e5e4f5ba15a4bb5fa50d37161409f8eebdcc120506e60853e1ca0dbd90ba0bcf

Resubmissions

20-10-2022 16:05

221020-tjrepscedn 3

20-10-2022 15:26

221020-st7zrsbfd8 6

Analysis

max time kernel
597s
max time network
586s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Brochure.pdf
Size

1.2MB
MD5

832ee795b9cf632ec05a37a58cae400e
SHA1

1f356ca53d91526260205ccd2d4c0a1a9727ab6b
SHA256

e5e4f5ba15a4bb5fa50d37161409f8eebdcc120506e60853e1ca0dbd90ba0bcf
SHA512

c7e796b6a5588c7d193050b59a5735b2898916cc4615ae927e57eb74aa905f74464ce40dd04e01f8c3b3f232d7bf1a77203d18b0245d191fcf68a0b04b5cce18
SSDEEP

24576:+40jYyTZ59a3BFxAY8FbWrNlCGZ9AN5RQ0WbjX:+40jYMZ5AXCbmN4gAN5mdz

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\Products.txt\excluded.txt	AcroRd32.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
1436	msedge.exe
1436	msedge.exe
4748	msedge.exe
4748	msedge.exe
2156	msedge.exe
2156	msedge.exe
3724	msedge.exe
3724	msedge.exe
5484	msedge.exe
5484	msedge.exe
5264	msedge.exe
5264	msedge.exe
4056	msedge.exe
4056	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2956	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2956	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 11 IoCs

pid	Process
4804	AcroRd32.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
3724	msedge.exe
3724	msedge.exe
5264	msedge.exe
5264	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe
4804	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 1284	4804	AcroRd32.exe	87
PID 4804 wrote to memory of 1284	4804	AcroRd32.exe	87
PID 4804 wrote to memory of 1284	4804	AcroRd32.exe	87
PID 1284 wrote to memory of 388	1284	AdobeCollabSync.exe	88
PID 1284 wrote to memory of 388	1284	AdobeCollabSync.exe	88
PID 1284 wrote to memory of 388	1284	AdobeCollabSync.exe	88
PID 388 wrote to memory of 3720	388	AdobeCollabSync.exe	92
PID 388 wrote to memory of 3720	388	AdobeCollabSync.exe	92
PID 388 wrote to memory of 3720	388	AdobeCollabSync.exe	92
PID 4804 wrote to memory of 4272	4804	AcroRd32.exe	93
PID 4804 wrote to memory of 4272	4804	AcroRd32.exe	93
PID 4804 wrote to memory of 4272	4804	AcroRd32.exe	93
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 2812	4272	RdrCEF.exe	95
PID 4272 wrote to memory of 3628	4272	RdrCEF.exe	96
PID 4272 wrote to memory of 3628	4272	RdrCEF.exe	96
PID 4272 wrote to memory of 3628	4272	RdrCEF.exe	96
PID 4272 wrote to memory of 3628	4272	RdrCEF.exe	96
PID 4272 wrote to memory of 3628	4272	RdrCEF.exe	96
PID 4272 wrote to memory of 3628	4272	RdrCEF.exe	96
PID 4272 wrote to memory of 3628	4272	RdrCEF.exe	96
PID 4272 wrote to memory of 3628	4272	RdrCEF.exe	96
PID 4272 wrote to memory of 3628	4272	RdrCEF.exe	96

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Brochure.pdf"
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1284
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1284
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:388
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:3720
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4272
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1A0A1171E9BCCE5FFBB5EB05E81EE8AA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1A0A1171E9BCCE5FFBB5EB05E81EE8AA --renderer-client-id=2 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2812
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=91F1A945971F88FE5BBD8C3055CFEEF5 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3628
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6855D09167B3CD420C84C3A97FF78907 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6855D09167B3CD420C84C3A97FF78907 --renderer-client-id=4 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1932
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=46401592E72260BF4276FDAAB10047DA --mojo-platform-channel-handle=2464 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3344
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0BF73D34845334DF19804265EC7720B9 --mojo-platform-channel-handle=2008 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3672
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BED578DD2869E33B56C5828F06DACE38 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3484
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6999688021911E51AC6EF19D813F107B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6999688021911E51AC6EF19D813F107B --renderer-client-id=10 --mojo-platform-channel-handle=1636 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=NRS48dID6v0
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:4748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd595b46f8,0x7ffd595b4708,0x7ffd595b4718
    3⤵
    PID:4348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13357304803267994430,353286177734101516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
    3⤵
    PID:3972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13357304803267994430,353286177734101516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,13357304803267994430,353286177734101516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
    3⤵
    PID:392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13357304803267994430,353286177734101516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
    3⤵
    PID:768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13357304803267994430,353286177734101516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
    3⤵
    PID:5044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2096,13357304803267994430,353286177734101516,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5272 /prefetch:8
    3⤵
    PID:1092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13357304803267994430,353286177734101516,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
    3⤵
    PID:2200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,13357304803267994430,353286177734101516,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5608 /prefetch:8
    3⤵
    PID:4392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,13357304803267994430,353286177734101516,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
    3⤵
    PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=IwI29jECnko
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:3724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffd595b46f8,0x7ffd595b4708,0x7ffd595b4718
    3⤵
    PID:2772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
    3⤵
    PID:1960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2836 /prefetch:8
    3⤵
    PID:2488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:3780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
    3⤵
    PID:3736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
    3⤵
    PID:3424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
    3⤵
    PID:4572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 /prefetch:8
    3⤵
    PID:116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5996 /prefetch:8
    3⤵
    PID:2420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
    3⤵
    PID:3480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
    3⤵
    PID:2900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
    3⤵
    PID:1312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
    3⤵
    PID:2236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
    3⤵
    PID:3012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
    3⤵
    PID:4172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
    3⤵
    PID:1840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
    3⤵
    PID:4344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2424 /prefetch:1
    3⤵
    PID:1732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
    3⤵
    PID:4800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
    3⤵
    PID:3212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,4858869974041735845,1495664729874393185,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
    3⤵
    PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.luxatiainternational.com/
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:5264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd595b46f8,0x7ffd595b4708,0x7ffd595b4718
    3⤵
    PID:5284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8995683380499088406,9800074341725894186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    PID:5456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,8995683380499088406,9800074341725894186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,8995683380499088406,9800074341725894186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
    3⤵
    PID:5508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8995683380499088406,9800074341725894186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:5632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8995683380499088406,9800074341725894186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:5704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,8995683380499088406,9800074341725894186,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 /prefetch:8
    3⤵
    PID:5736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8995683380499088406,9800074341725894186,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
    3⤵
    PID:5868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,8995683380499088406,9800074341725894186,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5280 /prefetch:8
    3⤵
    PID:6032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2140,8995683380499088406,9800074341725894186,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 /prefetch:8
    3⤵
    PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8995683380499088406,9800074341725894186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3012 /prefetch:8
    3⤵
    PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.luxatiainternational.com/cart/customize/world-data-transfers-and-compliance-summit
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:3716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd595b46f8,0x7ffd595b4708,0x7ffd595b4718
    3⤵
    PID:3728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11628737462397256326,14361234738423834911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:1592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11628737462397256326,14361234738423834911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11628737462397256326,14361234738423834911,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3160 /prefetch:8
    3⤵
    PID:5156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11628737462397256326,14361234738423834911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
    3⤵
    PID:4548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11628737462397256326,14361234738423834911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
    3⤵
    PID:1280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2092,11628737462397256326,14361234738423834911,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4784 /prefetch:8
    3⤵
    PID:424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2092,11628737462397256326,14361234738423834911,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 /prefetch:8
    3⤵
    PID:3424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2804

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e4 0x31c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2956

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
e52e0732defa2a045d4458a09111ee44

SHA1
9d9e441290c2d506f7e2abf728ab2b492eac1ca2

SHA256
87488b5d9376e846a3768b2d4652d3c03ec55632ddff09668976ca63274319b7

SHA512
8aee285b45006963082626ebd5ce7c2a3a0d772a250331b596247d3c236faa79a5af0cd392114b86bfda1ef603d371a2b2fc756c95cdca374e5a97d7387c2f75

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
828caec3f05fbdb7d4f1090fc1d22754

SHA1
843bcc6d85156a0c325631c23616fee609303c5e

SHA256
3914dd03383891fe0830c31967639ae3e9711e8d72daf792e6c2da4475ceca5b

SHA512
559165822b78506cd0f2c3ad11cbfd91a4b8f48e27e754f3e8b0da4ee5cd267fc8d520792cbc38bf01fb2eea00a359d69b3339615bdd9acd107894b815cae27f

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.1MB

MD5
41bcdf27405bea258e9c75bf387bc712

SHA1
4c56f9fb77ed8e8ab558d622b32a464611dab8a6

SHA256
9458fd5c3fd8d57e1d46d0635a8864b8ff672e81399976e5105d741ca09355dd

SHA512
e42fdf052cd060b2cca7523b8758de3b95a3b765bf2abab06425fbd9d8298570493f92e67f230556e6cf7c9e2d0b45f4c5a0068d069e7697758c64c41e488e8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
0d9a2037e73cd22f48320fe2b948f859

SHA1
d43ae6f8ff7c1dfc0e64dda6140c71dd302ccc5b

SHA256
c9292d1d90eb1b32c358968678fd6145c0a7c432f5eb54bfae4c5f7f5d36f2c0

SHA512
aeae9b23910422ace83e35a0e94f6d524f39c44e78cf7bbb224766a20e050a6d9024fee12d7cef83971ee71265b4df727b3582428a1e1b3ecc329cf56d6b9e73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
430B

MD5
f0c703e5ac794a080885858b07218436

SHA1
df85af3d8be9bbc0d5ee38eb875e51b35f2e081e

SHA256
47ea45b1243f4060c5625b96ef8456b9e974d53deaacac91a50048e565bf2d5a

SHA512
ce3e498c3a6b033af1d09b954152ccae6dfb611747a4de4f9daa45ce6d77888c87d5e39ee04a820e1991e66a553eaf078b0c9d52a1377dd3593998cb6ab1c595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
66bc9611dd085dd5e1366c94b84456cd

SHA1
613339f5891bf2c9e54ef565c54eb18be42d65fb

SHA256
27b4949b239ca2e2ce7812dd455868d97ce9c4851bb46eb0d7d5827285dd6c22

SHA512
196973df9961ef3c91af4836cabe58b6e7df8aa410867ec6769b1407eea99532faf7c6efd351d4ef81f0ab12527756fd146fbe02220c93b9ced8368bd0488be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
b87a73fcc136615460442e3189f52c45

SHA1
cc469ebce58e07f38d93bd4d7da311f7e3f3161c

SHA256
86058fd4011899ca7150d74e0a5b383126ecff96b3e59e95d8c8ad59f2595d6d

SHA512
1e3cf8e6116b8dcc5398df7b2a6ce09022ab73fcd7e89ff4a900c62ebca1187f33444f7ced2c2e5eb54d2cfab4539fb2a01564ceebba5ee8f942193dcc7d7754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
199517e9730396d11a2f16035ac71543

SHA1
825668f9f8202b2fd6db03bf2ca9521ab572a1dc

SHA256
b0186a53b16edd69e02760c50b212ca088192e3b07c1ef4b8336ab64565c60e7

SHA512
9d242230ef0d8c1b39171d1ead3dde23874620db9e863963b79f3b7d13b74f5f3ad8d9e2070c7b9610280082116257dd97ca906d9743c13deec1e052d54bd38b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
279B

MD5
25571f5719013b600938cccf8ebe18a0

SHA1
7584c34b28946a66922893b7dc647e646b82159e

SHA256
9b062c4087bea2d58703fbd3cc23e8ac85d78e6a112fe81d05c10f045b1854aa

SHA512
31841d58af2670b73d6c120a4de9a9c3ad5c194a1ed2a15801ecaed9db013350ed34f50644bd0cfab04ba0ff52062dd4a05d7e658bce52925e99b99047a4c345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
faece26103d2da2f4d43cba59132e55f

SHA1
5bf5e4337d28fe498d53a5bf6c4ebd03ab9eac55

SHA256
21ceb40088df28c73ae7d143f6b1d089108720ceaa986021cd7336f8da04a99a

SHA512
c849b17c17e4a0ab45ab519f6deaca66aa208a3ffbc7b46739c5d61e962d885e8a2a7c2aac1be7ff9514424db0065fca42282ae4319ed958b8a566c59925eb59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
91482faae86ad99261e282ff269b1e1b

SHA1
f20c8ca224ef99c32c7dab6825238dcb7917dd25

SHA256
9541b926c613fc7a4346b654c6cb76a9be1af144e2579c27bfb8931e96a8ca45

SHA512
13401ba561ebb92b5104bd2cb2408a8447b3949b2089d879c19ae035e5a8b5f95320c21d292672cd3a22bc8d3c62e8ad6944903d0cb97cf98debc05aeaa79937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
3155a95f554eaa3db6ac13f7365686dc

SHA1
3d89239837a703849b139b3699d4fda5c62f6bbd

SHA256
ce5ef80a4d611eba4991eb6bbae5e9679517ab422a9d32e03cece080063d4890

SHA512
3df95d7b562efc391eff088c0a98893adf11eab03184f94bf7b980e43a74a7745b03d0a717596e792ea8871e5bcc76e0ffd560f07bef486b1647eb0e3c045be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
840B

MD5
34ef350a1a9eb5787027c73fbceaa56e

SHA1
47d89a6fc97220d67e629c016bbeb5e0fecff641

SHA256
533f7a4f57bce8db5c33d240a62065d5cc404982adf608a8dff4a1f4f6e4bb45

SHA512
e9532cf485ef73b4f90f9570415a0802bdf48cd5e6a2109142fc84e5b88fe07de5719755b6c6f6f434e6c1824e4015658823d82ac42fdef8480cbdd0c6009131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85e4a168481db7290becf1e40a717631

SHA1
fa8ffee59db0c9c879c2c59077fa92a170183d5c

SHA256
1be6c4b84e43305edc8ac762c7c9e00de50dda739015ac4c332166c02b8ef442

SHA512
e042bc8cc36eb928181439455461fd7d2a6b60f9bf911dd521e772bb5a0c092d3e85091bcbb3dd9b9436b2fd5a7c9b616ef88abf52c1bc6f850941bf418e8c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b2c26325467ce317dac9d0fcd6bbf1fb

SHA1
8f1ac29a44cf1d137c4b9d277a5cd14437d6041d

SHA256
5796de736211a5bcb55e2711bd94ac1963f43e00f285bacd393ca1dcf3cb94ef

SHA512
f85e901a385e82af027254725b1702a2e3fc3a9955907f39c41a3333fa1e2481d4f8f1a655c14225eeb2ccb87720bc4f3055afb37ebaab4f5beabc40c93e507a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
626B

MD5
fc4bdc8eb749d6f1e50c3105aea5fb9c

SHA1
bdabb9abd861f93a893be4e7c2da451876125c52

SHA256
d4122d24f2722688c23f8aa9963cd0bc1940c9e7034a38d1cc40a615483aaee9

SHA512
e93054b507c92d263214ebc0ca7aec1b77d154d1813ca7d1843e87c9c6f9979f33e9f31816a82830d8453baf2104eb51d88e3a2647e43c946bd53d6ff570adc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
39205135568cfedd0bc9fed67905de74

SHA1
4fd3e93133c35f655acdabd32d85dd2072e671ac

SHA256
3e5abdc6dca93bd51df48f3ff6de56a5b715b018875a352e9c0769868020c2bf

SHA512
fef0fb860ca8cfad3183fac6a718d045d208991c4d350b3f0a73edce567403886bebaf2984daa404f448cc7d763a5acea6f262b469df866138dc55a96907015e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13310753684917489

Filesize
4KB

MD5
4aa4467a65173a94bf22235a9b4e2c9c

SHA1
9d7f579e345f88c01a40f833815a71fe3c7acc8c

SHA256
ddbd7eec2bd572defb5a5c8e146157a763a88c35ad7eb74b0881bb0356a8e6fa

SHA512
72437ea74b19561b4b7ba218104cd5c1eff138c44e1b5e39e13f46570fe06dff7def4a7b229577544b9662097c5508fcedbd9acb3f20697b8783c5c94e0e1e8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
84abcb970b95bc4a2793c52cd0c1dbe8

SHA1
1fc73ee4a5a97b87ac57257e187d85ce2c445da9

SHA256
f77f139867cef37980401198e5cf94ee2fe6a28f09588e92c7c1282ce29efdc5

SHA512
f37c7e3abdcce37f077d9e6607d815ae56ddd2089c5642be76e73118de7ddb97e36afe818e12e6f928937e6c880dbd9f0c4d28397ed199d9ad2fc8cf24f6a2cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
5264771008aabe6fbabc948039d3cb6a

SHA1
9af01fea38f6d55f9082681dc7895ae4380697ee

SHA256
660eebf5cbc77081f9a10dcc2eeda49ee797900cba0c3d32b0bf343f428a7e62

SHA512
7229def7d4c5044a0211e69f1b175313f4cdbf4a3f482bc5476983b253cddb6637cf86df472d9489eb64d36d89d795b85481cdcabfe20589f074d5695ee245cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
f2415590134032e2190adfaf2cd50d7b

SHA1
ae86406d9b11b483a5a55a1c7d1d6b49db077d05

SHA256
411814bf22546c26707ba44d474c3ef49d2b8e6462bb2649938e7a57c25161ea

SHA512
466c69ae22560a4a12386a740c15aa6a7c34854de39749f62481188cd2c4c067806603056b773e162767e4d2236f2fd55f5175c368664565a6fda7c44644e9a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
4KB

MD5
d9f84c8cf73422f2ca07d7e7462b9534

SHA1
cff6e092bf5bf1f3f47b7074847e204042a881ae

SHA256
5bf7b14dde109f722782628bbcf3011a23cd2416e7621a62b49ee0333cdec6c2

SHA512
1ea893c62d64304c35b9086e2c7e760716ea5ce220bafb76632670fcd2f97eca5c6693ff98004a861b190060c47c9d97ac92b41e3b1da1a4e8f89d9638548c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
1.0MB

MD5
4b1c7224d1b3bd215b18dac15d7813cb

SHA1
03ba39cb4f47a287e4d2a69ab45e09fc62251a10

SHA256
3ab9a6f008e14b282052f1bc48cd39426cc6e5f6fccd5cbec7044a284d0537d2

SHA512
69a8ffa756709fa14f93ae3e486ec6eeb4ff32fbbb5e62a3d4dcf74cd0c867271a97812332a333bac4dda83154b842d1bcc1276e2cadb4e42e6dc99d53742494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
279B

MD5
9994b3709c23fdedca8cfdd4295e2a78

SHA1
31674c42668ca6c967d41990ce6b2e072cded982

SHA256
d8158d4ceb06232fbad3e3c8de3e1b8de68585b91b6986cf7db014e130cb54bc

SHA512
4bfa79feec4df3711227b8378cd2192d47846e84ac14ef61f3ac222411d9da5f33ead2d361c2e8c836ef533b82bfb32e21beb581b8a57620f5fcd2f42650f945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
218B

MD5
11cc137c82198e56b6e0945e5a1f339e

SHA1
19411d4100259aa10a66624ad152c43a7f96ec6f

SHA256
575d8408dbfd8c6d769b16dd667f960d64edddb7094c1b494a8ca6c6b31142c8

SHA512
1aedb8a2af713b3ddab609a03c512c4991458a46abe0c08f0c729cf165e1febb836954db6d99eacd1558515c791d59eac5e721fdb5cdb7262271f38b7c27f18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
297B

MD5
0e9828539d83ccd032ae93ac0389a996

SHA1
7b08ede022d9f4917064df78035271a9f6d9ac79

SHA256
3a4b91f2251e3f39589694a51ade3d2379c8894fc530fec27dd45a14b915a455

SHA512
c9bf978b00ab4d1452bbe1d69b51ed9a907d23f9d33ba94ec6be08092f044db5045d0aeb1a209068dc0b2fb2d1e41d110a09c3613278d51b762ff4dde6ee4f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b6d14faad2be4979d3cdfeb7876d3a71

SHA1
f5eaba26e523ce38856dd7fb577d065c2a6a0316

SHA256
10421d9c797a51c706a49e76b595a83d478c1813e18597e293dae0645642a5ef

SHA512
c5325fa41c6a1056726fd3256cd91bd6a8f8d5a8310ff40035e1c914f7afb0e3d98a5b5dc4a113a0fe11e04dcb12266ee2e53ec593eb13f45bed8f8bda778965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
a3259ff082e426f80db9bdf128fa7ac1

SHA1
34ba929fc8396206bf81e8b1312097818c6af9b1

SHA256
9c87b05630e8fc7810f9bc5d100ca0314ea1912cb51ff048fd2352b70ca0b9f2

SHA512
dd771ba7b812c5ca9107662e4169041ca7440345111b13b9b9f8a94b3f96a5398a7fbd68a5d94f749e8fd1c987303d81da6998b8b2ffcea30d1549d7148def51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638018753387741609

Filesize
2KB

MD5
04833944af52aad757bc71dd67cdfc80

SHA1
902eb5b6ae6768d8c8484854dbdc00a4671d1f62

SHA256
42d20394096769eb40d660b5bcac1426edf12e4fc8f7e6f2a626bc2d68d78d77

SHA512
85b35a46d5c6f1933112c4526b106ea8405fc51831e46132fbf536b33360d7d6eb1f7c0d695be265d8a128a8b8e3be42bcb7ed73de9286c3f2174022f83f1826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit