Analysis
-
max time kernel
151s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
06-05-2022 13:01
Behavioral task
behavioral1
Sample
documento 49711.pdf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
documento 49711.pdf
Resource
win10v2004-20220414-en
General
-
Target
documento 49711.pdf
-
Size
18KB
-
MD5
cae578660134d034d53f262c54f80740
-
SHA1
29e8913d82e1d4f3cea1372eb252141760638d92
-
SHA256
262c6cc05680448a3cc2f1122093635835019cac69a767f6df42e3574fb82cef
-
SHA512
fc7e5e4def3f37cb4e727b1476fab1d09c13285dcfbf7cb0d9c34e9a258df77078ed23c82cc286da02ba7126fb9b324a5634e7beefbe6023d658c095a54fb30d
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Program Files directory 2 IoCs
Processes:
setup.exedescription ioc process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\1a815e0f-58b6-46f8-8ddb-70335bdc4cc9.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220506150332.pma setup.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 28 IoCs
Processes:
AcroRd32.exeAdobeARM.exemsedge.exemsedge.exemsedge.exeidentity_helper.exepid process 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 1192 AdobeARM.exe 1192 AdobeARM.exe 3056 msedge.exe 3056 msedge.exe 2176 msedge.exe 2176 msedge.exe 4764 msedge.exe 4764 msedge.exe 5276 identity_helper.exe 5276 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe 4764 msedge.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
AcroRd32.exemsedge.exepid process 4136 AcroRd32.exe 4764 msedge.exe 4764 msedge.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
AcroRd32.exeAdobeARM.exepid process 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 4136 AcroRd32.exe 1192 AdobeARM.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4136 wrote to memory of 1768 4136 AcroRd32.exe RdrCEF.exe PID 4136 wrote to memory of 1768 4136 AcroRd32.exe RdrCEF.exe PID 4136 wrote to memory of 1768 4136 AcroRd32.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 4484 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe PID 1768 wrote to memory of 3668 1768 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\documento 49711.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2FDD6CA74C6C89E1480322D6E221E80C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2FDD6CA74C6C89E1480322D6E221E80C --renderer-client-id=2 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9EE90C4CE8CED57DA844363EC9F25044 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A35F200CA02EBC38858F85A1A3E8D3D9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A35F200CA02EBC38858F85A1A3E8D3D9 --renderer-client-id=4 --mojo-platform-channel-handle=2160 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=13EE907CF8B85799AA792FF24B88D5D4 --mojo-platform-channel-handle=1988 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3BCDC7701C18D29F4C9DB4A2B0B22C98 --mojo-platform-channel-handle=2564 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=864D40FB4BD17FC9494B569FB3637425 --mojo-platform-channel-handle=2572 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:32⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sites.google.com/vbslangemark.be/per-comunicazioni-istituzional/homepage?authuser=22⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff848b646f8,0x7ff848b64708,0x7ff848b647183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3260 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5408 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5616 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff6c3575460,0x7ff6c3575470,0x7ff6c35754804⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,1358519694478169746,3588656091439321221,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sites.google.com/vbslangemark.be/per-comunicazioni-istituzional/homepage?authuser=22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x40,0x104,0x7ff848b646f8,0x7ff848b64708,0x7ff848b647183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,9530857711491528786,2238298997940961469,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,9530857711491528786,2238298997940961469,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sites.google.com/vbslangemark.be/per-comunicazioni-istituzional/homepage?authuser=22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff848b646f8,0x7ff848b64708,0x7ff848b647183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sites.google.com/vbslangemark.be/per-comunicazioni-istituzional/homepage?authuser=22⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff848b646f8,0x7ff848b64708,0x7ff848b647181⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s camsvc1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6Filesize
471B
MD5d88de0cd731f14942ec8b0010f3334a2
SHA1265588d0d6a271849fb6f65f6647c33d38d49674
SHA256141026c0fca4e8c666162235ac77ad2ce8adbd0dc01430b562ccff10e31d9282
SHA512a2740b25ed59aefc7258872bf18fe5eef7f239217f6abccfa9dd61e339266375429d42e44581785087ab38c8db4876d22a4f79af8836d067db6ae758475c5e43
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868Filesize
471B
MD5664a75ea0c2295224fdf40d83a88ef70
SHA1ad7a7e6f8ea689ffe4ba828ca27b1b97cf3f994c
SHA25661434c2411ebaded1dfa0431cef50fd1b768b9a1e1e3b988ba4dfb210d1d9c57
SHA512b8ea072e01c99ff611b39e0fdd97e83d1edbab840a73dcbf3778c826b3095206fee53bf5404151eae56ad08cf9b2051f8d2df5dd626352a4867f13ebbfe20d47
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6Filesize
434B
MD573727d01d0acc3b30ad37ed06a1daaa1
SHA155500cd407c6debce8468317f92392f31f54cfc0
SHA256a549e22a5fa749764b9a8792a082402d275309e5d95c78eb6625fd61aef424bb
SHA51221ceef5dbc0e23bad23b882c4e3425a409db8becd344e41fc7cd4cb63772376bff3e0a6a67a78a80966f93d62c815161865b349b7994a1728cd1a1420c1f2ddc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868Filesize
412B
MD55ff8968b5f8a6630fea2b1e2a10308c4
SHA1f8f7ccdc3ead217974d9a58074d23f50685e0b0d
SHA2569ddd792c73aadd884112294462f6bac106def923e506b3b22f6486602f833601
SHA512b753011733160fce997a4c7b4720cf536a0eac967e53808761c2afd521ea82ccedfd652406bd63ad770af913572c5379576cc8ac54ef9610eb7499d61c727e56
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD50f2fd3ffef216b4a9345a3bf7c19e54c
SHA1bb53767f6009d83c4af27ddb9f72b88d2dea8c1c
SHA2564587b60ec8ed42f34c0c85604a70363bd7e82b5dac6b6e14629e3a5672b3e98a
SHA5125987b7af8b369ad6208688a59562c6d187b45a64cc307af5d96da4cbfc6c146c71bcc493f9a66bf23d2d249416222bb728e9072a44a7d9a13355647768b32900
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD50f2fd3ffef216b4a9345a3bf7c19e54c
SHA1bb53767f6009d83c4af27ddb9f72b88d2dea8c1c
SHA2564587b60ec8ed42f34c0c85604a70363bd7e82b5dac6b6e14629e3a5672b3e98a
SHA5125987b7af8b369ad6208688a59562c6d187b45a64cc307af5d96da4cbfc6c146c71bcc493f9a66bf23d2d249416222bb728e9072a44a7d9a13355647768b32900
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD595e22ee8bac6765a868c13fc5ca5017c
SHA1dff7d454639c700bb4408bf2cef900337977eb56
SHA256cb320ebc79962dfd60205d687132b62ac884924f6cf5c5a40aea28fd2bc44802
SHA51247fb43256f59834aaf626e3c9c9e20f71afbb018f64755d8e05f6cbd8dde21e1c14049192a90bffd99413a58a0cacebdd8bce7b3d464aa622d7eefad71145428
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD595e22ee8bac6765a868c13fc5ca5017c
SHA1dff7d454639c700bb4408bf2cef900337977eb56
SHA256cb320ebc79962dfd60205d687132b62ac884924f6cf5c5a40aea28fd2bc44802
SHA51247fb43256f59834aaf626e3c9c9e20f71afbb018f64755d8e05f6cbd8dde21e1c14049192a90bffd99413a58a0cacebdd8bce7b3d464aa622d7eefad71145428
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD595e22ee8bac6765a868c13fc5ca5017c
SHA1dff7d454639c700bb4408bf2cef900337977eb56
SHA256cb320ebc79962dfd60205d687132b62ac884924f6cf5c5a40aea28fd2bc44802
SHA51247fb43256f59834aaf626e3c9c9e20f71afbb018f64755d8e05f6cbd8dde21e1c14049192a90bffd99413a58a0cacebdd8bce7b3d464aa622d7eefad71145428
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD595e22ee8bac6765a868c13fc5ca5017c
SHA1dff7d454639c700bb4408bf2cef900337977eb56
SHA256cb320ebc79962dfd60205d687132b62ac884924f6cf5c5a40aea28fd2bc44802
SHA51247fb43256f59834aaf626e3c9c9e20f71afbb018f64755d8e05f6cbd8dde21e1c14049192a90bffd99413a58a0cacebdd8bce7b3d464aa622d7eefad71145428
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD505721a05c0541504b0919239db9c2ef9
SHA124bf885138e7a17d20dc9ce68a05d45faaf853aa
SHA2565ae291c088eeb9671bed130a3c2d0ffe4024cfe846f0ace439f735f92eeda28a
SHA512b4b337cf5fb7fc1459b307b9554a2ced53410a465ed32434b1bff9ff194bc9d7e09b0b00623cd2a7209a3bb4d11408bfd7ffff86e6581ef8762d3ddc6a4780ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5b0d0d9362e8db1d753c6c5a8cdb88918
SHA12e2c03d420fdaa1b1bbf4f0af2da6b3fd47fd89e
SHA256a05c8056f06431ebdab91934893f93e77f38f76e283451d570bb3df763234f74
SHA512bb29a43e315663ccc11f47f681f490c7815c99dc2f7966660bc8cfb142292d267f4a140217aef774948d6937bd91f833dd9a9619a5556d7c87a59c33ee21d14a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettingsFilesize
81B
MD5f222079e71469c4d129b335b7c91355e
SHA10056c3003874efef229a5875742559c8c59887dc
SHA256e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00
SHA512e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1Filesize
126KB
MD56698422bea0359f6d385a4d059c47301
SHA1b1107d1f8cc1ef600531ed87cea1c41b7be474f6
SHA2562f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
SHA512d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUrisFilesize
40B
MD540d95fae8d7f7b813352dcdfb41c2289
SHA1f280bcf4442c503e6101e9fc9b7711d84a064414
SHA256f91953c3c5057bf22c3d6c847868329b2be964ecaa4a8d67251fa2992529446e
SHA51290403ac919e19750ded3bb0b650d8b0d921376d63e845b2ec22c7199d01f1a380660e88376a22ccfb88d753413c2346b2dd90ee2f44e134d861dd5d67efc559f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637874358807230812Filesize
7KB
MD57b0436d08637f8b4bbe0b434c5f3c033
SHA1cb70940371a09db38829f54be262e717f78604d8
SHA256e2edbfd0fe3086ea6cd51355bf45fda7977b27d748bb6569ae287a14093ed2da
SHA512263e97f5906441c87c1da0a59b0b502e4323d000e37f1dbabe0c3b2100eeb403af49c66105a793e110be74653fbc63d20cd158a4e93f5468d9c56778daab2c50
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTrafficFilesize
29B
MD5ce545b52b20b2f56ffb26d2ca2ed4491
SHA1ebe904c20bb43891db4560f458e66663826aa885
SHA256e9d5684e543b573010f8b55b11bf571caf0a225cdea03f520091525978023899
SHA5121ea06c8e3f03efdd67779969b4cdf7d8e08f8327298668a7cffd67d1753f33cf19e6995a3d83fe45185c55b950f41e48ac71b422b91e8d0180b5bdd07cfacfe9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_637811103879324684Filesize
450KB
MD5a7aab197b91381bcdec092e1910a3d62
SHA135794f2d2df163223391a2b21e1610f14f46a78f
SHA2566337fe4e6e7464e319dfcdadf472987592013cf80d44916f5151950b4a4ca14b
SHA512cffd7350d1e69ada5f64cafe42a9d77e3192927e129f2903088b66b6efc9626b5d525aedca08d473ad8fa415af1d816594b243609237dc23716d70a2ca0eb774
-
\??\pipe\LOCAL\crashpad_4764_YJGBWUQLMOLNIHLAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_4880_KKBZWWXTJUIMMVQFMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/940-203-0x0000000000000000-mapping.dmp
-
memory/1192-153-0x0000000000000000-mapping.dmp
-
memory/1236-148-0x0000000000000000-mapping.dmp
-
memory/1332-164-0x0000000000000000-mapping.dmp
-
memory/1352-165-0x0000000000000000-mapping.dmp
-
memory/1768-130-0x0000000000000000-mapping.dmp
-
memory/2136-145-0x0000000000000000-mapping.dmp
-
memory/2176-168-0x0000000000000000-mapping.dmp
-
memory/2232-195-0x0000000000000000-mapping.dmp
-
memory/2328-156-0x0000000000000000-mapping.dmp
-
memory/2764-189-0x0000000000000000-mapping.dmp
-
memory/3056-167-0x0000000000000000-mapping.dmp
-
memory/3056-197-0x0000000000000000-mapping.dmp
-
memory/3332-154-0x0000000000000000-mapping.dmp
-
memory/3668-136-0x0000000000000000-mapping.dmp
-
memory/3668-204-0x0000000000000000-mapping.dmp
-
memory/3720-205-0x0000000000000000-mapping.dmp
-
memory/4180-193-0x0000000000000000-mapping.dmp
-
memory/4452-200-0x0000000000000000-mapping.dmp
-
memory/4484-132-0x0000000000000000-mapping.dmp
-
memory/4560-177-0x0000000000000000-mapping.dmp
-
memory/4608-158-0x0000000000000000-mapping.dmp
-
memory/4736-187-0x0000000000000000-mapping.dmp
-
memory/4760-171-0x0000000000000000-mapping.dmp
-
memory/4764-155-0x0000000000000000-mapping.dmp
-
memory/4784-190-0x0000000000000000-mapping.dmp
-
memory/4828-140-0x0000000000000000-mapping.dmp
-
memory/4880-157-0x0000000000000000-mapping.dmp
-
memory/4916-186-0x0000000000000000-mapping.dmp
-
memory/4936-172-0x0000000000000000-mapping.dmp
-
memory/5000-151-0x0000000000000000-mapping.dmp
-
memory/5276-206-0x0000000000000000-mapping.dmp
-
memory/5292-208-0x0000000000000000-mapping.dmp
-
memory/5316-210-0x0000000000000000-mapping.dmp