da6bb9fd366a4357acffb0fc7cfcaa37e51d7441e1c2c341616e99966477d87f

Resubmissions

20-09-2022 17:37

220920-v7amjaeah4 3

20-09-2022 17:14

220920-vsbahseaf6 6

20-09-2022 17:10

220920-vp4gwseaf3 3

Analysis

max time kernel
269s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20-09-2022 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

THYNK T&C.pdf
Size

66KB
MD5

7f433d8b1c34f29af22617ba2f9ee1a0
SHA1

9b9f8ad721a54f1eee9f2ae9f242b863fb3505ea
SHA256

88bb72510f08dcb28208e42c5fd32996c809882ebfb81b26152284a5150520bb
SHA512

d7e88fd506c364ec89aba8f38389adf7339db96444b487afa4e3e110137ca29c0c9298a2fba7696811472f0185b6c7c240324c3652a861442b4326eeb4fd3071
SSDEEP

1536:TIxlvSkKkI4epM6+nQ7EAIOQIUHBu/3GO:8xVnFbeM6+QT9nUHg/3Z

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\06ce42b2-ecd4-47cb-b358-cf1e72af33f9.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220920171513.pma	setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

Processes:

msedge.exemsedge.exeAcroRd32.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exe

pid	process
2444	msedge.exe
2444	msedge.exe
1516	msedge.exe
1516	msedge.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
5608	identity_helper.exe
5608	identity_helper.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5712	msedge.exe
5712	msedge.exe
1900	msedge.exe
1900	msedge.exe
4464	identity_helper.exe
4464	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

AcroRd32.exemsedge.exemsedge.exe

pid process

4700 AcroRd32.exe
1516 msedge.exe
1516 msedge.exe
1516 msedge.exe
1516 msedge.exe
1900 msedge.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

4700 AcroRd32.exe
4700 AcroRd32.exe
4700 AcroRd32.exe
4700 AcroRd32.exe
4700 AcroRd32.exe
4700 AcroRd32.exe

pid	process
4700	AcroRd32.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1516	msedge.exe
1900	msedge.exe

pid	process
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe
4700	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 4700 wrote to memory of 5100	4700	AcroRd32.exe	RdrCEF.exe
PID 4700 wrote to memory of 5100	4700	AcroRd32.exe	RdrCEF.exe
PID 4700 wrote to memory of 5100	4700	AcroRd32.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3064	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe
PID 5100 wrote to memory of 3224	5100	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\THYNK T&C.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5100
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C9801549263E762D5C24DE2F86DE7721 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3064
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CBCDC7F86826360D4E72397674B879F7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CBCDC7F86826360D4E72397674B879F7 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3224
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F1DA14C924B919D97F854705DD4DC2B8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F1DA14C924B919D97F854705DD4DC2B8 --renderer-client-id=4 --mojo-platform-channel-handle=2192 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1752
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7B33E156A7975FA0849575B550FF5754 --mojo-platform-channel-handle=2568 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5112
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E0E180D5D57EA0728865EF93C9218113 --mojo-platform-channel-handle=2688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4376
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=51A5142838B5E5644203A16819171854 --mojo-platform-channel-handle=2792 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://micro-file-login-doc-folder-view.web.app/
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:1516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe17ff46f8,0x7ffe17ff4708,0x7ffe17ff4718
    3⤵
    PID:1776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:1640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
    3⤵
    PID:1684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
    3⤵
    PID:4196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
    3⤵
    PID:2764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 /prefetch:8
    3⤵
    PID:3036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
    3⤵
    PID:4848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
    3⤵
    PID:3176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
    3⤵
    PID:4636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
    3⤵
    PID:4056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3848 /prefetch:8
    3⤵
    PID:5168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
    3⤵
    PID:5228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
    3⤵
    PID:5244
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
    3⤵
    PID:5320
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:5384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x200,0x22c,0x7ff672505460,0x7ff672505470,0x7ff672505480
      4⤵
      PID:5452
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
    3⤵
    PID:5708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1044 /prefetch:8
    3⤵
    PID:5496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3996 /prefetch:8
    3⤵
    PID:5188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5832 /prefetch:8
    3⤵
    PID:376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6864 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6748 /prefetch:8
    3⤵
    PID:5696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2084,159042874303919452,11976664949394221055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6832 /prefetch:8
    3⤵
    PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://micro-file-login-doc-folder-view.web.app/
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:1900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe17ff46f8,0x7ffe17ff4708,0x7ffe17ff4718
    3⤵
    PID:1564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
    3⤵
    PID:1912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
    3⤵
    PID:3884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:5480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
    3⤵
    PID:5136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
    3⤵
    PID:4272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
    3⤵
    PID:3896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
    3⤵
    PID:260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5340 /prefetch:8
    3⤵
    PID:3556
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
    3⤵
    PID:376
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
    3⤵
    PID:5660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
    3⤵
    PID:3452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1856 /prefetch:8
    3⤵
    PID:5404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2056,18002591338576309031,12268202881339652039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4036 /prefetch:8
    3⤵
    PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4428

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
57a9b9946b1a98ac54f764ad3b88c985

SHA1
2dcd4dfa6e1a89d3f41bae15c5af794d95a3e9f9

SHA256
caa0424be60215e3f8e06d475d9e9d0e4f26d0e22022758897efb57b38f021c1

SHA512
d63258cebbc27496ce9a336ac9600ce231533648fd636f08be3887e24f2a3162b7f7c5cbb4c3463ba561b23db2f71ad1972e8525367cc7f0256b108614d9407a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
3716094643e41c17f278bbd870ea61ce

SHA1
a2ac341bb94c6f32351dd212115db79a652bae25

SHA256
979f7913398e9bdc28088dab3b965fc28ae13ece9633c83a0012418db0316b56

SHA512
d2316b122000f65fd11b157f5dfb1489c6080b2e3821b0d8282ef09e75008a09e049bacd8808f6268141d756986e44061adab8d10514fd93a666277d380611aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2022.8.1\manifest.fingerprint

Filesize
66B

MD5
df6d3c65ee273b748beb53aecb7f979c

SHA1
8e48bcc7c483c672fe4c6b6fd373d4c69dd9b152

SHA256
e07d33054ff7ba6e5e27a21f314a772bd616cd856a242b24c6f08a41df1fcf82

SHA512
8ad62912d1baf95ce7b8bc16f7fce3533473e54d2bb804f786be62387c0af407640b24e7510d77e476daeede69b6d6ef4708f43c81a8dd99a5a06bbc47180886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2022.8.1\manifest.json

Filesize
113B

MD5
a10686bb3ebc4154802435e02e63566e

SHA1
2c2ceca7de17afe8158aa6871cf478d626bf2567

SHA256
e4f9de4706ae0bf6e2337a809a74e20af126936e992d58a8ef11cad83f1e8bfd

SHA512
aa39d19dffc9e85323378578c314fddca140971c0a0f0322f55b8c672397794413073bd5271fa3656a04a73aee90ae8e8aae5eae69d457dd1ccc46707c88f245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
66bc9611dd085dd5e1366c94b84456cd

SHA1
613339f5891bf2c9e54ef565c54eb18be42d65fb

SHA256
27b4949b239ca2e2ce7812dd455868d97ce9c4851bb46eb0d7d5827285dd6c22

SHA512
196973df9961ef3c91af4836cabe58b6e7df8aa410867ec6769b1407eea99532faf7c6efd351d4ef81f0ab12527756fd146fbe02220c93b9ced8368bd0488be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
18846f66c4765ffd2bbb752e35d5c911

SHA1
09d0958fdc0d1c99b7ef3d00123bc5586f8ce258

SHA256
e8e2178d4fd31b376016fc13f4e02516928728851304d9514b7cb4ae4c1b5ced

SHA512
7a2729c2dd949445832a5cf7b21907e3b5be1761917c33287f7d5acdd96b6dbb7a9534c12fb727e2ebf813ca547e36bb8269b15f7cc2dad35bce83ffbf19e49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
d5be2dbaa7689a90f7f61dbf3ae896c2

SHA1
ae437ea1fc2c62dc2867898e29bfc1338d5439e9

SHA256
454bdf3254bc76d2e7c57ea284b66d1df89425e5627fd01b061431459f60b9bf

SHA512
8fe5d4775e9af789b0768c67975a76db51f0564e586f484df90be71569ada41b8b592c7ffd1c7b78031a84d70fab18363df38fb63c503ff72b957bbf89e73567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
3983bbc051563f57364dddb0d65eddde

SHA1
f9599b26d12d39525bdce41d7dbda605a8119e57

SHA256
0c9b819712b346044a45e54505bbecce1529337d6446e7fe73de8f66181c7a6a

SHA512
f4f04779d84ff08602a3dd2ede1c3424bdfc471d54a27cef58871da345e7102828ec8e849518a75c12825c20c3cc234a14d4c7e69bb4280f450060a661c20568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
550B

MD5
750c6237f340296ff794e463717c1b66

SHA1
8d9d465124dcd63894f3d622841d68c17a2eac78

SHA256
a28f9b13bfcf513b36b3d9dd0ceb5a2f5b2b86e424ef579dacb2b384264b32f4

SHA512
4073ed9e61a36e5d6cfe7a125b9e3314355779af497152cf48dbddeebf60c853792ae0cf1235ec01347d4ceeb446ed1430db4f1cde9d8ddab6cf64f354bdfd39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8edc0efbe7208bc68a4f7914cdac7f02

SHA1
a119b99c228fff3e36c91a6a9b707db19cb0d79e

SHA256
a19cace098483da710dda770b77d7378503a22829afac49f568de7afa1e31c00

SHA512
2198b647a532bdcfc00b5063244fa5c6e6f4c404ce3dd77d1f2754cc78b233b1635a5dc6094743be5b4ab562e20432bfbc74ed97c4dd23738ece9170f4b49cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b2c26325467ce317dac9d0fcd6bbf1fb

SHA1
8f1ac29a44cf1d137c4b9d277a5cd14437d6041d

SHA256
5796de736211a5bcb55e2711bd94ac1963f43e00f285bacd393ca1dcf3cb94ef

SHA512
f85e901a385e82af027254725b1702a2e3fc3a9955907f39c41a3333fa1e2481d4f8f1a655c14225eeb2ccb87720bc4f3055afb37ebaab4f5beabc40c93e507a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13308167866416691

Filesize
8KB

MD5
3787229469e835a63eec8f2563547227

SHA1
33b7a3546f3f41ebcbe9866b7532d064592ec0cd

SHA256
58eb4d60fe6d3bdd137ff860466c8ce12863d064f919950a1e7c8fc6744234a7

SHA512
98457fa90a38a92c96da77c1f48bcb5ff9c38b84c78e7c1edd2722312ebf6400f16075e372133d60d237151407a9259bae042c43c8d1351e8c1b9504ae218f12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
187B

MD5
4c0960be6f1c8d32727dab8c4f004186

SHA1
d79a94285a7b61387a3f7f1651dbeb712a7fb2ed

SHA256
55b3164fc3b9e4335339cc30a9aea70a4f6f8b4ab0a0543c14b6fb3be5daf1d8

SHA512
3b6cba17fe3824d9b430132c72cdfaecc2c1bea84dd862c6abe05091b4330ab7a5f3fe4b9934d664872d59f52092e3341686b3c471e25b12fb94449a0ffc04fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
87ddb79927776b490314b2bbded5856d

SHA1
dfbdb236c01aaf242c7923d45bef09ae085ef99a

SHA256
1471dc022ad0b6aad0fedb7181832a6727434e6c4f53983df72658d6adda4324

SHA512
d526e4c8ccdfd0253af05c8ee22fa99debc829f73c0ee9de87a82127c96c1832f858b4f663ce1264df9dbcb5aab9ad4256ff8d77b19dd8d9ef798911249c2ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
7af009f6b95bf82fc2662bea0240b153

SHA1
e88df7b495ff3b31c29e017daf8ff3a0283f1b00

SHA256
dfd901572adee6fb678fdcd0ce770f32d5fa1576245baa174d1213e521075734

SHA512
bd18724a2487bef99ed13e5424c0e376345f3fe72eb38858e25a9cc0fe5612a27c78c880aa553247c7fa379c350a284e83e84a72ad3da68aff16aa238b29df2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
29c32abf869e295308b85099f292bf82

SHA1
5440047ef9dcfe8fe4bc2ebe28497e3a13d9d9f1

SHA256
9c98ffc118f89f06e446e1778e6513c10675367877f40ccfb68d0a44a6ea2c80

SHA512
04feca497368d3905348d505131053aa8467d82f3a877d2243bdf59edac8cee25150e8d61a7777eb5a051d510dfab91610f4c8d1ea9c3a451666b702305a33a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
e763ba5117b52ced233cd203f7d39e28

SHA1
b314fde49c15ed0e8d8068381c516e932b84fbcf

SHA256
142fb518aaa88e49f5dabe4b21274fcef1a2931285259ad4bc365ba596e6b492

SHA512
571a3ba9db624b96f060e0c9380ba3dc797aec385a8bc18657fa99a895478c690dc631f76586c811ff8b1f0e5c751baf0890e29dd381da4bfa69b832faeb0d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
1217330d746279bacc55dbf5acaf2439

SHA1
97845914fcb3dbad074a8c495bb0ab68e23653d7

SHA256
6a57d1be08deaad2f2de1d30c486e3417a1ac86eaaff33b5be978b42b6b813ee

SHA512
25056ff6b2a0b4f45de4b7dc9ea80e4e2b33b44bb91204f585026a45522f98d1a3e13c399192ccdf8ab65accd19721d458de355fe1367b2fa2b33fe75bc8a5be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.2727.0\manifest.fingerprint

Filesize
66B

MD5
abe830e3cf4d78f3bf4a12a9d7f35192

SHA1
a6aab05822839ed4ae5eb12f19a5aa0adf9b46ed

SHA256
b0a1277949334880bba46184c5e109522ac0327feed1c5322efe79b0d641dd17

SHA512
d86b369dd2f3c8a7770185a6414f2e47099e21976d90a37bf3e2c83a2dbdf8fbc99858c76ed16b082b20182576611422cd16f4847a71f23f17125c1f2ec4ada2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.0.2727.0\manifest.json

Filesize
147B

MD5
18fffbef010cb63fd65ab0d7fb444218

SHA1
fa0a0ca2ddd20da9fe2d53d3463eb006fe322222

SHA256
1db46851f9196e4561380f458e6a3a6c1b8d818c718a3579d22a7f80866b7fd2

SHA512
742b5f02eb41efdeda843fa171aae00caa511a818f26c80fb2c9b1ee563b80b79311140992adcf724bb67a4013e006fab9ad0fbd598e1b8472c031cd03f1fc13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d2c24c1aa217c9454f0b251602e35f85

SHA1
ef72e714667652a60fc90fc9cd9d6898a2c83359

SHA256
408e428be48fbc3ae6450968f9cf83cd7be0c20858fcefdb79dfa5c983c9de62

SHA512
d167693a91773c68b14204edbf977b355f1adbdf116e59cea5b2f1212655531ce25818d3b77c02d8afea680e7b074cb5622316b45861e3fa0b245626b0ea082d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
3ffa1684fa8502d058e63823a1638ea7

SHA1
4abc895df49172bd41eec723ea44860dc77d0063

SHA256
0bc0d94d43eb32943017011890ec6962a32d693586bfd35a3ed8e6c89e93375e

SHA512
d85855aca1120eff18aebe56cda3c7bf76665d6f0984d6795f8d7792f004c4d92314afab973b28174059b455c41f29622880aebd81c57e0a3f41b0e377345b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\OriginTrials\0.0.1.4\manifest.fingerprint

Filesize
66B

MD5
7ce55ac0d7683657fd051e573ad06e30

SHA1
3bc51fbc6155c4e9d1439587e1c739995054cc52

SHA256
138e2b36e4c8bec8b00180558843355037d7de99c389f46e6183c4fc5a34c790

SHA512
f269c5c2ee53ed836bfd1b928b40e1ddb2aaea00e5585c85fecfcb1add71130d4ecfe91d2f2527934ac472c8b432d3475ca02b8f808e7e6014cd49155529d9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\OriginTrials\0.0.1.4\manifest.json

Filesize
43B

MD5
55cf847309615667a4165f3796268958

SHA1
097d7d123cb0658c6de187e42c653ad7d5bbf527

SHA256
54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877

SHA512
53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store

Filesize
1.7MB

MD5
bb9b59abb3e8ae0218f199b03c088fcb

SHA1
b7abe22a0587f8581c89d127e8e99bb96a14f71c

SHA256
b073ee10e30920b5b27cba197cc5ee37fbe4591ea4f01788e9bc1efc33430264

SHA512
783e3a10e37a30c39ecc14dead89916727536fb0fa8b2bd8bece797e0f4ee12a6e6a2a7b50d9306da51221268d1327c2ad9b93883d9cdc0c029817892e4ac8b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
2bec4dc2b25791199081b867bba69b65

SHA1
8a7aeb562c134295a48ef35debd8224efe9fedc5

SHA256
d9b058282dc458b6ecd0bed88c14468f9bf0449645cc798f2ef8a16fe37e1867

SHA512
cdd0b281501e89458564b8364265cb1b5b6fa8ccafc1cce305b923d21172bdf6f5b8c51ff0cd4c89505dcce2831d3f6cb0ba98652d609f727d057f5478a780ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
0db20926a7ddaa2fc862d3460c35ff46

SHA1
6159db669cf2d865a4fe57c7569e7b0e73eee00b

SHA256
41c7987aef3dd9c0997ea4fe096c5866de3e903ccdddfdf89e05aae5baa08cbf

SHA512
3a8fb1145dc1b5cb8c64c97d5e994711c737bb2a58209afc7468bc05f2fc5ee3b912d71889db816632e4661d18108602c3de28fed0108eb0a8519adf5850c60d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637992904051548772

Filesize
76B

MD5
74d76b17cfb7272f8b8f501e9b398028

SHA1
80a345e86d5edff787d7ed773a6f8cca4ada3d64

SHA256
8a4e20b46d303f18a222e5f985fedcd6d9f5e436a36bacb4357bec71d9bc34bb

SHA512
8ecfb336bc2222de1b87eacc3dabe62b2125a4a96e6e3df8c3c2d37bf42560fcc57ecd568200bad33281d9165f14ffb6c76c28c1a90e78a0a1d1d9edfee3bbac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
ce545b52b20b2f56ffb26d2ca2ed4491

SHA1
ebe904c20bb43891db4560f458e66663826aa885

SHA256
e9d5684e543b573010f8b55b11bf571caf0a225cdea03f520091525978023899

SHA512
1ea06c8e3f03efdd67779969b4cdf7d8e08f8327298668a7cffd67d1753f33cf19e6995a3d83fe45185c55b950f41e48ac71b422b91e8d0180b5bdd07cfacfe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_637811103879324684

Filesize
450KB

MD5
a7aab197b91381bcdec092e1910a3d62

SHA1
35794f2d2df163223391a2b21e1610f14f46a78f

SHA256
6337fe4e6e7464e319dfcdadf472987592013cf80d44916f5151950b4a4ca14b

SHA512
cffd7350d1e69ada5f64cafe42a9d77e3192927e129f2903088b66b6efc9626b5d525aedca08d473ad8fa415af1d816594b243609237dc23716d70a2ca0eb774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Speech Recognition\1.15.0.1\manifest.fingerprint

Filesize
66B

MD5
5bbd09242392aacbb5fac763f9e3bd4e

SHA1
14bb7b23b459ce30193742ed1901a17b4dcf9645

SHA256
22b55f5d9b1bafb80e00c1304cf5e0d6057a304a2e8757b4f021b416f4397297

SHA512
541e4c7998e91a5113f627c2c44e32b54878fe225b3b9476572f025f51f2b4ec4a44b102498adcc22b8fe388970645bacfafb6e7fc8a216df4d7bbfc8b0ff670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Speech Recognition\1.15.0.1\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\30\9.33.0\Ruleset Data

Filesize
139KB

MD5
72ccec08c60a7f3a383147f7a9f2951d

SHA1
43f34bde1863649ffaa91bfa656f7bc682c8428f

SHA256
e3d195c993651718d270f40378d6bd5ffd60b871f27c18284c818dd27de36b59

SHA512
58a598eb552ca86724a21a0c71d4f7bf127394b9de3ab6c9e74347b7689bc1c5a53a96b244a77e516f55d97274f8381a28515254821c505081792f08bdee38f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\9.33.0\manifest.fingerprint

Filesize
66B

MD5
7acc9fdfd5e6defd6bb5f6c7c9f0f237

SHA1
c69f22e3784fb93818f7e68401ce9e16c1220c20

SHA256
0450ffb19dd358ae4c6f31b0291a343a44f754a5e7ae5a975f306b2a273176bc

SHA512
e4c8c0557fefa3033bdf1ec0c7a1eba829ddf20aaa89649571a580a02190c5298cdaa9724f9a0834138db954c756560b247429018f50904b277b6e0aad46f932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\9.33.0\manifest.json

Filesize
115B

MD5
9d5cab395a855ce06c84bc96b71e1825

SHA1
4540606ecf3541e529916cac7db1ce80185dcf83

SHA256
1e1d3311fb23b966905a741ae12ba8a9e87e9be435042ee6796480403c73d27d

SHA512
cd34dd1e9092f475c0d269f61708dba3d700da55bc008a8fe9f130d3b3b1e49da138491e397e8152b8eca26e9564c6d0cc37bd2558e106b70830ab680edea757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ZxcvbnData\3.0.0.0\manifest.fingerprint

Filesize
66B

MD5
508b490d84112208bde5d0934db790f7

SHA1
8dea1a6c6cb16d0e8e17bb32ee72c1ca20476c20

SHA256
5c99f33d77e6ca143723a451185dbb1ae244557c94f781e117ecf6f5ac896aec

SHA512
990c6e6aedf71a44752e1062b246305aba8f69b2e44128a3fe1a10fcdef8c6d161bf468d1e3868fb0b4dffe0ff973c9442be8d7ea4e34390eb456b1a0f6bb165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ZxcvbnData\3.0.0.0\manifest.json

Filesize
110B

MD5
81238dbc1ea5db88e4d75a48b55a1d88

SHA1
06ddc4c62ba02a727836423ee6d5f8131be568ac

SHA256
c925b7eaccfbe1a2204dbf40be9054dcd12c299196a0c01b9cff4c2f29b90fbf

SHA512
e8a93129610fcfabf5b6e40778d501db346b6b257d903b3c7ec78bbf29128412bb6630e4da99aab503e376c7a9b1e4812724e2dc2bd3c2c464abecf6aae9a1b8

Download Submit
\??\pipe\LOCAL\crashpad_1516_TIUVJPWWZQFWWBIY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_1900_MVPSXACCRHCVDCVX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/260-257-0x0000000000000000-mapping.dmp

Download
memory/376-195-0x0000000000000000-mapping.dmp

Download
memory/388-268-0x0000000000000000-mapping.dmp

Download
memory/1044-153-0x0000000000000000-mapping.dmp

Download
memory/1112-200-0x0000000000000000-mapping.dmp

Download
memory/1516-155-0x0000000000000000-mapping.dmp

Download
memory/1564-202-0x0000000000000000-mapping.dmp

Download
memory/1640-158-0x0000000000000000-mapping.dmp

Download
memory/1684-162-0x0000000000000000-mapping.dmp

Download
memory/1752-142-0x0000000000000000-mapping.dmp

Download
memory/1776-156-0x0000000000000000-mapping.dmp

Download
memory/1900-201-0x0000000000000000-mapping.dmp

Download
memory/1912-214-0x0000000000000000-mapping.dmp

Download
memory/2444-159-0x0000000000000000-mapping.dmp

Download
memory/2764-166-0x0000000000000000-mapping.dmp

Download
memory/3036-168-0x0000000000000000-mapping.dmp

Download
memory/3064-134-0x0000000000000000-mapping.dmp

Download
memory/3176-172-0x0000000000000000-mapping.dmp

Download
memory/3224-137-0x0000000000000000-mapping.dmp

Download
memory/3452-264-0x0000000000000000-mapping.dmp

Download
memory/3556-259-0x0000000000000000-mapping.dmp

Download
memory/3884-243-0x0000000000000000-mapping.dmp

Download
memory/3896-255-0x0000000000000000-mapping.dmp

Download
memory/4056-176-0x0000000000000000-mapping.dmp

Download
memory/4196-164-0x0000000000000000-mapping.dmp

Download
memory/4272-253-0x0000000000000000-mapping.dmp

Download
memory/4376-150-0x0000000000000000-mapping.dmp

Download
memory/4464-260-0x0000000000000000-mapping.dmp

Download
memory/4636-174-0x0000000000000000-mapping.dmp

Download
memory/4848-170-0x0000000000000000-mapping.dmp

Download
memory/5004-196-0x0000000000000000-mapping.dmp

Download
memory/5100-132-0x0000000000000000-mapping.dmp

Download
memory/5112-147-0x0000000000000000-mapping.dmp

Download
memory/5136-251-0x0000000000000000-mapping.dmp

Download
memory/5168-178-0x0000000000000000-mapping.dmp

Download
memory/5188-193-0x0000000000000000-mapping.dmp

Download
memory/5228-180-0x0000000000000000-mapping.dmp

Download
memory/5244-182-0x0000000000000000-mapping.dmp

Download
memory/5384-183-0x0000000000000000-mapping.dmp

Download
memory/5404-266-0x0000000000000000-mapping.dmp

Download
memory/5452-184-0x0000000000000000-mapping.dmp

Download
memory/5480-249-0x0000000000000000-mapping.dmp

Download
memory/5496-191-0x0000000000000000-mapping.dmp

Download
memory/5608-185-0x0000000000000000-mapping.dmp

Download
memory/5660-262-0x0000000000000000-mapping.dmp

Download
memory/5696-198-0x0000000000000000-mapping.dmp

Download
memory/5708-189-0x0000000000000000-mapping.dmp

Download
memory/5712-238-0x0000000000000000-mapping.dmp

Download