hxxps://9animetv[.]to/watch/naruto-shippuden-355?ep=8010

Analysis

max time kernel
197s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://9animetv.to/watch/naruto-shippuden-355?ep=8010

Score

6^/10

Malware Config

Signatures

Requests dangerous framework permissions 4 IoCs

description	ioc
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Allows an app to post notifications.	android.permission.POST_NOTIFICATIONS
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 16 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\䬤벅㡗썺狗\ = "apk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\apk_auto_file\shell\Read	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{A6B5B70A-0315-4B00-9B58-EA1C0DDB4122}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\䕲戀䴀蠀	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\apk_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\apk_auto_file\shell\Read\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\apk_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\.apk\ = "apk_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\䕲戀䴀蠀\ = "apk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\apk_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\.apk	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\䬤벅㡗썺狗	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
3276	msedge.exe
3276	msedge.exe
1704	msedge.exe
1704	msedge.exe
2000	identity_helper.exe
2000	identity_helper.exe
3060	msedge.exe
3060	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
2592	msedge.exe
5212	msedge.exe
5212	msedge.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe
4884	AcroRd32.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5224	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
4884	AcroRd32.exe
1704	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5652	OpenWith.exe
5916	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe
5224	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 3316	1704	msedge.exe	82
PID 1704 wrote to memory of 3316	1704	msedge.exe	82
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 2964	1704	msedge.exe	83
PID 1704 wrote to memory of 3276	1704	msedge.exe	84
PID 1704 wrote to memory of 3276	1704	msedge.exe	84
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85
PID 1704 wrote to memory of 1400	1704	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://9animetv.to/watch/naruto-shippuden-355?ep=8010
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceba246f8,0x7ffceba24708,0x7ffceba24718
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2256 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6796 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,16221892398534634393,17010810272372452926,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:6072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3456

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x478
1⤵
PID:3128

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5652

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5916

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5224
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\anilab-latest.apk"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:4884
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:1904
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=14E55C66A4C52CA40EE7B3D9E5A55EF5 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5356
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=603A1BAB5F3F46277E608CDD42316010 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=603A1BAB5F3F46277E608CDD42316010 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:5292
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FF94CE4E2D573E8E0C66B0AAF22BBF1B --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3456
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EA4659F25F60EDF478D0822024520BA9 --mojo-platform-channel-handle=1916 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5388
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B1699E5FCB69663727537DF75EED7129 --mojo-platform-channel-handle=2504 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:6092
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E08413CC6EC9533D6C935ECAD061824F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E08413CC6EC9533D6C935ECAD061824F --renderer-client-id=8 --mojo-platform-channel-handle=2376 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:5688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
1b2e8f456b145e063580f43e25169d66

SHA1
b23f073867f47c9c8d3550d08bbca686e86f31fc

SHA256
d71b8873dfcbc1ff20b9e43993423edea84f1a2df65a58d1a283991f732f918a

SHA512
6032c035c0fe1ddac78a646e7da570333f6eb023523f3226671c1466c1728f576975d406bb3483e5d9c62ab10957e0d65aae9f0251dffc05ab66859867da15eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
502KB

MD5
add520996e437bff5d081315da187fbf

SHA1
2e489fe16f3712bf36df00b03a8a5af8fa8d4b42

SHA256
922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4

SHA512
2220fa232537d339784d7cd999b1f617100acdea7184073e6a64ea4e55db629f85bfa70ffda1dc2fd32bdc254f5856eeeb87d969476a2e36b5973d2f0eb86497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
c105d51350c892a4106061ea12a9f5b7

SHA1
be3d41b947ce5a4fc1aa5d19773be72beccb9507

SHA256
7265facd48bb8e5d32e3fdadbf3df269ac9242c905298889f2c00646c67776f7

SHA512
dae3c2ae15798c52343dd23bd03e7dfb0833a1cfb9cab1129e9178fe7155fd81cb71830df3fa31c2e870b9223bdca977738da9f3cd4a084e3d51f8342fd80ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
47f27addd946bbba44f97e9c243610c1

SHA1
3d93f1297d2f59a05fa9dfb806b76c6a3b916bbd

SHA256
a3922089a00b0e2a818bb151b9b4acd9d9cecd7fd494b8d3ff326d43e54823d2

SHA512
e239244f6d71c6abfe25e711a9fc5f975be11f5510f35e500e08a79c9886a8ae18d978de3403301f78b75d4e21929db22dcfc1d1e19d2ce341000bab53d95f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
52e904c1f5cccc4999a1325c05daccff

SHA1
924e596de2bfff6272315bced75c62da41366206

SHA256
a2461486ba1c60b6f6bc906345bcaf9c6da5cdf280e5d37019f7282c4b057d6d

SHA512
162bc11c26c75118ca9ca1b56df984d11630cb016c08fa6cd210e6ba2b6f62ac00333a0b54a6bacbb621e2aca71f4c7f6aadb708d6a0ada957d23ed4e06617d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d694ab8772a692310f0431884660125e

SHA1
0ad0866c7e3724a44a3daa50265384f3b50766c8

SHA256
8470589a0343922a26d6a4ed763d777b287e6ccf82117dcac3f1323017a55cd1

SHA512
8512f0cf3e4e917d5a991a83d1738867d04ce576bf8236ccbc47fa1a7fd25c052e53eddf7c2a35d2e4745703a29c4c6df06cb0b83fd36fc10c25c81b41cf8b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
87bbd17a9f2f1f2ea4c14e03cdfa9d12

SHA1
25edb968361f36b2f269a159af4bea28a68fa0ef

SHA256
b12020efb139d308e8a930a6914378b2e3dec41c5bd33d3e0a1121b549ba7943

SHA512
c241748693817c9ba8cecc7709b9b58f973d3a35bc0b545254783ad0f6f785ea23276231e2dc45545c0c98feac3dab692d5adc458d9c7694d86bed0a0d3ce80a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
59fbd60ee32dc23cd2c2643c64123dec

SHA1
96af369881c80eff9387bf665f0e21936029956e

SHA256
d4e97b26573b7a20ab08fc77c448856337294b7fe5db11c89ff1bedc843b669c

SHA512
ee6c850fe92bbb275547d4c69c485f785bd41c47889e0f6febdbb1ad412fa1931586309611be867c29f007d33a67582330f9c526873c3814f52fabe0a1ba9cde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eab0deead93c9f91b4a46025172bed79

SHA1
f0aa7703f6e1732584099d7c43b1377c9639bfe7

SHA256
e1fbaad72f543319fb5c6082d8aff88ea9ea93dbe01749fa878c1cfb84306975

SHA512
e224ae5602233d9b5ec804be12cecfb2fc1a1b9dde68fd4b2dfebaebe8c4beea261cff90700032470519a633f352ced88d98e6029a639d70a369f6830e3da8cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
fd7ed7b72a80e1ee5a8e04c779ef8381

SHA1
977ce911dfdbac996635fd15fabcac272233ca92

SHA256
8eecd647cbc96faf827294fde28e474cb9e4988043cfbce5fc31c09f10b5369a

SHA512
76dd3e54ac80f5e76f8ec13e6cb59d6b41dde13f8286839fa5fa9776c05b7d5e682e8b9b821c475d12b6e4efaab068f3679a6c69db3c47ca70476febfe221358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
39528563d5f0f08e00d57f08ad7964e7

SHA1
c70c8aa5daab561963e57f4b58cdbb8ccd4514cd

SHA256
bb919a167f05da79100981d40e6ea94001bf73dcb65c3ca704aa8dcb223055bc

SHA512
91d0b06a99b6f0d3280559cb0c350d2152f74bc115634fde91ef781d3c77fa04968ff98d8df811640eddfa9ec88a2ed811a0796046cde27b8f528c62c78e0a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b0d07e3f9eca8142d70db2a2e56353a8

SHA1
713c4390e41e756ab59d4811f56c7e1b30d07c24

SHA256
ea79158ff5cb8b375c996f86e738f581b6e14c1b079d0c52035f8e9a779ece44

SHA512
3e150f6a9786ee620c0494274b1b0a5b4154a292297922e268e30837b46787ce2cee7ea03f5f3fee563e61039b87385e05a5c079bf42993d01cff0bfda651831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cc01853e760e27200e27bf08bbbb674a

SHA1
6ae520df4aa89779771f8cb01feb10e418a8101a

SHA256
7f98a007aa964cf1e467f381be2b20b242291089121ff3a983328222bfef2ccf

SHA512
3eaa38c5711d3d5677bb91b9a724d3c1ae6f2aa6536834e162477c201cc91197ea92844cff598aff89c6da826f8fcfe29f7be00f8721939f36e413dd0117c8bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5da5658d51759ef20f2c37426f302331

SHA1
ef001aafe835c1a651cec8d743cc39483f57c67b

SHA256
2e645ac18efc228668ac1abda9c66cbeaa3f0b0dcd885403d92491cc372343aa

SHA512
27fd0825816e6ae75781bf1734953e31b2e4b4f0d06b323452987b28549aa9edf7b6072f555972a6139fb42da95b21a4858d09fe07369ff7b2fc64adde8ee778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
414b12f191adfc3e490adf42e6f26f31

SHA1
6c1d7ff43d6d1211c91f94644491934eef2472f9

SHA256
c2e97c37ddda6685c53dcb4875215f2ca2531ea4b4535674f01f358e2bee6ae9

SHA512
8ad5cb5ce2ef97b46c8e8ce517c30c4bc11bde6a5a3a6d3ce2e30d8f6e915fca0f4f63c56904413abe1bdb9435c03534b14c60967fda2f357e8dea1f9110048e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7764a90a92b1ad0c262fd6a57802bff

SHA1
7d6d786d1757d63b81aae545fc57362cfbe04c7e

SHA256
5d2a0c5a16e1f22595cbed8dffc31dffa18f3d6a031f45045af3f426e5842493

SHA512
7d997a64c96fe5ea8fa1ce2bc4ad78cc3d3d5f418f829338ff545eaf4a8e58a221fcf9f8bb9c835ddef8843abe5a33d7f2894382cbc716bb7d854665aca0dcb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
33285506a706065f402052e705408f4a

SHA1
977dd414720863011afe56b8403d11b23094862b

SHA256
38b8f19fc8f0621323404af6b0860814947298f3ced2c0bc601c521d6da4c67a

SHA512
60759b91e81875e455a94d8a4a07ac22cb09a3c81f68c96d85ea5507a581699768ff537e94ed2d2f9017a56478c768ff604174faa3e9c568e1a2d0497d000923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
944e536e5fb9c30507442917ec845a93

SHA1
9f1742ed09c1cac473797077631ef60a27034e94

SHA256
f5e3cb1ef014a37c85505a144ee23fdfbbc108c7a8cc1c2dfcc80330ac2df541

SHA512
66d4432e491c3445d071f2305b0bc182dddb19df93acd607e95d3df0c2987f2042c60d8cf1e009fbd218d7019db8ec36ae294f4b6fda18d0b10e53438a639956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fdd1f0f627c32cac48d15c65e7d30f48

SHA1
4499192a63eb1c0853d86101aad12a5ec747c5c0

SHA256
28c84f9474f2fa9b736056fdd864b701e5af4708e376a9b731f77a629fcdd6ad

SHA512
610e9069cdb30c6a671fd47d338ea3caa8db4f4e7cbfef076074e7e725b80313aff2ea7b69369a37a4b6756381333c2d106edcdb3799263c5aa6daa3455a6c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
cffc9aaff7138e103916c36442d17d20

SHA1
e454ae90fceec1a8c046df13b28560145a110b66

SHA256
cb76d94c3411ef2176c59d57576dde78cd82c4376bd43eb419cb00276ffbd4a3

SHA512
c2d497c6d19ddb2d46c7e344913ba6e1f287bff7a445c4182891606f862bff3a62fd81de4e886f15bda4d14b67dcadd7e38884ea02d4c086622d81c8ba769e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ceaaf901e3062596566d38b8a2d2c13b

SHA1
0efed80672c897e718f1a3342fe51a74be187421

SHA256
1df01b7fe744d50ac5bcb68c8653e732a2601e01f601d46953752bb75527af12

SHA512
959a6a780efbf87b6576322cb4267016862c35365240d35867f37c9255479e315387007afee8b83bc97c0fdd69ca7e3e8600f158ef81dbc5f0a5bb65b4be81f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
56c6e7b7729317b54c508291d1e424b5

SHA1
f3b88fd4accfa744403275eed1acc59041a7f040

SHA256
b8d26eaf16eb8fa31ecffe87cdce51a31ad3baa1f4a24cb29c699690a381507e

SHA512
a4e77a3491075f634accaabef7eebdc9b532b5bf86690daf5ff80bf8c5147b23424b865b9b26c415c88281f32beb5aeaa496e9d09b3eaffa787d57165606ce50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a2aa6bcde1aa35051dfeddf5ad738918

SHA1
87856ffc9ba5f02919b7f1db68b6b6b2da74b03a

SHA256
e01383b1def81c90c429542345a3a2f7523237d9bd3def21c4cd480460e3ebba

SHA512
7dba2e73e9b1ea776a50fd938d7429fe0f4b4ca57e858134040531cf2f8239f42e13555688492aeb5e2b9399c5986b8625d36e4a7e04e680b4fb2d0245296d29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
58eea7016194032af0c7d6003a0fb233

SHA1
75751dfe4a3df3f4da49129e1664544dc6b8dfbe

SHA256
20d1ae782c63216258ba2d1715aae0d6b45096c7b4600be36ff92c4eee999e7c

SHA512
d38f0c250940b1b4e1baa2ed55125662e85672d56f6c9e62672490e3807df11cf0bd01b7a493378eb70ccf7e74a205bfcecfd3e2a6eaf8c2d07c56148f53c570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
038d65466bd57b2671f2a51d93ac75c1

SHA1
f4e946761c5c141b651e7301e85c92a56aed35f5

SHA256
a1a46af13fb5990aa0f8bcd219d45a056a3edc5ad06052433bc8a1046d0e325d

SHA512
8b65f2bf68ec5d51d66f5da8f4a453ccebace06689624db102e89f8cbb22666d3958f35a3f71402b428f50ce49fdac566eaebdb29c3bc9850cd2d0f6afa0669c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2fb703d178c0ea0c027634a6a87c60b2

SHA1
4738fb789ad1b5d11a12b9c7655fd6704dc411a2

SHA256
00d410bcadc47b08661497390e4a38d72c82532c70017ac9ce748560ac68de30

SHA512
f67e8696a48935fe90a940bcedceebacf96fde087228158820986430e3fa557c4bec313af1ff27e85a770e1718a381b4198f9ada4c632a5a635118d64d7e39fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
60561ea1da194b40dbe24c282b45c96b

SHA1
e8319803d002c54cdb0bca2fbb9b8381ed1b2b2a

SHA256
698f28fdec5d6f9f80be6d774199a10e066db483f9debb024ffe186cbb3146e6

SHA512
d60bacd89035b601e32c06b6fcf74f8aec6cbc4a1e744b9763655b328c2cd23738af92b882d68614cb3c7b665aa7f1a895aa30b40d3790c7ccd9a2ef5cd0a769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7aedca73e6159c0a3c4a4cdae9b5ea10

SHA1
6e5a260e26550ffccdb2d18cfd2348ec6d58d35b

SHA256
1183949fefaf7be16db795598b416578fe0a888c16366657ab0603e76a1b2d9b

SHA512
71471750f58429b4232175a7fe78731168c678e9b663e7c236ede3582f65e0665b33b11a690697dc82d69ef5aa755b4891088dcc3023920bff3c140bb6ee1634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
71c4b1409ec43ffe2bf359ac8e716ebb

SHA1
6d5960ed2900371543a88cc022a6248206d0a7b4

SHA256
a4b7451cf20609690434ba44f2e4da796d96187cd26a8b361bb592e2c60f182c

SHA512
33e94348ed383aa0155c8c309bb880ecb6fec815e395416b59091a1ddc7627513d21650d3acacbdd832364aebaad975bbbebdc5766d74455f5b25e717c4ca3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a950.TMP

Filesize
2KB

MD5
09b6d00df717b6a02969c19083358e48

SHA1
58e24e6152990d1943437128649989f554690f73

SHA256
d498e1b74a23d77b565cc14633bd38fe5acef0c17bf0f6bc305e40c9cf8f470d

SHA512
73de5fd2653486206ab625ea5a58aee18b18b8411db80422e991b8a42b4d968f3f11572a62a77fe9691188eb6960b6a18bcf57e3128c25d7bd5adfd65893715b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f72ce1c1dc10cfdf81f665ab9ab71b52

SHA1
ae8c09d87125c2c1403f5d5cf7d52c1ed7f7cba8

SHA256
032814a5274b8618ccdc26fe6d677e20f6f488bbcbc6c60a46758be79fcf0a7c

SHA512
1920cb0d391d180ab0888b09e52f4fa1985c84e4fc2da7849dbea26071f65572443e046c46154339897cda59b2b50e304de8bddc5c2d0eea8c1e12b7f85d348e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
666c8e2349042ea505b2aa9ea302ba83

SHA1
253de1e411618b9094b1914a051a0f0a54d984fe

SHA256
4524263249ce18301b10e9ffd51053ade4f7bc787914060321317781f6186b6c

SHA512
f7a5294a8d299eae457b5db6e59dfb862902a8cd690f9652e3924cb6ef3ed0aab78bb78102427ce3d0096350a7a4e68ba425c94fe879288d24444823ab3fe64a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9bd79c0fbf65ea4f0ed1dabc6df7f6ca

SHA1
26dc6a95dbefd932423d4036172f31ec7861eee5

SHA256
99a96201d76217b9687683398f47be1b40daa699b3d82d9c7e51d205659a324c

SHA512
dbc778efc256d850a181e0fe966f44d70af4fcb09cea6d0622d7c1679c32e96847ed8941469a6e394b6684e5450f07cebb3a680f1562f78afe20ba5babbd329b

Download Submit
C:\Users\Admin\Downloads\anilab-latest.apk

Filesize
3.6MB

MD5
0ea887e6df6de6382701aa3ea49e8b4d

SHA1
4175f6702d225a0b31cba406a847cd3a06085958

SHA256
a08a9a2eb023c0f3fcd86e68dc0b18d419ff508207cd8cd0233b3a3c11f95f3f

SHA512
09df0728e97138927c691b50f6c935f095f2dc71d76c37b2a35107a84b0e6b6ffb8097f5cbf8b91506cce8781da7786b2cc5b7135e1e32c7b288904498325f7f

Download Submit
C:\Users\Admin\Downloads\anilab-latest.apk

Filesize
17.0MB

MD5
5d17cbc6d86bd628d18922e499318049

SHA1
5b91552a5c52e4dcbfa4e7fc8ea8a83eb0051b93

SHA256
80ffea5f514f520892057f5bc710c9f49c3f7a2aabcc8eb975b32b258e8149be

SHA512
09312e022fffb2507c7bd8e0f7602cffaaaf967238245005b14e05e2c102da4c3d2f5b3f71ad9ba72c57276bf147580195168ab8ae7625692ba85be759e1eb09

Download Submit