Overview

overview

3

Static

static

3

Nam.pdf

windows7-x64

1

Nam.pdf

windows10-2004-x64

1

Analysis

  • max time kernel
    290s
  • max time network
    269s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-04-2024 13:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nam.pdf

  • Size

    105KB

  • MD5

    3bd50393cd73db89921f61aa4ee5a028

  • SHA1

    08886fa71da4eef73eb1514e84fe213d662b4552

  • SHA256

    baa163f82e96d421ef67af9826e06195ac7d26ee20a87db20d92e5d0968ae9d0

  • SHA512

    4208f38715afb773e1d0fd81911c118116a8e2ce69d89da103d27c6ca0b3cfadf0aa0e529d1b232966dd0fec85d2c6db29369fa535536414ce691c3dc47b9c0a

  • SSDEEP

    3072:LgTzFLkZUSpQsqVt4+AIRGgxcx2Gseequu:LgTRLkZK9VFRGWcE7S

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Nam.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3900
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1052
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=16ECEF2896BF57914235240D10956C1E --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:1216
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AEF9A908BF66ECC3B3E434B6977CB96F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AEF9A908BF66ECC3B3E434B6977CB96F --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:1404
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A05147589E56350B332C6A30758F42D0 --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:4876
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=442128BA5A5A77BEE54B0D62BA5D9789 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=442128BA5A5A77BEE54B0D62BA5D9789 --renderer-client-id=5 --mojo-platform-channel-handle=2400 --allow-no-sandbox-job /prefetch:1
              3⤵
                PID:748
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=07F6622370F087EE4E175FA5C55E9064 --mojo-platform-channel-handle=2824 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:4692
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A453B45B0F0584737874BEE5515073A2 --mojo-platform-channel-handle=2000 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:4820
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://daniloroessger.de/ica/delectusnecessitatibus.php
                  2⤵
                  • Enumerates system info in registry
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  PID:1972
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc544446f8,0x7ffc54444708,0x7ffc54444718
                    3⤵
                      PID:2584
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5022938639726314399,15305627749747702503,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
                      3⤵
                        PID:348
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,5022938639726314399,15305627749747702503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4876
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,5022938639726314399,15305627749747702503,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
                        3⤵
                          PID:3740
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5022938639726314399,15305627749747702503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
                          3⤵
                            PID:1584
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5022938639726314399,15305627749747702503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
                            3⤵
                              PID:2508
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,5022938639726314399,15305627749747702503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
                              3⤵
                                PID:6008
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,5022938639726314399,15305627749747702503,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
                                3⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:6128
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5022938639726314399,15305627749747702503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
                                3⤵
                                  PID:5448
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5022938639726314399,15305627749747702503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
                                  3⤵
                                    PID:5452
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5022938639726314399,15305627749747702503,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
                                    3⤵
                                      PID:2480
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5022938639726314399,15305627749747702503,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
                                      3⤵
                                        PID:5564
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5022938639726314399,15305627749747702503,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 /prefetch:2
                                        3⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:1616
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3252
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:5148

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                                        Filesize

                                        64KB

                                        MD5

                                        2f22dd5848dc6b5a8addcfb5d1ca472f

                                        SHA1

                                        d34c6de96acadbdc8a93a1d830d6b48f3b91dfe0

                                        SHA256

                                        8c2a1003a5a7879e3a9340e3116ee3dc3e64b8ed9d963c58665b33b2b2d7f472

                                        SHA512

                                        103e8c16ff48049d935eef68b0f530a0eb8a8f70355ddb4ad4cc30f65de791e937476bb04a9de37a87d66a7c2cf85ea493f5d027dd323694c90f7d00dfbe8c85

                                        Download Submit
                                      • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                                        Filesize

                                        36KB

                                        MD5

                                        b30d3becc8731792523d599d949e63f5

                                        SHA1

                                        19350257e42d7aee17fb3bf139a9d3adb330fad4

                                        SHA256

                                        b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                                        SHA512

                                        523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                                        Download Submit
                                      • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                                        Filesize

                                        56KB

                                        MD5

                                        752a1f26b18748311b691c7d8fc20633

                                        SHA1

                                        c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                                        SHA256

                                        111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                                        SHA512

                                        a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        7e0880992c640aca08737893588a0010

                                        SHA1

                                        6ceec5cb125a52751de8aeda4bab7112f68ae0fe

                                        SHA256

                                        8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

                                        SHA512

                                        52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        5e2f0fe48e7ee1aad1c24db5c01c354a

                                        SHA1

                                        5bfeb862e107dd290d87385dc9369bd7a1006b36

                                        SHA256

                                        f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

                                        SHA512

                                        140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        216B

                                        MD5

                                        36e26c8809ce5f937d210b456f09c8c6

                                        SHA1

                                        0329735694f04a0bf86717fde21b75b58899975b

                                        SHA256

                                        2cb34f7182493f08c40346568ba4ed047e7fcf2cd8e0506387707b9473d3f332

                                        SHA512

                                        36399ddd5018f54164f03a09bf5ecb0a88f0036723add5c21bb36eed3c8045b7877744ff85a7e38af75efa9d230f87edb9fd3894073594ce4fa19d79e864ca5b

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                        Filesize

                                        955B

                                        MD5

                                        6f608bb0fe66e51596f5df844ee75eac

                                        SHA1

                                        b669b27bd747eccd68a9dbbde8e4a207059ef69c

                                        SHA256

                                        afa30c4757e8c57cd03e9d1769ae783f24344b4958fd3bfde264ff272160768a

                                        SHA512

                                        79f7979c37a89a563ea687ff7659a2d06479dbbea7733a418a31073e58b53dd3dbeb85fb6a6ccef743f50745ba4081253671d6850bab805f2b8fd48050c0687a

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        7516f491890051993b1b834dd224ec11

                                        SHA1

                                        32e7f1c1cc68bc8279dd54251fe1239c52f3a12b

                                        SHA256

                                        39f437d6da29f7bb72681f3262644df8e8598785cfbd8e0cadae40dad9e2e519

                                        SHA512

                                        60d0f33b727521d43fe188c4f69718e220bc3e8fb034d202e25065300e0241f4522a4c9af443d5319b940e271389ebc50db65e7ea134affc6292f715af356d66

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        2446ace5efa4573f8c4d54aa692bd6bc

                                        SHA1

                                        ff85a1eaaeda9a08711ee2f3e125aa2b69518527

                                        SHA256

                                        de2e46e086263d6c2203c78c4aa410d895905b486a31ba0d940957b0ef003f9b

                                        SHA512

                                        57e16386848287194850199800f332f68dc034f0be058b717d40d032ef242190925feb2e06f39992332f6df093d7529a34b5c44d52831dff1ad7b45789ecfd06

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                        Filesize

                                        16B

                                        MD5

                                        206702161f94c5cd39fadd03f4014d98

                                        SHA1

                                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                        SHA256

                                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                        SHA512

                                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                        Filesize

                                        16B

                                        MD5

                                        46295cac801e5d4857d09837238a6394

                                        SHA1

                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                        SHA256

                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                        SHA512

                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        11KB

                                        MD5

                                        18363b605b26984a7f596777d7a458c5

                                        SHA1

                                        7d1d2ab56f20cb673f05f5dee761004dd68bfb18

                                        SHA256

                                        cfffd13e2ce9d44adcc41cb204f71edb664a3f60ae226df3495d1bcace308bcf

                                        SHA512

                                        660229efbd62d3d69c921d24533ea2ddf89b7aa2a9bb698b5f2b20c73905ca47dcb66a33150a1eca325a624b709e6d8136076ebee84d2db0217a12992383ae64

                                        Download Submit
                                      • \??\pipe\LOCAL\crashpad_1972_PGWVYTPVKPJVHMPW
                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                        Download Submit
                                      • memory/3900-32-0x000000000A040000-0x000000000A061000-memory.dmp
                                        Filesize

                                        132KB

                                        Download