5905132e4e3995e3b693aa1697e0d15eeb43616c433868ccf9a13baec692bb54

Analysis

max time kernel
136s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2023, 15:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Unibloom Customer MVP Pilot (3) (1).pdf
Size

520KB
MD5

c445b3c664cd0dc616333bdb5c5a1d61
SHA1

d790c93ff4d414ba0c46fb9e5f40bcab71e3c6c0
SHA256

9fb1520b0b074bc7a53e377ee6ebf134eb9472b23169664b78bf279cb6f7b9d7
SHA512

091874c56b39f0953d68002f25936a0e403da2de2a4dfe72956ba7afabfaa39eea01b2db8b551836db33080af4cb8eb9062dc267d08cafe4b039cdcef34d10fc
SSDEEP

6144:puEuvjF/O3d9DgGd8fQpWtxEt6iA6QfPlnaXWAmHUHHL/sh5qehHu4y/2ddJr7fy:pNuLJC9DgnYefJAm0HrEnv9brb3VPj9S

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\7056e9e2-fde5-467f-903d-4f2a82750041.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230503170118.pma	setup.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
3028	msedge.exe
3028	msedge.exe
3404	msedge.exe
3404	msedge.exe
4308	msedge.exe
4308	msedge.exe
400	identity_helper.exe
400	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2032	AcroRd32.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe
2032	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2036	2032	AcroRd32.exe	88
PID 2032 wrote to memory of 2036	2032	AcroRd32.exe	88
PID 2032 wrote to memory of 2036	2032	AcroRd32.exe	88
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 2876	2036	RdrCEF.exe	89
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90
PID 2036 wrote to memory of 3220	2036	RdrCEF.exe	90

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Unibloom Customer MVP Pilot (3) (1).pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2036
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=299CEAFE16486F7C6C2DABE2E677D031 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2876
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6832B7F51704E0B1EEC8DF01C1087839 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6832B7F51704E0B1EEC8DF01C1087839 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3220
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AA3474FDB2823593C6B5317706BA8D5F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AA3474FDB2823593C6B5317706BA8D5F --renderer-client-id=4 --mojo-platform-channel-handle=2160 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1336
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=041ED6FABDE8FB97DBCCE56E96887B65 --mojo-platform-channel-handle=2544 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4776
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=15C72B89120C68B2A22C9CDE203C6400 --mojo-platform-channel-handle=2652 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3876
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7BBB82E22A957723D838C4321247366C --mojo-platform-channel-handle=1896 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.zinc.vc/
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:4308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xdc,0xe0,0xd4,0xd8,0x104,0x7ffc6ab546f8,0x7ffc6ab54708,0x7ffc6ab54718
    3⤵
    PID:4708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11538983269848104668,2163735053498571186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,11538983269848104668,2163735053498571186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,11538983269848104668,2163735053498571186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
    3⤵
    PID:852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11538983269848104668,2163735053498571186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:5396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11538983269848104668,2163735053498571186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:5412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11538983269848104668,2163735053498571186,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
    3⤵
    PID:5608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11538983269848104668,2163735053498571186,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
    3⤵
    PID:5856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11538983269848104668,2163735053498571186,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
    3⤵
    PID:2440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11538983269848104668,2163735053498571186,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
    3⤵
    PID:6020
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,11538983269848104668,2163735053498571186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
    3⤵
    PID:4264
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:5436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6c31b5460,0x7ff6c31b5470,0x7ff6c31b5480
      4⤵
      PID:5908
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,11538983269848104668,2163735053498571186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.zinc.vc/
  2⤵
  PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc6ab546f8,0x7ffc6ab54708,0x7ffc6ab54718
    3⤵
    PID:2208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,10006423325376505438,4971734482885515504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,10006423325376505438,4971734482885515504,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
    3⤵
    PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.zinc.vc/
  2⤵
  PID:4724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc6ab546f8,0x7ffc6ab54708,0x7ffc6ab54718
    3⤵
    PID:808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1432,2985774979025325329,1243755228074489472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
    3⤵
    PID:5836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2524

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
3b1d25abe6524799b86041dacd47245b

SHA1
5c0eafe06934fbf60abcfc70c76ab00c8e3166f9

SHA256
bffc3fbf680ba16ad838211e6610c5dac2353f8f894ea24ed1da0b03abe900c1

SHA512
d039fef18cce049c48ad3124d1a8f96bfac15fceafcadb29f67f4e5429b862ec00a525b17d814573baa97a330c27a45405ec432cde3d46a6bd2848d21fe7808b

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
d3988ec75366840ac50ec1a6ebb9cad5

SHA1
7a08358666b0c8bc94700c4dd561c5a4a0007906

SHA256
6aa340bb82e4e88ce9db0e1eb562ac174cf2a66993ed385044e407682d305f96

SHA512
6f04124d82390994a4674fba41a689f2abac2eb13862d3bf0ecd067babf1067f8e90ff980a394bfc2d04bb3cdd2e7c4013a066b81759452a1841a61990671e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a30e26784623d3b675a5db2cf2a3aea4

SHA1
2f11b8ac99324e62fb9d25b60bf31740888886a0

SHA256
b16036dc5c14e32897b500f219522abf631a25aab076d5658ed71525fd7d7890

SHA512
2960f4d7cfe5116283b69c5747881b460a528c369ca96b1156fabc7653dd60e95c0d4f9b7ab50e79fbcfb7c18093025e0835a55aaf1f6ee20ed9b6e88df77040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a30e26784623d3b675a5db2cf2a3aea4

SHA1
2f11b8ac99324e62fb9d25b60bf31740888886a0

SHA256
b16036dc5c14e32897b500f219522abf631a25aab076d5658ed71525fd7d7890

SHA512
2960f4d7cfe5116283b69c5747881b460a528c369ca96b1156fabc7653dd60e95c0d4f9b7ab50e79fbcfb7c18093025e0835a55aaf1f6ee20ed9b6e88df77040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a30e26784623d3b675a5db2cf2a3aea4

SHA1
2f11b8ac99324e62fb9d25b60bf31740888886a0

SHA256
b16036dc5c14e32897b500f219522abf631a25aab076d5658ed71525fd7d7890

SHA512
2960f4d7cfe5116283b69c5747881b460a528c369ca96b1156fabc7653dd60e95c0d4f9b7ab50e79fbcfb7c18093025e0835a55aaf1f6ee20ed9b6e88df77040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
32KB

MD5
7ee3e4e17b2796d98e95c7302a71782f

SHA1
aaf73d0f001515b5e56b1aa8209cb829a66833d4

SHA256
944dc4632db09b1a51d05a092b5ad07c856085a84a623ef71393ca4098eb96f9

SHA512
48f01e2c300cbcea79948a0079b08eb6a2d1ff99fe4cac26593a15ccf41568c9cd66132774abdd6d85dd05be7ea4b7640ea918be07c6231650ee55e9e8362381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
31KB

MD5
774bfc891bb656b12adb2a73a24049e3

SHA1
2ad68945df404101715b390d8aa30388c4ed2220

SHA256
ea62903ff0c0a1f9cbc134eb1e4a389725c7c3e8396c879c4c87f4bcf1d6d91c

SHA512
bd5dd378eb1a7f2c654103aeaba4a21541d3197510a16fc95e61b5d1b972e55888b72e7df59268caf554f4eb1046ad5a9a9ff32fb652e90da5997cf1b01ea2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
24KB

MD5
cd1053232fc42d8541e5160f63890408

SHA1
1a170cb7967328253778fec83525b913367f3197

SHA256
f841f410a6e7d9a24b3324d355c185b0d48564288ab10dfbd4e796462c258d5e

SHA512
16b545bd35ab099af7e9c1c70fe8dafbcd2342be0dbbe4a3bf67566dc2bbd48f480cbfb85114cc6a7fe5332855395a209066b6f36cee5ea08ab0e995cd3f637b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
272485c50a506938ac6fc83f103bdba8

SHA1
4a9b09acafdfc86050b9d15f643291b4f79da992

SHA256
1aae5b24125c1fa0619f421f4cb6e4987c348cc945d790bc93427ce33b59b80e

SHA512
ae0ba81caec42dddb7c14c061d8508730f0e534762955a6a5964b213a11b2692f9423d65133ecc3ae5da0794401135278b4e619255e2ff067692077bca514f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
108KB

MD5
ace5cc1047a8a60550fb29dae26d1439

SHA1
a3dc297e5896dba3c8978d77344360830f24f2fe

SHA256
92de4c389ba4c3e38975af13f68969b32a9825304a338f9cbf81e3a2db908395

SHA512
71205a5788631c0ffae4a8ab5afcb5890821b2c97062e51ae38f1669f50525971e8b3299cd3255decccb4a67e08e0d90e5030027ad7b2d0e6f4bf19c2a1c04e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
7a2699e7f0f5b7cb53da985ac6fa185a

SHA1
036a6c83b71a3ff85052caa3c0009ac248ca20c1

SHA256
5268daf6cae92db6e323c4a1a51506a86158e63eaef16de72a426375837a0159

SHA512
8e3ebb08abc3eec486169d5d6fd282a809fcc5629e6f0f7363589d8473af93a00092e155f09ee18528347c9c60a4b909cf8f7177b6ee663a79a0fd8133231b8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
dbad0c8186f473267b8803d02ac00cbd

SHA1
e534be0a85c0db4b219b0fbb74ed6d5dc1aecf40

SHA256
f6b96651816110b0aa431e641f03fce20811c7ce8600e31ec905fe21f3260267

SHA512
14158c0bc39f4fccbffd5c8245623a46de4d956c7589d33208033cc8df5ab4ec5e10f621f58837d6b1d2325d09d5a85c19567588d9292200037ab5ba317cd0c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
287684e076ed42418bb60db7a341ac47

SHA1
b4ab67740e4801613c54d21b10b472280c1713f6

SHA256
3fa2475dbc6f424caa531c38f26df3ef2c440cc06ec53434c935e3b98ceb3ff4

SHA512
fc0d1ba1a9578f95bd57cd2a314f95277a8d12dea9e21b5c6d063707794fc8df4fccbb2c4bc0f74d21e2365822204d674037703ba0b82f450885f30e287d37e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2139c7b149ba098133291e050b19ba35

SHA1
608ed846a6e9ed9e5e6a01a1dd51a9509e55a761

SHA256
6644d9d77734f582537d5871a99046ac9cb56abe25432fbe148e323016b2edba

SHA512
76ff368d17978d2cb9265168591e7b29d7cf5006c27dfdda6014ca2ac7e97d6bbb4542e7fa303e1f574b07805cf4263bb392c4481e3b23384cb5404debd62006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
122aaab302c349f9600a7efed7aa8030

SHA1
d137cf5cb139f4e622051c34cb11a7f4a880cd8f

SHA256
a14e62d7b1e414bf45a1e6575d5d07948b064c218d3336b66bc29ee6ee285dd7

SHA512
0c625e92f2f6265ee19f432da88ab6a0d66401d3480c90e7fce6e1de0dfbfcde2baee7e6cc363655dcd4da56a8d442f134a81e06975bb4ca528cfbccf19d1810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
6388147e20ae58f7185846aa0204b632

SHA1
8e5685a81298ae208d030cdb581e3740090c248a

SHA256
2037fa101cf2dbb644171a13a727a236acf8539452f91f9ba16476c19d61ad98

SHA512
57aabc5c8b14c6954cfacce9e9fe5d43f88b455d519ffbecc4532883e09aaa0fc418d88d853a34405d964461551cd79692ba0eae9f35219a727463aef0421c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0a8f60ae05051d78ed12068704ac7bae

SHA1
008536c5eefc315996ae780432aca27f56ac9c98

SHA256
f19544eafb30b4fe2ef957ab041663905a5a5058ff3f1c5d9732737e3f2f1d12

SHA512
13c273347d3fdd6320a5c5496d6202bc7c3e1255b8f892042a36188bf2700f54318b6e6de20e47a759b951a00b8e6ba2b47413ae6d04249c2b09aead77fe6550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
c399eaf3a64e0ae8f40dacc6f8f7bf68

SHA1
448a77f133eed84f79c65f966569996354457da0

SHA256
f99b80867381edd1aa903885f11de89cee1febe499e82d3d798bc28d2626ae00

SHA512
85248b13e8f6509f6ad5493e83792b8ea419b642e428fe18f3b124a9d251cc0b45e59d5568e9c819abddeee4d9a78d49300d2ea24e60ff57b4cda84921af1181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
c399eaf3a64e0ae8f40dacc6f8f7bf68

SHA1
448a77f133eed84f79c65f966569996354457da0

SHA256
f99b80867381edd1aa903885f11de89cee1febe499e82d3d798bc28d2626ae00

SHA512
85248b13e8f6509f6ad5493e83792b8ea419b642e428fe18f3b124a9d251cc0b45e59d5568e9c819abddeee4d9a78d49300d2ea24e60ff57b4cda84921af1181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
6ade3ad27aa29947fa0da10cba5dbf84

SHA1
63bc302c9bf63fddca681e39c5d12e3c202fc7de

SHA256
836646e476630cc71ccbb92ba100102ac3eba0db4fc4e2129ecdb834f2d4eb74

SHA512
eebca85694c18e4a7330289213bb370dfe19bf2de751ca17005f69b07a5f641241507d2e8240de2c5f7905c47fff2083f8d5baef5bb6fff64ae8272a90eb033e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
b6e800f482b26313549229e44627f550

SHA1
f641896724fbae78c367748964c4b18afa373227

SHA256
d2f464b28fba3f2ee09bd5170ea0ce1b62092cc8bd28ea1a640e2adf51d9cf23

SHA512
cc12028a57b225616a38b8d00b8b8b98e97d67fbd737d822e4b20bf0cb5817678410b955429a4c6ecea259547fa60994ad14c6416ca3cd4d8dbce7ab6c6ccadb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
6ade3ad27aa29947fa0da10cba5dbf84

SHA1
63bc302c9bf63fddca681e39c5d12e3c202fc7de

SHA256
836646e476630cc71ccbb92ba100102ac3eba0db4fc4e2129ecdb834f2d4eb74

SHA512
eebca85694c18e4a7330289213bb370dfe19bf2de751ca17005f69b07a5f641241507d2e8240de2c5f7905c47fff2083f8d5baef5bb6fff64ae8272a90eb033e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
8691f5988d19ec8eb63142e2c24bed8f

SHA1
34616ab859f27248a0de1e1e0ce2ff0cba44e1af

SHA256
04a02b0cdf45e357917748771ccf0902d2cde17040c9a4cd735c847176459cf2

SHA512
c1bfcdfb86d552ea251385283347ec481bbdcd529ae97e9bbe4844583f8d361857340f421997bdb1b7e510f25a0bca610852fc79667484fc66f68b68b217fc91

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
859835796c39b8fbcfd548d153db7732

SHA1
b7283ab3b5ca65f9e8d45f7a5e8ee718f793ae26

SHA256
cd38533f5a6132f6853f33606490527602f7efab6bb642507ec8e0662b52f233

SHA512
44dca26887fa5fbddc92789cc5c132b2e808bd03429542c196b6ed888c2d58eef23b3da3a156a324425e9d532877629d47bad4ef39d47b4067dcb5f86d89f974

Download Submit
memory/2032-770-0x00000000040C0000-0x000000000420D000-memory.dmp

Filesize
1.3MB

Download