Analysis
-
max time kernel
151s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 23:23
Behavioral task
behavioral1
Sample
91573e2aad89c56aafd30ee2dd1155ef1e2b38a2d2856a3201e1f600e6685217.pdf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
91573e2aad89c56aafd30ee2dd1155ef1e2b38a2d2856a3201e1f600e6685217.pdf
Resource
win10-20220414-en
Behavioral task
behavioral3
Sample
91573e2aad89c56aafd30ee2dd1155ef1e2b38a2d2856a3201e1f600e6685217.pdf
Resource
win10v2004-20220414-en
General
-
Target
91573e2aad89c56aafd30ee2dd1155ef1e2b38a2d2856a3201e1f600e6685217.pdf
-
Size
38KB
-
MD5
e9f991cbda73482d20734d9cc7572c78
-
SHA1
a0137943995f841b37ead9d62e2d3c15e1027615
-
SHA256
91573e2aad89c56aafd30ee2dd1155ef1e2b38a2d2856a3201e1f600e6685217
-
SHA512
0448d38a7e817cf342eaa63f50962683e30e5c7b1aa0be8c836cee29d174a35c806a9d14f259e4388f9d25be08534250a419af42a5ed6a2e937c8a6f27cd35ff
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in Program Files directory 2 IoCs
Processes:
setup.exedescription ioc process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e1b48d42-f9e6-4c22-9e10-d3fdcb5a6ae8.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220522012429.pma setup.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1081944012-3634099177-1681222835-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 32 IoCs
Processes:
AcroRd32.exemsedge.exemsedge.exeidentity_helper.exeAdobeARM.exemsedge.exemsedge.exepid process 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 2352 msedge.exe 2352 msedge.exe 4288 msedge.exe 4288 msedge.exe 5136 identity_helper.exe 5136 identity_helper.exe 4604 AdobeARM.exe 4604 AdobeARM.exe 6084 msedge.exe 6084 msedge.exe 5812 msedge.exe 5812 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
msedge.exemsedge.exepid process 4288 msedge.exe 4288 msedge.exe 4288 msedge.exe 4288 msedge.exe 4288 msedge.exe 4288 msedge.exe 4288 msedge.exe 5812 msedge.exe 5812 msedge.exe -
Suspicious use of FindShellTrayWindow 7 IoCs
Processes:
AcroRd32.exemsedge.exemsedge.exepid process 4704 AcroRd32.exe 4288 msedge.exe 4288 msedge.exe 4288 msedge.exe 4288 msedge.exe 4288 msedge.exe 5812 msedge.exe -
Suspicious use of SendNotifyMessage 2 IoCs
Processes:
msedge.exepid process 4288 msedge.exe 4288 msedge.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
AcroRd32.exeAdobeARM.exepid process 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4704 AcroRd32.exe 4604 AdobeARM.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4704 wrote to memory of 2780 4704 AcroRd32.exe RdrCEF.exe PID 4704 wrote to memory of 2780 4704 AcroRd32.exe RdrCEF.exe PID 4704 wrote to memory of 2780 4704 AcroRd32.exe RdrCEF.exe PID 4704 wrote to memory of 3032 4704 AcroRd32.exe RdrCEF.exe PID 4704 wrote to memory of 3032 4704 AcroRd32.exe RdrCEF.exe PID 4704 wrote to memory of 3032 4704 AcroRd32.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 3036 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe PID 2780 wrote to memory of 4084 2780 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\91573e2aad89c56aafd30ee2dd1155ef1e2b38a2d2856a3201e1f600e6685217.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=532D185254BE14759344F2B41F81AA80 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=908EDCC246892E44B90D461C5485A5FA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=908EDCC246892E44B90D461C5485A5FA --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=38342CC61CD177F6D5C0C66E8431E3EB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=38342CC61CD177F6D5C0C66E8431E3EB --renderer-client-id=4 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=61B854947742C70E5A0105B0360053FC --mojo-platform-channel-handle=2576 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D029BB97589BD4260AFAFF6656021624 --mojo-platform-channel-handle=1896 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A73D8D5591A617D7E2B973E37F39FA1B --mojo-platform-channel-handle=2556 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bit.ly/3cBxHoA2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffd672446f8,0x7ffd67244708,0x7ffd672447183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3024 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5264 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4208 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1bc,0x22c,0x7ff7cfdd5460,0x7ff7cfdd5470,0x7ff7cfdd54804⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17482207554410387735,17927549949717400026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:32⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bit.ly/3cBxHoA2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x84,0x104,0x7ffd672446f8,0x7ffd67244708,0x7ffd672447183⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s camsvc1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0x11c,0x128,0x7ffd672446f8,0x7ffd67244708,0x7ffd672447182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9204369411491290206,9657741786951824308,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,9204369411491290206,9657741786951824308,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,9204369411491290206,9657741786951824308,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9204369411491290206,9657741786951824308,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9204369411491290206,9657741786951824308,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2176,9204369411491290206,9657741786951824308,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4612 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6Filesize
471B
MD5b1eac539ecc6b08ea2692c719c4cce78
SHA141f5d699c6d9a323f541ee1540452d08c35f2222
SHA2565a271241e64b31711d273186c61eeb9e431ca96028da8475aec88a0fc616778a
SHA5120713def9fb15e02e74a9124e35e8008a1f3bb5e5c6e8539577e7b20dcf7858dc085e85856fa1cbf227f95bde1a6ea994d1840b4f2523793340433aa97fe6ad87
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6Filesize
434B
MD594ae332aa675683c6ec417e388589e1d
SHA1d1bc1e9ca0d29e29ff693c3674404b85c927cc11
SHA25638e6754224444b6d451adaf9f255e649a9607c7b58442cb856d1a679ab65f901
SHA512e46e343481890e2ae6b81a54e12f19e793432ea17a9a93bfbfb56aabf125c1bf15a2a44bb3c02158e11c84f4eb2e4dd45f63e0708e6d16beb07448a42bb7f39f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD595e22ee8bac6765a868c13fc5ca5017c
SHA1dff7d454639c700bb4408bf2cef900337977eb56
SHA256cb320ebc79962dfd60205d687132b62ac884924f6cf5c5a40aea28fd2bc44802
SHA51247fb43256f59834aaf626e3c9c9e20f71afbb018f64755d8e05f6cbd8dde21e1c14049192a90bffd99413a58a0cacebdd8bce7b3d464aa622d7eefad71145428
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD595e22ee8bac6765a868c13fc5ca5017c
SHA1dff7d454639c700bb4408bf2cef900337977eb56
SHA256cb320ebc79962dfd60205d687132b62ac884924f6cf5c5a40aea28fd2bc44802
SHA51247fb43256f59834aaf626e3c9c9e20f71afbb018f64755d8e05f6cbd8dde21e1c14049192a90bffd99413a58a0cacebdd8bce7b3d464aa622d7eefad71145428
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD505721a05c0541504b0919239db9c2ef9
SHA124bf885138e7a17d20dc9ce68a05d45faaf853aa
SHA2565ae291c088eeb9671bed130a3c2d0ffe4024cfe846f0ace439f735f92eeda28a
SHA512b4b337cf5fb7fc1459b307b9554a2ced53410a465ed32434b1bff9ff194bc9d7e09b0b00623cd2a7209a3bb4d11408bfd7ffff86e6581ef8762d3ddc6a4780ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD564c8d514c8e3bd88618e2c078d2b85df
SHA1cf536d51c7b8fa7dea053ebddf0a50a0a010f2c8
SHA25693cb03f76d8e36d71f1d575e680fb29079fa829ec18b1b29a7ff72c78d79a28c
SHA51293b4c0944af789da1700b81aa8cd5d7da0fce299936d2a9f48312d3e7dc41f44e831e189edda67be88bb0e23a7d68297da6d37afbcf8000c58a83e2aabeaac97
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-indexFilesize
48B
MD5cadc17c44250d766f5492d01b9f23bc0
SHA1993e4843fa84f8c3056a6ab2b00cc79a12eed02f
SHA25658f58c0947737cba841e83ff24b595fe8a4da46d566a1304c532afcda133060b
SHA512b9ca2cc1501eb25832704fdf0eecce752c48baedecd554f4125486d7bbcad482762087a5517bae1d3f67ee7eb74f936696c6621a897064106a3e9f78a0fa4395
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\FaviconsFilesize
20KB
MD5388a4fef4fd6dbe0124d7b678ed0ed4d
SHA15954014aaaa6dc77669ff8cf39f7e757a8cfb415
SHA256f63d63ee44049b9e8bebb77afcca8a7d4f19ef4debda015d211e5dceddc39385
SHA512822fb8caf0678dcff97863e529f71f9b743bc092195fc754c8cae4db30a86e3d1fa9500457b3f4408f4636de19b36d058a9ed25a629b678e8468650041be700a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1Filesize
264KB
MD5fe449d93573e5a7772b97ba7511186c7
SHA1a5dc882dd45884e2937045171b2f3a62530485b3
SHA256859bce5bb9852189df8e0a62996f9e2782bee2f7224a797fe95947d98cbfcb13
SHA51201b1bf48a9dabdd391870f5934082df3e48fb5b901fd08cd843c3e4cd9c7959dd1acb83dc1d6e21cd8e89306adb614fa6cd31b180c2b47b064dd364ac89e58b9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\indexFilesize
256KB
MD59b594864562096aa175ef6919ab8ad10
SHA1989417e281593e0c412be84df99d941824f2969c
SHA2562cecabaaf67d0d64e2b0f814817f24e2daf3435fd3aaeea5ffe334c2628221cf
SHA51210a9796677731fa23ff1472b75b077790305f077aa90ae724d3fb5b9737c54f97b546d0957b7ee8e83de75f74f6e1bbb8630ada28a7d0ddba4bdcf875ef731a3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HistoryFilesize
124KB
MD57695b2e7c9347dfd396a59a7cc988449
SHA1ec9c7ef4c35ff4a75f0a0d1d7cae9e9ebb6d3b42
SHA2560cb751e08f5298362cb36a2e60844f17976af2733728863ca6a5bb8ebe972137
SHA5123c5360e123cd314bea2c4804f6d03c6ee0391029a5aedc435e9617f4bba7d05449c418059ffa0c9923f39ea53b01a6f4f75f14575e77927a56d8081f46e6266f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheFilesize
6B
MD5a9851aa4c3c8af2d1bd8834201b2ba51
SHA1fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA51241a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.logFilesize
1KB
MD562d1ed719b064c5d2be43b016d6e699c
SHA143e9797350ed22e414ab3020f2299b162222d93d
SHA25680f3fc950f632c655673d97af5973bded672f589553e3af1e5f796bf9600fde6
SHA512738c79f7c57e97fd9ab233947232a13c79cfb22c270a721737b72dfa0fdcade6982b1c293dc0c04fa9b645fea93c0d452241acd1ddcd87f5eb5d213869fa65c5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOGFilesize
334B
MD584cd668c9f91b1f2d9e3c11a4c84b0cb
SHA199c70fc6fc0dd237dd6eff507cc2569973e87ba8
SHA2566ca88a5e0b43b26bf202a433d57dc92151156723949473cedff805f234b86c93
SHA512f2af68a16ff3d65d279349dc608edcb0242c53bf483144feaf5ea2c120c0afb2d9ce5b8a3f11e9b9da7c12363eac09fbdf9da2eb04dfbf215a51e0061b5b31f7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD529d56fc305e40f01032bf0076b086ef4
SHA1b3f62e1be6c185481d0181550e55ac228e5e98f0
SHA256b54c09a00f8f979364b45651faf823a656e6072759b630fe05f7c0c1ad23ff1f
SHA512562a487fbeddb48902b34fbfca63454d6ec116c479b0eab7a964489b7c2bba67c4371b6c5bf6bcf8fed9fe6c29800e990e2f9fabf02805500df63d1f10622016
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58c21ef6cf6203ed810c59a1243fc38a9
SHA18311c37c0ac452e5d302b277a1ed9a5cf859e328
SHA2567ca3be630ce173bf0a18d83541284f10340e5a55fb81be1df2360909430ffe6f
SHA512f54f9297b07945ee8edfb7123855f9cff61051277411855aaae91503ce8cb23aef0ae3ba37d6def7293f572a34b148af3a86b82b8ab8aff8bb4c88f9a8db3fbe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD59648b61cf547c74ebfd5d58d8b9508e5
SHA17f183f759aba7582ee6a1bf306b559cfab2962fd
SHA256b0b8594fce4b1b57bb18433bf8d8213769d73f752c7c4536ef54ff91d17036a4
SHA512bc08032c4799659340a1c0d74a351c478b4f12bf05998aef2d44a325567f4b38b49353f74a22c25f68a9333371a37cf07e34cbc23310da5e2df163aad7bb8493
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.logFilesize
752B
MD510507d84d893e72387d7e38ed4940f8e
SHA13355ab0bfae2b3b6298c77346f183a320b191895
SHA2567dc407f0e283ab87f0f934da64151dfffcf7e72831a67c0e1de9043a05feeedf
SHA5121a64059fa0771e210acb8d1905dfc6e5ab90656db7cc33d0e891604440fa3ff7081efd491652696f71f718923657f6996bfeb7f8d3dde3b218f10254aa41ae7d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOGFilesize
295B
MD5738a989b465c3675cf02b2522b52fb8a
SHA16d63da13fff527d7e85f72402264c48a947fac4e
SHA2566c327e8a6091524b6aad76354167ca8b265e08f84df9897b40bd8617349962c7
SHA5124cdb1592928bac2afad512606a06b9040c180a9a138b8fda8252565927fc4c9dcd4f925b23cf8b24769c80cc64e46aacbc7d8fd111294954b1e87dab5543898f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13297656329263348Filesize
1KB
MD57e2018fc59287094f3945c0549a5cfca
SHA11a8674bd0e8f69ca22d01f68e1041b9865103f1e
SHA256f29626fc4e68e41e0d2c288c36da25ff6067a46cbac140b2b5a215ea41832332
SHA512e0802617894519372fc08e816609e0a8df643166a322336842734e95536d3194890cae33a751757c54f24897868440ed1d76b5d550fdf176342a0da28bcbeaa7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.logFilesize
184B
MD5934af34453e0ea621ca5cc60688bfec3
SHA1891c30d787aaa6d862df72bce1b68b5e30051769
SHA2568a6618595c7f5fd0ea6377913040d327d3ac2ddcf398a8301a3a4c350d70e90a
SHA51272a1a3f5bd7c1e2229638a9d73628980809775418cc90f9f3eba818df3c66997c2f42b0c4c10d3f5dcd4b3882baf07aaea332e2a68f1a937f3ec62f8ea0bb8be
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGFilesize
347B
MD5f1fb71fed99307cd229c54263b74763f
SHA139e1524fa57802920d9fc2586a149c7acee9af5d
SHA256adace98222bb3d7f1ab09d8cf61272c678fadfbd4b74bac16606d4a1978428d2
SHA512f03b8d2abaf23bbcc452ebdba187e50ca180722eaebfba199db7850b179f2cb15ae6563e0eddfc200593de4f52831943ddac11dab0672ed8236c0ed338da2070
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGFilesize
323B
MD5de3e549bfdd69ebf1dc4c6e51cacb0c0
SHA123c43480a707ca11a3c46f374f8e39e30fca09ca
SHA256823be956d989ad859d9e6c3758dd24d433880e6283c0a828c1fd1c1486880cbb
SHA51282df844a5f81fe3008635a37579eb061a63b2f2cd34223d81443bfa4a62a5a5a8f9911ab8de27709f5ea9a01993f641879c68a50f34f3441ab791ef7a409aceb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top SitesFilesize
20KB
MD5f44dc73f9788d3313e3e25140002587c
SHA15aec4edc356bc673cba64ff31148b934a41d44c4
SHA2562002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983
SHA512e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
705B
MD57f005eaa803e43d4419e3370178bd05e
SHA18defbe7a9f065542c8f813e2f09b5490fd56310e
SHA256cdb5c6dc419e7976f15be130e636501e60b7e15c2d7a7e650b840c8a266ae718
SHA512231b6b7a29e3325086b7ca47bfbd66ab90b9caefffb8c0f187148ccb18d09d579d6c83aaafb0086c4551a6eed4a24dfa3f385f5e4b10d5740a49626458925e1c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksFilesize
128KB
MD54b3722c78f76e8aff067803731ab9f92
SHA151603976609cf38a6d7c7dd70c4ad2ecafd67c20
SHA256d5a77e75a5e7879585c25536f4ac100d5964884eb53f3fb998c26e178808474f
SHA5120d49581d8207d3378996571f1c14ba32b78c227aea3dc11da4b1b080b72752cff9264986365230331e6492038c9deca6424a919175e1bb89b4cced74aaeff633
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web DataFilesize
116KB
MD5f70aa3fa04f0536280f872ad17973c3d
SHA150a7b889329a92de1b272d0ecf5fce87395d3123
SHA2568d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA51230675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbFilesize
52KB
MD5f539f7e706c06900d5c208d253617295
SHA1a6c2638273d196354ac365c45b1e9433b6320b53
SHA2565ed2218d5e3550c225123e32d34dcacd76bfcf19fc2f1852570a97f027d2860e
SHA51240a3b55c9615f968ff6ce8e71860eed8ec8ef18bc0dceab00b00d079c4d4e6f1702c7de3860729c1996cd345c8917ea86ef337b84e2626e483124890f475ec79
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOGFilesize
297B
MD56d7c538793a6562396e2b0c219756986
SHA1d6ef0120c689d77969b4ca1e41f77e164c88712e
SHA256ebc5663a0b5f90661df82a4be8f787c5bdb3cc31c97c844775024f1b65e29438
SHA5120a1b54df0f5a5dc50ee4aa3b6587571cc5c70ed6ddda317c35adb4a1d6cb164e420be68b7d7dfcbb8a69413cab956820de0204a7d094e292641aa875106bd338
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD5affa134fc91d666fef8e91c01985bd35
SHA112d5c84de6e1adc584b5d2020ee0c93609b896d8
SHA256e8ecfcde6166c5d32e9f171e76dbad42ae51894951922672a3609a5d224ba950
SHA5125297ae3582cb067325b111465ce959f0978cdc6af3bdb03b8708dd4f0ec3d0d42a6332dc0ed8ab248e2743ff0b3d42b3f4c7b4310e219ea1aa713decafaf0a83
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionFilesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
13KB
MD51662d440645917e187aa6cc56d55fc0e
SHA12698b08f336b40e59b03ab0d5adba33787a4663c
SHA2566f8c892d26cbfe9f7d5dd29d6a7f4a3b266aa45934e84d41d8ee2eeb39e15704
SHA512d1c9e127979e41d79f69cf7d5a682ee72cd0ac523661dbf03469ac5e76316228a4db48c8d92b73babb05ab40cdc31a3445d709edb2adb7127a7cec5a177c50f1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.storeFilesize
1.2MB
MD5ab055b2a2d668e483f5df59a469f0f37
SHA184350e1d65a84a7bd8906b372f03b5d45d70bce7
SHA256f343a3ccf7e887ec6ef90d8e500cf3b7253c5e67e2e7fa6fcc03ae48f661260a
SHA512bc9d3dff7bd32fadcf2f8b0b360bf268b74240b297e8876bfc047228b01a6fee028854e81fc62da5d3e03fa78eaf8256b010521c32318b18e7d089b18bff8674
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD50346ed0a5606d0cb46d8b737aceb70a6
SHA185506891ad4619bc57eeb1273ba8a715c2f6a0aa
SHA256d33c595aea90e0c5cd23bb7e67fc9d3a62a85e93e985edc7d6d54822eddd2256
SHA512a98432e9b98afcb549b1b5ae25bf3e498cf445f463ee1fa682d6469db0cb3dca1e9d5b1c40e8205e06ccee4ae87b888a9bbe29bb394cd1947009bdb04dd70269
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettingsFilesize
81B
MD5f222079e71469c4d129b335b7c91355e
SHA10056c3003874efef229a5875742559c8c59887dc
SHA256e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00
SHA512e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1Filesize
126KB
MD56698422bea0359f6d385a4d059c47301
SHA1b1107d1f8cc1ef600531ed87cea1c41b7be474f6
SHA2562f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
SHA512d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUrisFilesize
40B
MD5cde9d60139fadda7aadecd7cf0d576f9
SHA16c0d79e8641db0bfc8f6f5c029a6afe2b062d254
SHA25695ca91f50a0e66e50d46ba039b06b2d1753433760426ab4a9da974fe7e7bf259
SHA51259cc8c2eb2bee9d69034359cc05e8e93fdddd642efe5bccea9f12e9f74e5675970d841657dc3dedbd8f73b31d47abbb470e63167de89674e2cbc85ab41c86299
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637887714333160345Filesize
5KB
MD53ac68f63141f5f2a6f88eedc3a3572c1
SHA1586c031bebea3e88bc311a7a77eac6c3bc8bd63a
SHA256b9bde97d4b0c08d6ca20771a951f1ddd286a550349eb97e560dd7cefaf2dbf45
SHA5120065efe27f4b330331a4ec5a83e865df131ab6ab8fd1e60bb9604f31effdd5ee4dc6de714fa0134800ffbd33c255de72898ba34bbe892068f429fc46eb1707e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTrafficFilesize
29B
MD5ce545b52b20b2f56ffb26d2ca2ed4491
SHA1ebe904c20bb43891db4560f458e66663826aa885
SHA256e9d5684e543b573010f8b55b11bf571caf0a225cdea03f520091525978023899
SHA5121ea06c8e3f03efdd67779969b4cdf7d8e08f8327298668a7cffd67d1753f33cf19e6995a3d83fe45185c55b950f41e48ac71b422b91e8d0180b5bdd07cfacfe9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_637811103879324684Filesize
450KB
MD5a7aab197b91381bcdec092e1910a3d62
SHA135794f2d2df163223391a2b21e1610f14f46a78f
SHA2566337fe4e6e7464e319dfcdadf472987592013cf80d44916f5151950b4a4ca14b
SHA512cffd7350d1e69ada5f64cafe42a9d77e3192927e129f2903088b66b6efc9626b5d525aedca08d473ad8fa415af1d816594b243609237dc23716d70a2ca0eb774
-
\??\pipe\LOCAL\crashpad_4288_WRSMNSYWBFDJKQZGMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_5812_JFNBKZBGXNHRHWJPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/692-189-0x0000000000000000-mapping.dmp
-
memory/1372-230-0x0000000000000000-mapping.dmp
-
memory/1416-162-0x0000000000000000-mapping.dmp
-
memory/1492-185-0x0000000000000000-mapping.dmp
-
memory/2020-159-0x0000000000000000-mapping.dmp
-
memory/2288-243-0x0000000000000000-mapping.dmp
-
memory/2352-160-0x0000000000000000-mapping.dmp
-
memory/2756-173-0x0000000000000000-mapping.dmp
-
memory/2780-130-0x0000000000000000-mapping.dmp
-
memory/2904-188-0x0000000000000000-mapping.dmp
-
memory/3032-131-0x0000000000000000-mapping.dmp
-
memory/3036-133-0x0000000000000000-mapping.dmp
-
memory/3204-163-0x0000000000000000-mapping.dmp
-
memory/3388-175-0x0000000000000000-mapping.dmp
-
memory/3508-157-0x0000000000000000-mapping.dmp
-
memory/3620-155-0x0000000000000000-mapping.dmp
-
memory/3780-166-0x0000000000000000-mapping.dmp
-
memory/3952-177-0x0000000000000000-mapping.dmp
-
memory/3960-179-0x0000000000000000-mapping.dmp
-
memory/4000-183-0x0000000000000000-mapping.dmp
-
memory/4024-171-0x0000000000000000-mapping.dmp
-
memory/4084-136-0x0000000000000000-mapping.dmp
-
memory/4288-154-0x0000000000000000-mapping.dmp
-
memory/4468-149-0x0000000000000000-mapping.dmp
-
memory/4480-141-0x0000000000000000-mapping.dmp
-
memory/4504-169-0x0000000000000000-mapping.dmp
-
memory/4604-156-0x0000000000000000-mapping.dmp
-
memory/4804-181-0x0000000000000000-mapping.dmp
-
memory/4824-146-0x0000000000000000-mapping.dmp
-
memory/5036-152-0x0000000000000000-mapping.dmp
-
memory/5136-190-0x0000000000000000-mapping.dmp
-
memory/5172-245-0x0000000000000000-mapping.dmp
-
memory/5236-218-0x0000000000000000-mapping.dmp
-
memory/5836-191-0x0000000000000000-mapping.dmp
-
memory/6068-202-0x0000000000000000-mapping.dmp
-
memory/6084-203-0x0000000000000000-mapping.dmp