab1f53d95d676b8ff8e41b73cd8

SHA256
34486935a4644f4552389442f9a10336a039490c541489cb84a9aa634198847f

SHA512
976b84de5b3d2125e9cb27f8d785f2f76b7011a275f92f30edc105b6afab0a4ff608c9d4835b3394a8add45afc2920207d485ee81c7f13295ae517d849321a99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
fbdfc7bc4652858f9af2cab6ecca6c6d

SHA1
b0cd347867b774214583b80992855a919a7a2bd0

SHA256
277d23172a231dc54953ced94d129fbd4644513a6d197957649d0f4c36de2866

SHA512
08c609b1544a89b4f0ed093bbf4069cfec38330bcfafedfb5296c85e611b78ed07cb1a10b7b374ff1bf4f2967e8e1c89727acadada6e8ed742838e56387f289d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
3KB

MD5
95d414bcd3a75528b6df5c4706a0f7cd

SHA1
a098d2cf61ccd9f44ca06f46ae3e11e850695418

SHA256
df2d34cdc0f4c0b7762f0559afa53ccdca76a8e50d8db313d93519f770c521a9

SHA512
b4f9eca10c639df657e89e7bb5c7325569dcd6ab2b68bd2cc45f6fee6d02b30f6f3a7e456e29d7f1c2ff511b1c094870ba7b5790ca5d760f4672a799186cb6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d7161650c3171c2c3fe556b4b8bfccde

SHA1
3f86732121092d4eaf3ca254650b64f15de43a49

SHA256
0d71fee9ba35734f6b986a09fab674ea87db1bdce0c2c32d950250c85b8d5c3d

SHA512
953623d66e838c4a4118ab0f058c4120a8040711530f57f5059d23c022a11e40b35edab9ea2a3ee58898bcfbb86f8a43da2c16f94afb8a905643e3f9c8d580dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
8f50ff044b54bf9704a6832c384a73fe

SHA1
ad52f647266590a6329ed6d41801a1ee38651df6

SHA256
95301e27efa637e6d0d86e4c22dbb85438f1e912bebe835f69d422b5c7703b22

SHA512
1f0764e751e2d9061d064a9cebdb98e9644d5e757be670c8d92abff03c72cf404ff1b415e6f5de12d64d37de810fcdf33033384349b8d9120beab645d98751a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
Filesize
752B

MD5
6ff47d6fac72b4d6079489cc0f92a509

SHA1
77ae08085789f008d69dbd93e748047e0debdf5b

SHA256
2c27a6f9696737a74dc30266d41ef9caa25d2c41c1f6bc93f1b089af5b95b6f6

SHA512
8235ed02e63e393508ec5bb1cef7f0cfe5329212be572bc240d13371cc91746f8cf0d37638269511ac5a7cb824895448d010e26aaa8ec390c63b1e35f61b8d6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
Filesize
295B

MD5
4bee1a00a54dd0fc45b18183ae1a241f

SHA1
eb8d17d4b54d76ebaf26fe0c151f828dc181a832

SHA256
9ccd48620cf7f4c9b7a0d0b7fa368d24ef82c0f4457b9b94ce269eef7ccd6dbe

SHA512
ca211e8eb9acd79e65607426673865198b6b5afc67dfc39d6952d16d690a370638fc6eb15a11c62cb3ab33fcccfaba07babc3d4da1f8db513787da14bb664ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13295580580944226
Filesize
3KB

MD5
ba81d7c04e86c5fe583c80457f3548cc

SHA1
bb1dbd523ff6d9a7f0658de0a6fb4d9374b5d578

SHA256
d6855f311ab87a0cf7ea0ed03a5cf77f480d85848da07317c327b26c29981d05

SHA512
1a40e3bf817a95f0db10b0b9fe3b2ad6d718da566b4c84d792222f384e8b96b8636d2c5da9da973bf861ab148c52beb6a3019936af0ee126b91e07fa16860cc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
244B

MD5
380759578150be7b905ff7bc2e0aa7fa

SHA1
1a1e29d3c3d7055ac6c2361442584784be69403f

SHA256
77a06e247ac47889db679b39d9cef48fbf1bace79c0b5434eb4beda7ac929b5a

SHA512
78b3ba71f99b1dd746e6a471f3d956519b5b77bb1e2ca8fe53ec5c094c4cf2acf7f35abc706085314217b8c3f65970ef08cd56a11c7f2fa4efd0f403db755c06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
22f82272b8fb5b31212243c1744625ef

SHA1
9441be4698917f51ac32a0e8185445c153a706ca

SHA256
eaa04bd0c0164ffa20f95d18fd8fe67a8540ed7c5a8c093e6ef7182f82b81e8b

SHA512
6af53691beead0a2447b7a91d81d42645c5da302a588fb9d1b4544f6831dbe87dece18e83716545314e18787f153f3b05f8da2d6b99d3cde63d4763884975738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
1ef50dfbe4cd4ea158e13c862f0d64e3

SHA1
a49018ea627457174a804132a55b530f7ed4d217

SHA256
159569f404c3520a2b73a16275fca7966dbdce3c94f2196b4bdc2739bba32607

SHA512
63d0221bd8ff011482552a3e96ca7d1c765851eee20ca167b81f29b774366eec442fab73526622556913bcd8c17a42048dcf3cb9382f06309ccf20d1e490efd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
05787a4b035c079b02aa442f60c053ff

SHA1
06f153285b254fee6d364a1e6ffd39fe750a9093

SHA256
0d3e8c731997aa6f2fd0179660e732272933bbd4236163f50a863c7030a2f176

SHA512
2190a53a330095bac7b8476ff08bb82bbfa7f3cece135a656bdc72778bea077e31c65ad2ece993b1d44b4b3eda9e40cf9b3449d2519994ba45bbd7eb6c45d58c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
72KB

MD5
80e960c9d8237e623039bc58bf7cce88

SHA1
293bdc4d6586fb43af0b1c6abc7c76af1cf5aff6

SHA256
258911c991f296ef77ca3890428340a36de854f09ac1a7300eac720f4662b890

SHA512
e80872b7c79576ba4ea8debf0f507f12b0d1b137810b8336809e13580beb9531e2c98907ea214d6a20138b84915a25b7b6d30b94ee3ce8e83bf535fdb8d40894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
187B

MD5
ec1d6edeb44d6c98f41d84ab37aaab90

SHA1
0b33ce5ce6e8be616a2f8534dac35241f9523e12

SHA256
d0ac7d76dcf3101b0ecded2684ac42dcca058d9f107d64d855ab72f3e44722c9

SHA512
06acfa8eeaa88ca6e42c4af27fe0994065fbabe753d6ed81c86e7c5966ca30501235da52667d2e8833c8f63d82cf1989d2ef1f24d5d7537fd27f5814d6c6ae71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
279B

MD5
7319086d09b8e852ee2a54351bfaa48c

SHA1
4a9c48ca481c2aff60f953ac8809b006341a6340

SHA256
2a8c1d34d96e720466ab682c66c74279565d8dc5b8f7a5ab0d6c85964ca6305b

SHA512
52402e1abef208f2d408d3e7e6c599f4b7387ce6983fb0759149dc9d7828bf48e323885157082f46703139a3818841bf89d9b76585c4855f44952b0b5ab98692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
531B

MD5
23f76f5c9e45c87ce2746257a187eec7

SHA1
e4af2686722f0f24e7d7f541c3298f56bcb416cb

SHA256
bc61dd5417bf4ec7e0bee1442a6abed7d35ab0986b6f1282c5914d350849f701

SHA512
c4b086b3740a78df0e3e70d03588c5fa46a65ac8037606a1900faf611cfde4cba1125394214c0ebc7851f0044fde65585707dacf10c30552b354b31185b08b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
297B

MD5
31f979f0ab4de4100c9675fd23dab5fb

SHA1
5e0f626119063880bfcf5c5f4649ef3089b5d506

SHA256
ef4f6d831a9b5b544ba2d407b207ac499581d126034082aba6468f9c4f89b708

SHA512
557a5d2463df26cd5624caabc634f4ee133d9a53b69cf50c33ba4bf3b15403a295636989a78d2a46841fed0eccf585adbc1668bf1db92d756bdcf99a387ce3cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
1c624dd94e609a4ce6a7c9a3ece49622

SHA1
e294cf6655cfcc46fa84ed6fc43fd5b952f295c3

SHA256
67c6b0fb2d4b547f2e695dc8d7b2457b086de0fe3d2ab1b18d452550bb869241

SHA512
4285c59125ab0de667bad9d4181314218fa8812eab213fe6b5bd706168fd47784c3810ab5c85a30659d6eced5a72240daf70055036185af706be53acabcd79e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
14KB

MD5
4b70ffa01b03ab6e8450ff804d65b7f7

SHA1
8b9d1804cf06c19403e00f504ce9e04bcb6cf4dc

SHA256
a5cbcdca3f6b84a794971e1b9d081bbadc7d74e9bd83064c81d9aef484901a03

SHA512
7580a8ca648c9137f54927f06a1e24dc4ed3e77c7eb5fa5f600e2aa1f7fceddd472a9e60cb04a000615bbb3f537a3a230ab489aee6ed5cbff390457abcccd4a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store
Filesize
1.2MB

MD5
b0ea4a5517549a67ea3432ed59daea42

SHA1
bbc9b4a33cb2c4196dd1b74411e39c6139652931

SHA256
68d76b1148db410462ed95a79585cfd6622aae7759618409d3a38b0a71e35895

SHA512
37b2a211477ae1bf15fcafd4dfc236caf44b2c01f50e6d1ebca41f0cfb4ddd53616534da7e1660e39371fcac2ee40da4f186f6d97c578fab1042649f790d1bb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
24abedf0bfe0a879f81d65c78c4d7325

SHA1
9b6caadb8e250e0e235f7fe842af673395c9e112

SHA256
76eca3c0b770c87a643dd7c64113e96ffd4e0a4382028947d2b26418f6df7aeb

SHA512
25a1890cb4a79772b940c2d19ca6c57ddf7bf67e305361cea9ac1cca56a949c1ee8862b729f71068360a952c200e62b4b0387ecfc3f46c703ced3d4429c9f0a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings
Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris
Filesize
40B

MD5
f6ea3ea9babbe2049f62e86eedbb6768

SHA1
57cbb104150278b7849319d944a191ff3d4072b1

SHA256
14488ce82d3916c55aa053defb8dd53ceb600afa7c9a50681ff596ed34d6baab

SHA512
f29b905248da8e2eb5d2b3724d731d2095514df1410cad152e50118e54d2cf1b916c7e256ba0ffeb7669da719c89f217c1841bcf10260bda700009182f4b218b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637866999728553404
Filesize
5KB

MD5
32d72f5496490673b05813b9704822bf

SHA1
a2da423ccc6f9535aace32b9366f47a3ab592bf7

SHA256
b1546fac5a587e3c2d7f388c0f4d76905e0f22c9da30ae52d0112abf762cadd8

SHA512
a7e004d0dc2739aaca780ce5c7b06fb00d82b5031e9b8fe9847d6784f3d8de7ad235e61bfab91d77ead4b9599a83aece6f2ba1c58d963a481531d79e34f427eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic
Filesize
29B

MD5
ce545b52b20b2f56ffb26d2ca2ed4491

SHA1
ebe904c20bb43891db4560f458e66663826aa885

SHA256
e9d5684e543b573010f8b55b11bf571caf0a225cdea03f520091525978023899

SHA512
1ea06c8e3f03efdd67779969b4cdf7d8e08f8327298668a7cffd67d1753f33cf19e6995a3d83fe45185c55b950f41e48ac71b422b91e8d0180b5bdd07cfacfe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_637811103879324684
Filesize
450KB

MD5
a7aab197b91381bcdec092e1910a3d62

SHA1
35794f2d2df163223391a2b21e1610f14f46a78f

SHA256
6337fe4e6e7464e319dfcdadf472987592013cf80d44916f5151950b4a4ca14b

SHA512
cffd7350d1e69ada5f64cafe42a9d77e3192927e129f2903088b66b6efc9626b5d525aedca08d473ad8fa415af1d816594b243609237dc23716d70a2ca0eb774

Download Submit
\??\pipe\LOCAL\crashpad_4744_VIIMJJXTPLLERUGM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5952_AMIRBUHVJVMODBKT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/216-159-0x0000000000000000-mapping.dmp

Download
memory/1076-151-0x0000000000000000-mapping.dmp

Download
memory/1424-251-0x0000000000000000-mapping.dmp

Download
memory/1628-164-0x0000000000000000-mapping.dmp

Download
memory/1628-140-0x0000000000000000-mapping.dmp

Download
memory/1744-143-0x0000000000000000-mapping.dmp

Download
memory/2204-244-0x0000000000000000-mapping.dmp

Download
memory/2448-148-0x0000000000000000-mapping.dmp

Download
memory/2508-169-0x0000000000000000-mapping.dmp

Download
memory/2940-246-0x0000000000000000-mapping.dmp

Download
memory/3124-130-0x0000000000000000-mapping.dmp

Download
memory/3476-257-0x0000000000000000-mapping.dmp

Download
memory/3652-162-0x0000000000000000-mapping.dmp

Download
memory/3664-242-0x0000000000000000-mapping.dmp

Download
memory/3776-170-0x0000000000000000-mapping.dmp

Download
memory/4072-156-0x0000000000000000-mapping.dmp

Download
memory/4160-207-0x0000000000000000-mapping.dmp

Download
memory/4324-224-0x0000000000000000-mapping.dmp

Download
memory/4352-168-0x0000000000000000-mapping.dmp

Download
memory/4580-221-0x0000000000000000-mapping.dmp

Download
memory/4588-157-0x0000000000000000-mapping.dmp

Download
memory/4624-166-0x0000000000000000-mapping.dmp

Download
memory/4672-132-0x0000000000000000-mapping.dmp

Download
memory/4744-153-0x0000000000000000-mapping.dmp

Download
memory/4844-135-0x0000000000000000-mapping.dmp

Download
memory/4912-154-0x0000000000000000-mapping.dmp

Download
memory/5296-249-0x0000000000000000-mapping.dmp

Download
memory/5328-171-0x0000000000000000-mapping.dmp

Download
memory/5348-173-0x0000000000000000-mapping.dmp

Download
memory/5420-253-0x0000000000000000-mapping.dmp

Download
memory/5452-183-0x0000000000000000-mapping.dmp

Download
memory/5560-174-0x0000000000000000-mapping.dmp

Download
memory/5624-247-0x0000000000000000-mapping.dmp

Download
memory/5672-175-0x0000000000000000-mapping.dmp

Download
memory/5704-177-0x0000000000000000-mapping.dmp

Download
memory/5720-179-0x0000000000000000-mapping.dmp

Download
memory/5768-255-0x0000000000000000-mapping.dmp

Download
memory/5868-199-0x0000000000000000-mapping.dmp

Download
memory/5952-184-0x0000000000000000-mapping.dmp

Download
memory/6108-185-0x0000000000000000-mapping.dmp

Download