Overview

overview

4

Static

static

3

6887cad297...0c.pdf

windows10_x64

4

Resubmissions

19-05-2022 03:01

220519-djbfgsadc4 4

Analysis

  • max time kernel
    121s
  • max time network
    105s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    19-05-2022 03:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6887cad2972d2711938a3a63f7006d659da9e6759c006ae0f47a5c3590f7500c.pdf

  • Size

    25KB

  • MD5

    284eff3b9b78fe18cc47f8e7ec62d977

  • SHA1

    fc86c18ad69cf4f5ff86f9fe152a0550bc378a23

  • SHA256

    6887cad2972d2711938a3a63f7006d659da9e6759c006ae0f47a5c3590f7500c

  • SHA512

    b598fd9af3310497120586f5b5bb15a49360a1ad8be140c1a18f810566075e9ae5602b811a7c2ad1027241c1d51bf9e91fd8903594789d0d055718556db14fbe

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\6887cad2972d2711938a3a63f7006d659da9e6759c006ae0f47a5c3590f7500c.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1360
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=66C0BFDC4998F1023B6F62DE6C983A97 --mojo-platform-channel-handle=1640 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:3876
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9FC6D84F62207B8D98ABB2656E8F501F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9FC6D84F62207B8D98ABB2656E8F501F --renderer-client-id=2 --mojo-platform-channel-handle=1648 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:3728
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0F7CF759C86E37F46BF8F952C8202BDE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0F7CF759C86E37F46BF8F952C8202BDE --renderer-client-id=4 --mojo-platform-channel-handle=2236 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:1748
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B2FF2E57393CF1B652FA212E98B26697 --mojo-platform-channel-handle=2484 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:1848
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1FD81F76FD5A19659F5DC4A23B7DC51A --mojo-platform-channel-handle=2616 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:2264
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B9E11A59007A83B97AE7ADF0C68977F9 --mojo-platform-channel-handle=2716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:2300
                • C:\Windows\SysWOW64\LaunchWinApp.exe
                  "C:\Windows\system32\LaunchWinApp.exe" "http://allyouneedbook.com/read/cphq-exam-questions.pdf"
                  2⤵
                    PID:192
                  • C:\Windows\SysWOW64\LaunchWinApp.exe
                    "C:\Windows\system32\LaunchWinApp.exe" "http://allyouneedbook.com/read/cphq-exam-questions.pdf"
                    2⤵
                      PID:4668
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of SetWindowsHookEx
                    PID:2316
                  • C:\Windows\system32\browser_broker.exe
                    C:\Windows\system32\browser_broker.exe -Embedding
                    1⤵
                    • Modifies Internet Explorer settings
                    PID:3876
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Suspicious behavior: MapViewOfSection
                    • Suspicious use of SetWindowsHookEx
                    PID:2412
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    PID:188
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Modifies registry class
                    PID:4376
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies registry class
                    • Suspicious use of SetWindowsHookEx
                    PID:4724
                  • C:\Windows\system32\browser_broker.exe
                    C:\Windows\system32\browser_broker.exe -Embedding
                    1⤵
                    • Modifies Internet Explorer settings
                    PID:4764
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Modifies registry class
                    • Suspicious behavior: MapViewOfSection
                    • Suspicious use of SetWindowsHookEx
                    PID:4988
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies registry class
                    PID:5048

                  Network

                  MITRE ATT&CK Matrix ATT&CK v6

                  Initial Access

                  Execution

                  Persistence

                  Privilege Escalation

                  Defense Evasion

                  Modify Registry

                  1
                  T1112

                  Credential Access

                  Discovery

                  Query Registry

                  1
                  T1012

                  System Information Discovery

                  1
                  T1082

                  Lateral Movement

                  Collection

                  Exfiltration

                  Command and Control

                  Impact

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    471B

                    MD5

                    0139ae54ab5bd17af42facbbdf2b01d0

                    SHA1

                    aa0b305fad4211f81edfa2521bece92e758b4376

                    SHA256

                    93c8a57c9a7a70617fd4e7f17442b9fa24e31104000de22637123111dcb5c305

                    SHA512

                    f34ab12338eb3fd16bc26f24b20b349a14f6fa29f4dfdb91d026347222a66abc538e6753961fbc0484efeefc56abdf6edd00ec7a80b0b8a9270d747988e5741c

                    Download Submit
                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                    Filesize

                    404B

                    MD5

                    87f7a1f0cfb1ef320e8b4b12ebdb23b6

                    SHA1

                    e846ead2166a7f461f5eb28487a2a40e06f9687b

                    SHA256

                    e20d84725fc887df2b8465bbd1515c71baa2b6ff0936ab53254f55125aa2de1b

                    SHA512

                    a207f28be7bb025e5b0a0610fed946404cdc95c2999bb8431eacafb5156314a681defe1f301da100d7062b3fa4406312add9a93d3f9c3c0ab3c979dc3dbee163

                    Download Submit
                  • C:\Users\Admin\AppData\Local\MicrosoftEdge\SharedCacheContainers\MicrosoftEdge_iecompat\IECompatData.xml
                    Filesize

                    74KB

                    MD5

                    d4fc49dc14f63895d997fa4940f24378

                    SHA1

                    3efb1437a7c5e46034147cbbc8db017c69d02c31

                    SHA256

                    853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                    SHA512

                    cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri
                    Filesize

                    207KB

                    MD5

                    e2b88765ee31470114e866d939a8f2c6

                    SHA1

                    e0a53b8511186ff308a0507b6304fb16cabd4e1f

                    SHA256

                    523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

                    SHA512

                    462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
                    Filesize

                    512KB

                    MD5

                    816dfb1597a29fc08e566ec4f964b310

                    SHA1

                    af50faf3865b4f0d2321eb0e3e6c6cf7c83be75b

                    SHA256

                    be4f4927d35a590fc2baa08afda8779f89826b1e1d46ba80dfc16d70b9f3d381

                    SHA512

                    4fbf53950d2967cf1c38d88b3f64606be555b6d97716b3b98547ed3bfeb53814f4167773ce8bb1c65c44331e8b174b4a9daa9d024b23124645139d4ae8b4f79c

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
                    Filesize

                    8KB

                    MD5

                    8194a4d75e80e67f651ceeae3fff98f2

                    SHA1

                    ca464b439f3188eb32964235219bb01ccc99af0b

                    SHA256

                    ce1aa62fd9b9cf0e37136ad78b88fa51cd3cbf4eb3ca9490846305881db84b74

                    SHA512

                    543320d2fe8089b715df8e2e8e2d56ba8a2978e3b7f46749185aaba6764024233e8342480eafeefb712aa88e5a5c301c96a54cdab89973a0ef6514b3cbe81135

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
                    Filesize

                    2.0MB

                    MD5

                    14154b19c8e0f84f551b75b24762493e

                    SHA1

                    066585ff8784a4cf683c2d28c4571d8649cc03aa

                    SHA256

                    72764acd37e29003633cd8f13e56766f3b005d566a9c7a2a28d16c9b8f8fc91d

                    SHA512

                    7051f6e14388754e2e35d61c3da48d88f9d5af5f985cd8b88bc9e5a6d0737c1ef2980eb3a4fc90f410f61885edcc079e9e0243cd546f46934f78ba029e74f1c7

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
                    Filesize

                    16KB

                    MD5

                    74c4ae84e18b53767a5763e52fec1192

                    SHA1

                    fec36bcebc0a1c37b18b02431e3d4c56f3ac1750

                    SHA256

                    23d500b9cbf4c2eb7032ebdb47d3f6b5a6ed45e638ca113ea51988ea0d88af73

                    SHA512

                    564550d0cad85525db031856a859f567db0b1ffa9b3efa471ddf8491f5c3e06d39d2bf924d601e7bdb78c9e10a7c6e7fd14df834155089c62b36266d8d00ec9a

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{72F978CD-CACD-429C-A640-CBA713BF7F4B}.dat
                    Filesize

                    4KB

                    MD5

                    a1d623b5192a7ed8a0e4a5f1fe43afc5

                    SHA1

                    13ec934ed7dd4aa544c28bc59d2e327d25a585a9

                    SHA256

                    768bbda55e51fe6d0a501bb353d57a61c5fe37270d659ec71daf4f5d89f291ba

                    SHA512

                    d321282465bf6f22422f5eb0c1c4ea7f25028650e7d1f66bbb71deeea95ab9dcde2daa4c7eae32b144267a1bdc7b6da81a579093a1a0c67540ab1c099b326bf7

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{BA9F0D7C-8041-4572-BB02-BDB1282E9978}.dat
                    Filesize

                    5KB

                    MD5

                    b877ede49dbdd5eb49f0c897425f5f85

                    SHA1

                    41582731fcf549d4d9ad4be5ed1645053511c512

                    SHA256

                    a52ee75f915d7b28320c2ae2ec9cf92ac6bcb93e67b0a921bf7450ad28f2a803

                    SHA512

                    667cae595e1f07637ebc78faf5b741ef18a88b9c043972fa866321de770471fe0df34186ea7556c28a2029ff1c31c1b0a60cb950072065f919dbdb51223e1c61

                    Download Submit
                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.pri
                    Filesize

                    207KB

                    MD5

                    e2b88765ee31470114e866d939a8f2c6

                    SHA1

                    e0a53b8511186ff308a0507b6304fb16cabd4e1f

                    SHA256

                    523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

                    SHA512

                    462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

                    Download Submit
                  • memory/192-140-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1360-119-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1748-132-0x0000000000000000-mapping.dmp
                    Download
                  • memory/1748-130-0x0000000077AF2000-0x0000000077AF3000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/1848-136-0x0000000077AF2000-0x0000000077AF3000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/1848-138-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2264-143-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2264-141-0x0000000077AF2000-0x0000000077AF3000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/2300-147-0x0000000000000000-mapping.dmp
                    Download
                  • memory/2300-145-0x0000000077AF2000-0x0000000077AF3000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/2316-150-0x0000022C74420000-0x0000022C74430000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2316-149-0x0000022C74320000-0x0000022C74330000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/3728-126-0x0000000000000000-mapping.dmp
                    Download
                  • memory/3728-123-0x0000000077AF2000-0x0000000077AF3000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/3876-122-0x0000000000000000-mapping.dmp
                    Download
                  • memory/3876-120-0x0000000077AF2000-0x0000000077AF3000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/4668-155-0x0000000000000000-mapping.dmp
                    Download