6acdb7a5a4ccb58f93fab1d6a56998ae3f23d53560e33d3121943f4270fd6f72

Analysis

max time kernel
104s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
10-09-2022 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ltaucard - Extrato 4847.pdf
Size

64KB
MD5

4a9b6aa7b5a5d222dcbffc4dc63e4982
SHA1

8b5df79f04a5f546f6447cc7693e686bcf4d3b38
SHA256

6acdb7a5a4ccb58f93fab1d6a56998ae3f23d53560e33d3121943f4270fd6f72
SHA512

4dfff02c08117fbba5c09eeabc2a017df6639790c61c415c1ad6896af98ce6c79dd9cc680b19fe3331b33ba5bcd307a300a0f4157983526cfe557d00df6c3b30
SSDEEP

1536:/M0IlyFfugX505zdjopPhWcwBMAQQyOGu41syPQnqHy:/ZImJ5uWpPhWcJYyO8PoqHy

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\a04f5d8f-cacb-4310-b58f-b5fad9684729.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220910174513.pma	setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exechrome.exechrome.exechrome.exechrome.exe

pid	process
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
4204	AcroRd32.exe
1696	msedge.exe
1696	msedge.exe
1312	msedge.exe
1312	msedge.exe
5588	identity_helper.exe
5588	identity_helper.exe
5900	msedge.exe
5900	msedge.exe
2800	msedge.exe
2800	msedge.exe
4188	identity_helper.exe
4188	identity_helper.exe
5536	chrome.exe
5536	chrome.exe
3496	chrome.exe
3496	chrome.exe
1432	chrome.exe
1432	chrome.exe
4652	chrome.exe
4652	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

msedge.exemsedge.exechrome.exe

pid	process
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
5900	msedge.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe

Suspicious use of FindShellTrayWindow 32 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exechrome.exe

pid	process
4204	AcroRd32.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
1312	msedge.exe
5900	msedge.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe
3496	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

4204 AcroRd32.exe
4204 AcroRd32.exe
4204 AcroRd32.exe
4204 AcroRd32.exe
4204 AcroRd32.exe
4204 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 4204 wrote to memory of 3764	4204	AcroRd32.exe	RdrCEF.exe
PID 4204 wrote to memory of 3764	4204	AcroRd32.exe	RdrCEF.exe
PID 4204 wrote to memory of 3764	4204	AcroRd32.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 4084	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe
PID 3764 wrote to memory of 3540	3764	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ltaucard - Extrato 4847.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4204

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:3764

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DC6A89F2538F7086FCECF7A13895DF8D --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4084

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=83BCC4E7A0A43FAD25178C901158E17C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=83BCC4E7A0A43FAD25178C901158E17C --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
3⤵
PID:3540

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=31131AF9C1F467C81956E5FC487EED3C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=31131AF9C1F467C81956E5FC487EED3C --renderer-client-id=4 --mojo-platform-channel-handle=2176 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4576

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=34833BE7896CE1F0D0651923B20BB65D --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:60

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AA32DE6DD8BE605737B325D4E6BB809F --mojo-platform-channel-handle=2576 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4288

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=306C3E42A5D35D7A3EA3800B697328C6 --mojo-platform-channel-handle=2424 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://extratodemilhason011.z19.web.core.windows.net/
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:1312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffbdcb146f8,0x7ffbdcb14708,0x7ffbdcb14718
3⤵
PID:540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
3⤵
PID:4084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
3⤵
PID:3036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
3⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
3⤵
PID:620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 /prefetch:8
3⤵
PID:1276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
3⤵
PID:4868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4220 /prefetch:8
3⤵
PID:5208

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
3⤵
PID:5276

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
3⤵
- Drops file in Program Files directory
PID:5284

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff737cf5460,0x7ff737cf5470,0x7ff737cf5480
4⤵
PID:5352

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
3⤵
PID:5604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
3⤵
PID:5628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:1
3⤵
PID:5124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
3⤵
PID:5312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
3⤵
PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,14428768774248101738,8476761688134973681,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
3⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://extratodemilhason011.z19.web.core.windows.net/
2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbdcb146f8,0x7ffbdcb14708,0x7ffbdcb14718
3⤵
PID:5904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,15199611704957485457,5461322542629901355,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
3⤵
PID:4632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,15199611704957485457,5461322542629901355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:2800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,15199611704957485457,5461322542629901355,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
3⤵
PID:6116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,15199611704957485457,5461322542629901355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
3⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,15199611704957485457,5461322542629901355,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
3⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2200,15199611704957485457,5461322542629901355,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4256 /prefetch:8
3⤵
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,15199611704957485457,5461322542629901355,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
3⤵
PID:6036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2200,15199611704957485457,5461322542629901355,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4128 /prefetch:8
3⤵
PID:5612

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,15199611704957485457,5461322542629901355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8
3⤵
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,15199611704957485457,5461322542629901355,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,15199611704957485457,5461322542629901355,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5168 /prefetch:8
3⤵
PID:5708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,15199611704957485457,5461322542629901355,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
3⤵
PID:5996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,15199611704957485457,5461322542629901355,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
3⤵
PID:3784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbd9b94f50,0x7ffbd9b94f60,0x7ffbd9b94f70
2⤵
PID:3816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1632 /prefetch:2
2⤵
PID:548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2012 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 /prefetch:8
2⤵
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
2⤵
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
2⤵
PID:5648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
2⤵
PID:3452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4516 /prefetch:8
2⤵
PID:4796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4564 /prefetch:8
2⤵
PID:2240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4796 /prefetch:8
2⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
2⤵
PID:5188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4656 /prefetch:8
2⤵
PID:4064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4684 /prefetch:8
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4848 /prefetch:8
2⤵
PID:524

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5412 /prefetch:8
2⤵
PID:5776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1628,11113145686489784007,5096264542748019228,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
2⤵
PID:5768

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
8be9513fd38b94d4f6b5011b68b60326

SHA1
47feef421fe8de09e36ca685e9cf19d404aa8917

SHA256
5bf3203e8be948e62917ebab13e1b21aec105c473089b233874fac8e5748bb2d

SHA512
cb3dbfa46f3ee28956deab38fefa8276f9efa6ea978ff6b7f810f7f9ba106ed569f017cf5c840ae90fc5f83a1e6dbe50efef8e3412f4f38452a00915b2cc58bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
425e70c49fabe6512c8ba33e28acd372

SHA1
12f6da96b989312e490edbfcd6b3632d79da87e1

SHA256
53945914eedfd25db7c9acbb43f181376f3fd30f7e688254b0736300a93f023c

SHA512
bf5b0e3e9277a6ab9613ddb1d50e4da1854374031a3bf2cdee6b234a5f985e2b094e8b0092af0e8515bf133b54458fb434fc810e7079b66675d18d7fa551aa2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
9604333eee5df86b278acd4dbf538fec

SHA1
ee843e3ea0b2263ff5b9c801814e3c305e59dcc6

SHA256
5f6e0406f94b9b5579eb52f2dec2ebbd03f5fcc9bafa797eebbad72624404841

SHA512
71d50ad8c2c11875ac0f8264bca93f3a1ae6252c0fadc46c369b0ba4fc7e3b181e37e9b738ad3d5b1c034478a8e3a5202ccdc31427a25335345f46008b3f5859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
279B

MD5
f807366f63b6139dee684e721b718c46

SHA1
99de11da9baf24ee3bb7885cba60b168b5449969

SHA256
6961c7fe297db9694dcce3f2ecefa8e2b4599c6a565db9eefc7125dc4de6a306

SHA512
c4b0d98a12a27a084c5f55a07189e5c294532e9f87842eb136a57632882f1b164444dbd1ffa12c93861c0ccc8a4c2e39003ed52b6b20328a4502380b683a0f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
e163b02736ac097397a390a121f8701a

SHA1
672bd1f4974e4db80c2ee409338d1be6c697125c

SHA256
1c875dde6c754ad9a2b2e45c9e35720ee1c3c5dfe932a742615b07bcdba34637

SHA512
868142476edb4cdfbbcf2179a887f04679310f174de9861c1318e489713dceea9c30670fce427c4a5d6b792a5ca58dadeb0e11e0c841f754e43875b0e8064824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
33bf1d13dbc6e914905b5e284af951c5

SHA1
30b282d9dd42264fc98a9196597c88474423768d

SHA256
0f955caf7748230890556d24b6aed10557777bf20a5567f2a6357a1d6e54cba0

SHA512
c8c6a0a3112c6e812635b054c645d79a48d5aa2dcdaaa6e1040354762a47773dc76fb080f249d7d85099d21de9cd2f7669daf4bdb32e39c27c1a507261cb5c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
ce213521aa33e51c5133b738eea84b0f

SHA1
f61397eba89268632bd3609c1bf45bd2e1e3cf60

SHA256
85eb8e5d1d9f0830342927fd6a7a66eb64d0c3568d793342822866f6188949e1

SHA512
3557d430c06b86299124193f91d8c37f638baafd6dae5550617864ad06cf6f27692050625a074a3ddaa2b2b8d6a09725f320f4e9e1269259c8b137939e3c154a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
3b31b02fceab9b8b88dd74d52ee7f231

SHA1
f0ceb6673f019e6a4c8ac42a3526dc2bbecd0c34

SHA256
07f217319ed7b05498f578eb654d1084fda20040982d38524fe447dbfe6b7635

SHA512
0a78bdba02dd2d7b307b723a8404e03bca086d17cf8fa10b53c7fed0f9132f71bcf79107e87a94c4f2bdaf29b0f402f33d0c492e3cee3792aae3b740d059c0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
2KB

MD5
cf7ae9e11c4137efba94de11ce6a3202

SHA1
3c897d08373d01a921c53826b59850d3c7342103

SHA256
eb4f521030952967684e1518d3e524aa960a7a253d07c58bd98b2ac131d19a96

SHA512
7bc7b4b74eecd0674df3a03babe2c7bbe1e8409bfef457edf59438e8c521658e0253d292a86be572ff752b44797eff6f0be37ca5c432583aa4173dfb2445f5b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
03b13767aaa17418d1f6c9fd0c59946e

SHA1
708eda0ac269cf22d28826a183728d64fef5ffad

SHA256
9623e2a8aaec9737bc7b97c27e7915d361867c6a3c3ad2b9abd60f4745c8ea36

SHA512
6092fb4c3a031270624fc57871bb3f8c67c9ab7893d53620fac880c74f667b084d54c9563108200a9072ee486136cc41b9189e6b47f801d71adc673a943dee4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
96591c046fa6b20fab45353cb48f6fb6

SHA1
3a6691bf67feb86ea5291248f125ed7780c01173

SHA256
44ec97221a1783ef88f7564e542d8e643a56b03aecf45ef1f9296f371a9d6d7e

SHA512
f2014235f213c20f1019aea777f3031143cdec22c41e43a2002cad9301e6a86f9944f4551010412e3b3a68a2734bcb5563ca33f8d13c3dbc746deaf7d3c1164e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log
Filesize
812B

MD5
335450d1ee53d37b966fa27f276abee3

SHA1
b4cf88d018cc54ecb04314e61b93eb2b78c5f0b5

SHA256
1639a621cbdf2dac88f0407adff56a583ef937337c5423792c7a0d036068dff8

SHA512
7ae52259ba4ef3406441432b51b6861c259e9177a706a8c02ba6dd6b761dcd4ce2020bbd39f8c1ed3008ade809b259e2c034df2e71e7f6fd54e4c41ea06d20bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
Filesize
295B

MD5
5383c76852c7cb38a17cf965cfd33958

SHA1
eab0c26cf10911cf69fbd112979d7d74084f1e2e

SHA256
e5e8d86b4e103537f65e9396cf8b38f3cb7c752761a7b52d8a23a90c03999124

SHA512
930aa0dd0cdf0dc4eee5240aea016cd1a5d23656b6703b151ef42e421218f527ac43016738623a75a55230daec1869901a0bc4df122b361ff5a0699a8c54b15b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13307305552594343
Filesize
8KB

MD5
e78fdc88117dc3c6e5dab2a05098de37

SHA1
6685239b36bf496b60718c0dabf9a3c31d7317be

SHA256
14d0cf56cf2d632c3ecb6aaccf2950ad13d96844f63986e2e0284ca94a7a84cb

SHA512
c744c9f4240a9d016256e2e6e0057641abb4f89d173369fcab29dbd87d7c835de1b3665cabed2be3cca44fcb9ca2e6487e61a1fe8113b82aabb54d9cdb5879a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
256B

MD5
038c7e2492ebba4f40b20fe61082a2b6

SHA1
12659f7118b750852ebccb828e2a071a6c50efdf

SHA256
cbb43763e5ed98666765201d5e701a0d88d56c3bc55800ac81556c4123020d4c

SHA512
61fe0e039c764714e653c33cee7e71530e7454eb3bc3efd1556203fa824665808b0873c13cbb65a84bdc1b417f63a81b867940217af4c01eb5db6a82aea2b37a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
966693a435cdb208e750c878d0c17288

SHA1
0c904307cf7a1c5eb570507d26f4290c41e5ba2c

SHA256
9c712e35d40187383456e6fbef111d6c589bd4fc387a79e1417ee9da99994636

SHA512
21172197dbce427588b6a1ffa957d5d603a568d82fe8c957806136219794386f0c70b206fa4b3950b3cc41bf032907b7a2c75a632a4971fa2537a90fb93630d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
9548ca6135c6b67991969424c1b73c54

SHA1
8f5a5687b77beaac587e4a80307f6afe0db147b7

SHA256
8208966125ba165f4b2020c5b3a60e8a396b2d664d40f43449ee86ecc47bb5af

SHA512
13d0be5867758468af2e19de34af145c8c3cc8ba54d58c3339cdc33fcce52efbdaff11550db8c228fb0cd9e3e6361948207023727b5f4816b235e33da9bb49e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
496505d847847aaa19c733570a896165

SHA1
00f5482a3095c7660b580f446e01cc5568fbde5e

SHA256
e8e0bd5b1ff5cf9a74b1d764429d1e22ec01dc5e2aa88c741c822e9834557e69

SHA512
3bb7b3dd62b004594612f715809d1d0889bc38cbff83d20414e8443cd0ef921f20ff8ca771e2e532a3af0b5b9d6adef83a02c412f921602ad5cf225622d8ee88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
72KB

MD5
5814a0c4fe953e6c856f49e037693b51

SHA1
b84ce064a93ea0073fca497a7b6eed8ccad09205

SHA256
d63b190a65cd70d378919269a94dc38aa357f5e947de4d40a002d0f5ab31abe2

SHA512
75e43fb6d9042aee56d108e9114fbfac4dab38af2466cc16790f2811a8ee813acd5bd87c5e50d4509e81fe8c961279cb2558d7c65c1c37ac31e140e55a813746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
187B

MD5
9c9e46a27530e3a3f1236e25687d476a

SHA1
a9a9cd22109b598aecf141b2a2f801e0d7e61f26

SHA256
1585e90d48c24e2335e6fdfc908d78e79a77b48325d7cd3eadef768ce68ff73a

SHA512
8ae9285c93b949c38f3f2a1577194d1e62c3a619a9fd91b2310358efc3eb99da032868688861302babd73363f92d14bb552656e76d73cebd9359198a539af166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
279B

MD5
0f3ba11724d3b580dd4dedd9e6eaa96b

SHA1
8379e7132fe475632b987905d26a6daba951103e

SHA256
811112023251c7363acb306bb09b17098cf88a21878c202972c8ae6be92aece5

SHA512
b28ae0401e1e14915272021d8023a7b1ab318cc56994388967159a2a18e33180bec03a25815e5fb7f82f875a8e66fdc117621120d0ae768fb46e7d3c8d344caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
531B

MD5
2c0fbd4351e2541950017c40b2d1de30

SHA1
d8c61da011f8da1abbdb44b57a93369502ec07cf

SHA256
a7ce0c054eb7283e2d4b7cfd774c4ee4ed042691e745ffdf5dedf0f85e143c5f

SHA512
521ea663e1798481dd6860499c5e363f31095ced6003209bb24565aad0afb0f6bfcdab1a6dcd2e529fffcc1e47f50336a986b67ecb24344a04d175a1f8a7323b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
297B

MD5
be3d684d55b567cfd4c7a9ebdcf0ef10

SHA1
58bf0f3d2555a66db702b723e7cdc7fab290dbfc

SHA256
db69ede4e57a40bab34ea2c1427fa7b161d38a6ce03d52642e2765259516af01

SHA512
6ef667e24666d8447ac7c8ac74011b9a2161f947ae2c4291642d8f8d0765df0f1af542d8ad9aa613f13af889b727d098d66604c8fa2534d0958aac9b813ef80c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
d4c987ac18193043b615f5c00397a924

SHA1
0cd16471ebf6882e9fe516ec8c4b3c57a9819194

SHA256
63261d87c77edd0cc06788bfe56290e950ae53169568bdc850096b33e17e2cda

SHA512
a1d61b99a4f2fd58bdb35ea8bf0a3442365676043e3a83654d4829b6c3c422c40d4222398ba370d3a7367cc5d72641bcac14c956c22894f51b27388b06fefc3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d9c9003ac5d738dabd54cb0fc4d93130

SHA1
fa7bea216aca6b384597b35612e1964f5c69fee2

SHA256
5ba696509a85e9707bfba64728beec4a52ff4845dd8922ff4fb07dbbe32dddb4

SHA512
2e803b8b1c53dfe27e3b915dc1dac9e17d0f18494839152e9e4b18e214e9abf4be179db18baa0c3f91e92d8d0b9c358f15e69651caebd4c5b97cdde1d84eea9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
ed0787a8bfe453408d53d408840948e3

SHA1
5e513fb344c9d77f6827183a67df53b7540cfc7f

SHA256
2952b8a6fa5edfddce6ad6c29a5ceb448def399deffea38c38d64ef7d8147e12

SHA512
4aad870f8fa30114aa0ac530ff60cb75b405b795bb6ebbdf56c1c729517ff06520969c36c47d5fa9414a337139d87787694851a05c62d404dac639b32dd9fad7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings
Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris
Filesize
40B

MD5
9f09c61ff785c5baf2f02953243d3b32

SHA1
0bbcf50d72b6f668c8f20f15a1eb101d2a1a3875

SHA256
74b04545284e24b5405261bac492f0c182d6016e9c727e6950e45f36c243c772

SHA512
5c4bc72f6514d336ab0a9dc0d8b2c4aa7e883df4dcf500c84df5559a87fe3de18f7f1d6753b672d033f443553cf3f33632689bf551bff6d6e9f79f593808bcbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637984192009579721
Filesize
4KB

MD5
b4fea5f3aaf8acbc2d845446acb2d88a

SHA1
779ec6f94072c3d10a0884516a1800398c15c93c

SHA256
eff06c4bc3aa71de1bf6bdf83d16a47d0aaa3567bc8fe98a628d99e9f5c4e16c

SHA512
a262a59624728c6ee19bbc937e58caf2062f381af7fe32da365ab5cedf8a5b4cab2d3f84a7ca8f9c40d83580ee5abf04691ed7a0e3e00b3abc77cc97995c2652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic
Filesize
29B

MD5
ce545b52b20b2f56ffb26d2ca2ed4491

SHA1
ebe904c20bb43891db4560f458e66663826aa885

SHA256
e9d5684e543b573010f8b55b11bf571caf0a225cdea03f520091525978023899

SHA512
1ea06c8e3f03efdd67779969b4cdf7d8e08f8327298668a7cffd67d1753f33cf19e6995a3d83fe45185c55b950f41e48ac71b422b91e8d0180b5bdd07cfacfe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_637811103879324684
Filesize
450KB

MD5
a7aab197b91381bcdec092e1910a3d62

SHA1
35794f2d2df163223391a2b21e1610f14f46a78f

SHA256
6337fe4e6e7464e319dfcdadf472987592013cf80d44916f5151950b4a4ca14b

SHA512
cffd7350d1e69ada5f64cafe42a9d77e3192927e129f2903088b66b6efc9626b5d525aedca08d473ad8fa415af1d816594b243609237dc23716d70a2ca0eb774

Download Submit
\??\pipe\LOCAL\crashpad_1312_OKXVOFUJMMOKPEYD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5900_PLREIFCVHGTRMLCT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/60-147-0x0000000000000000-mapping.dmp

Download
memory/540-156-0x0000000000000000-mapping.dmp

Download
memory/620-166-0x0000000000000000-mapping.dmp

Download
memory/1208-247-0x0000000000000000-mapping.dmp

Download
memory/1276-168-0x0000000000000000-mapping.dmp

Download
memory/1312-155-0x0000000000000000-mapping.dmp

Download
memory/1560-187-0x0000000000000000-mapping.dmp

Download
memory/1696-159-0x0000000000000000-mapping.dmp

Download
memory/2800-215-0x0000000000000000-mapping.dmp

Download
memory/3036-162-0x0000000000000000-mapping.dmp

Download
memory/3524-153-0x0000000000000000-mapping.dmp

Download
memory/3540-137-0x0000000000000000-mapping.dmp

Download
memory/3764-132-0x0000000000000000-mapping.dmp

Download
memory/3784-258-0x0000000000000000-mapping.dmp

Download
memory/4084-158-0x0000000000000000-mapping.dmp

Download
memory/4084-134-0x0000000000000000-mapping.dmp

Download
memory/4188-252-0x0000000000000000-mapping.dmp

Download
memory/4288-150-0x0000000000000000-mapping.dmp

Download
memory/4524-243-0x0000000000000000-mapping.dmp

Download
memory/4576-142-0x0000000000000000-mapping.dmp

Download
memory/4632-210-0x0000000000000000-mapping.dmp

Download
memory/4868-170-0x0000000000000000-mapping.dmp

Download
memory/4884-164-0x0000000000000000-mapping.dmp

Download
memory/4936-245-0x0000000000000000-mapping.dmp

Download
memory/5124-181-0x0000000000000000-mapping.dmp

Download
memory/5208-172-0x0000000000000000-mapping.dmp

Download
memory/5284-173-0x0000000000000000-mapping.dmp

Download
memory/5312-183-0x0000000000000000-mapping.dmp

Download
memory/5352-174-0x0000000000000000-mapping.dmp

Download
memory/5404-185-0x0000000000000000-mapping.dmp

Download
memory/5588-175-0x0000000000000000-mapping.dmp

Download
memory/5604-177-0x0000000000000000-mapping.dmp

Download
memory/5612-251-0x0000000000000000-mapping.dmp

Download
memory/5628-179-0x0000000000000000-mapping.dmp

Download
memory/5708-254-0x0000000000000000-mapping.dmp

Download
memory/5900-188-0x0000000000000000-mapping.dmp

Download
memory/5904-189-0x0000000000000000-mapping.dmp

Download
memory/5996-256-0x0000000000000000-mapping.dmp

Download
memory/6036-249-0x0000000000000000-mapping.dmp

Download
memory/6116-238-0x0000000000000000-mapping.dmp

Download