Analysis
-
max time kernel
115s -
max time network
120s -
platform
windows10-1703_x64 -
resource
win10-20220901-en -
resource tags
-
submitted
12-10-2022 16:23
General
-
Target
Quotation.pdf
-
Size
114KB
-
MD5
abaf0b1f64bb5b4a2317839e3b704491
-
SHA1
b39cc0e36b004c4c7d7e0865870dbcf141619354
-
SHA256
54e6d9edfc464897c5a761bbab53ad6b7d2a881df2e4a13fb119578ab89b85bd
-
SHA512
1ba0cf66c466a0d2a7293db4990592fce74e6283f160f4ec4cd8fcf503c7abd8540b1ca4e327e692f0a1b9be7b05bc9f5b5cf425d2802b758e5dc98cb7717cd8
-
SSDEEP
3072:vgN6/rdYCDt72mDlgwRyBq0rrxNBBo1Va:vgN6jtJ7HZgFJHBq10
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 5 IoCs
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious behavior: MapViewOfSection 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 14 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Quotation.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=087A5A432F27F53B4A18063CD92A388A --mojo-platform-channel-handle=1608 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3A190C28C530F0BD4D6E0B3E321C1986 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3A190C28C530F0BD4D6E0B3E321C1986 --renderer-client-id=2 --mojo-platform-channel-handle=1620 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3A9C3C5034FCE66AE8CCDB66FEE7A8E9 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3A9C3C5034FCE66AE8CCDB66FEE7A8E9 --renderer-client-id=4 --mojo-platform-channel-handle=1956 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A25216077065218CA7B18E3DB159E539 --mojo-platform-channel-handle=2456 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E5B9C16B22918325C2958168E406670A --mojo-platform-channel-handle=2740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=837053A9DB76EF1E1F3BD9A4BA370F35 --mojo-platform-channel-handle=2568 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
-
C:\Windows\SysWOW64\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://m.addthis.com/live/redirect/?url=https://storageapi.fleek.co/2ee61029-ea2e-45b4-9c41-a7327b42a611-bucket/onedrive/snow222/snow33onedrive/adobefinal/eadobefinal.html"2⤵
-
C:\Windows\SysWOW64\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://m.addthis.com/live/redirect/?url=https://storageapi.fleek.co/2ee61029-ea2e-45b4-9c41-a7327b42a611-bucket/onedrive/snow222/snow33onedrive/adobefinal/eadobefinal.html"2⤵
-
C:\Windows\SysWOW64\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://m.addthis.com/live/redirect/?url=https://storageapi.fleek.co/2ee61029-ea2e-45b4-9c41-a7327b42a611-bucket/onedrive/snow222/snow33onedrive/adobefinal/eadobefinal.html"2⤵
-
C:\Windows\SysWOW64\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://m.addthis.com/live/redirect/?url=https://storageapi.fleek.co/2ee61029-ea2e-45b4-9c41-a7327b42a611-bucket/onedrive/snow222/snow33onedrive/adobefinal/eadobefinal.html"2⤵
-
C:\Windows\SysWOW64\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://m.addthis.com/live/redirect/?url=https://storageapi.fleek.co/2ee61029-ea2e-45b4-9c41-a7327b42a611-bucket/onedrive/snow222/snow33onedrive/adobefinal/eadobefinal.html"2⤵
-
C:\Windows\SysWOW64\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://m.addthis.com/live/redirect/?url=https://storageapi.fleek.co/2ee61029-ea2e-45b4-9c41-a7327b42a611-bucket/onedrive/snow222/snow33onedrive/adobefinal/eadobefinal.html"2⤵
-
C:\Windows\SysWOW64\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://m.addthis.com/live/redirect/?url=https://storageapi.fleek.co/2ee61029-ea2e-45b4-9c41-a7327b42a611-bucket/onedrive/snow222/snow33onedrive/adobefinal/eadobefinal.html"2⤵
-
C:\Windows\SysWOW64\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://m.addthis.com/live/redirect/?url=https://storageapi.fleek.co/2ee61029-ea2e-45b4-9c41-a7327b42a611-bucket/onedrive/snow222/snow33onedrive/adobefinal/eadobefinal.html"2⤵
-
C:\Windows\SysWOW64\LaunchWinApp.exe"C:\Windows\system32\LaunchWinApp.exe" "https://m.addthis.com/live/redirect/?url=https://storageapi.fleek.co/2ee61029-ea2e-45b4-9c41-a7327b42a611-bucket/onedrive/snow222/snow33onedrive/adobefinal/eadobefinal.html"2⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.logFilesize
512KB
MD5ea35ce597b23f62efd63161d0d0c4a06
SHA1fe6bd3bffe4efb23d03ccec2b3e3111a9f7ab27b
SHA256d7eb58de36a32ccd028ff5a59a4285ad004aacaceb1928727501f5d62db510f4
SHA5128f5c2d15c2de5689ecac4c77ad55e8ff91a18f951ebc6d21374777b48dea53d86e107af960b0985575dc630d427ed2d4b5140ab0193fce78448b4aa1a02397fa
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chkFilesize
8KB
MD54aea0a35ac85f6772624562b9eeddffa
SHA19463b98866bfa545b520cccff0eb1c4574d24a02
SHA256fc6bdd65e663c77fbb8799c358e849ca12e47eda984597626aedd4d49db845c9
SHA512b8327ea3fd05ca3e60c87feab90f1a0869d6226dc518b778e882674c836cf4a5efb243b1024ce13b187f341a38dc46b9c7f239b407d2f53f843aea5e4c05a773
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edbFilesize
2.0MB
MD51d5a80bd6e224b5d5195430a9dec467d
SHA1e5431b0d1a082c6a5fe8969ef6a70a63c0a47c36
SHA2568c70de2d980e840c26e7f30a67e9dfa3d10c223f818a2eed1ab64dc5eb43a60f
SHA512c9b2edfa2fb5fa37319580499020f54ea362dd3545dce5eb1f344976e04392a763f2872dbe134f35fc107e589e02c9e9b0fd91a55359cb9e035487b92d6bb6b5
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfmFilesize
16KB
MD54f0914380671c29592f1dc7b29ba08dc
SHA1f8f20618b4b494ad9bf5a8389599744d6a5ec70e
SHA256de58f256313265d283640d016796b3178737a71535e31524b4be94df985803d7
SHA512a81b2edbb652bd61d2c3849fd70d75aa5f285ae803206643a35cab76460bd32d439a123c3dd6090e354977402f6b3dfe718d81da96e9411c5d73fbda29f0772d
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{9EE5ABB8-25D4-4C12-909B-095C6A57A8B7}.datFilesize
5KB
MD58cbb91d766732221ca8b093ccd58e926
SHA1e6a8ff2a199e32185c27e6c9ead45f124dc0f571
SHA25657bef248aa0a9e388cfcebc98468859265ed3d14774e888259cbdec526829f6e
SHA5128fb7ab93c03f45cc06be42bb86df368fd1d108c87de3cd29be45cf128319793ca9ceb6fe0a98dfb4370b9cd3815e6dbab6d04c26af00f95852dda26c80070a81
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{65A8ACFC-6A88-4440-8149-ABC6C79D6347}.datFilesize
5KB
MD577f2930a0a7296dae2f1e1f698e7f7ca
SHA19fdeecdd46a4bdb7e7408f6a16273037bcf06472
SHA256deb4b1a1cf80b10ccc4721413ecf35c961962b884f52d387bdb57f7d1189bfc5
SHA512341a6bc098f9629f06041b6e082f953403885d098638ee2aa94bd94a73211b500e468266dce4f5fc4793ecd3a81ad657af28fd7f30f77df6a65cc99a8a351148
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.priFilesize
207KB
MD5e2b88765ee31470114e866d939a8f2c6
SHA1e0a53b8511186ff308a0507b6304fb16cabd4e1f
SHA256523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e
SHA512462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d
-
memory/344-142-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-156-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-129-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-130-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-131-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-132-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-133-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-134-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-135-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-136-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-137-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-138-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-140-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-141-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-143-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-169-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-146-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-147-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-148-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-150-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-152-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-153-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-155-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-157-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-159-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-161-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-163-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-165-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-164-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-162-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-160-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-158-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-168-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-154-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-151-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-149-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-145-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-120-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-167-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-166-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-139-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-128-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-144-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-170-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-171-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-172-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-173-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-174-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-175-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-176-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-177-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-178-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-179-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-180-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-181-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-182-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-183-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-121-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-122-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-123-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-124-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-125-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-126-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/344-127-0x0000000077170000-0x00000000772FE000-memory.dmpFilesize
1.6MB
-
memory/892-404-0x0000000000000000-mapping.dmp
-
memory/1612-1178-0x0000000000000000-mapping.dmp
-
memory/1704-971-0x0000000000000000-mapping.dmp
-
memory/2084-1169-0x0000000000000000-mapping.dmp
-
memory/2104-1136-0x0000000000000000-mapping.dmp
-
memory/2152-791-0x0000000000000000-mapping.dmp
-
memory/2684-683-0x0000000000000000-mapping.dmp
-
memory/3732-1121-0x0000000000000000-mapping.dmp
-
memory/4016-1159-0x0000000000000000-mapping.dmp
-
memory/4240-1150-0x0000000000000000-mapping.dmp
-
memory/4256-882-0x0000000000000000-mapping.dmp
-
memory/4508-348-0x0000000000000000-mapping.dmp
-
memory/4536-1145-0x0000000000000000-mapping.dmp
-
memory/4648-304-0x0000000000000000-mapping.dmp
-
memory/4672-1054-0x0000000000000000-mapping.dmp
-
memory/4768-207-0x0000000000000000-mapping.dmp
-
memory/5064-377-0x0000000000000000-mapping.dmp