32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f

Analysis

max time kernel
157s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 20:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
Size

3.0MB
MD5

6a1fb1b8928147ea9a371460077a54cf
SHA1

fed31619de503b0346a48e5723c4af57f5ed11f1
SHA256

32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f
SHA512

990709f1d4d1e243cc73b35eab3c8909c875c5c63044b31fa5f844aba8da30acc40ed1e3791cf877be8d52d3bf0194dd0bd5854455f5d3f44a622fb705429c8b
SSDEEP

49152:EZnCRw3438x0TVDKNxOafuUYUc9no2IWkAyf1CQ+v5XxCv6PxIq:EARw3UJKHOa/Xffs0S5Iq

Score

9^/10

evasion trojan upx

Malware Config

Signatures

UPX dump on OEP (original entry point) 10 IoCs

resource	yara_rule
behavioral2/memory/864-0-0x00000000005C0000-0x0000000000F85000-memory.dmp	UPX
behavioral2/memory/864-1-0x00000000005C0000-0x0000000000F85000-memory.dmp	UPX
behavioral2/memory/864-5-0x00000000005C0000-0x0000000000F85000-memory.dmp	UPX
behavioral2/memory/864-13-0x00000000005C0000-0x0000000000F85000-memory.dmp	UPX
behavioral2/memory/864-17-0x00000000005C0000-0x0000000000F85000-memory.dmp	UPX
behavioral2/memory/864-18-0x00000000005C0000-0x0000000000F85000-memory.dmp	UPX
behavioral2/memory/864-30-0x00000000005C0000-0x0000000000F85000-memory.dmp	UPX
behavioral2/memory/864-31-0x00000000005C0000-0x0000000000F85000-memory.dmp	UPX
behavioral2/memory/864-32-0x00000000005C0000-0x0000000000F85000-memory.dmp	UPX
behavioral2/memory/864-322-0x00000000005C0000-0x0000000000F85000-memory.dmp	UPX

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/864-0-0x00000000005C0000-0x0000000000F85000-memory.dmp	upx
behavioral2/memory/864-1-0x00000000005C0000-0x0000000000F85000-memory.dmp	upx
behavioral2/memory/864-5-0x00000000005C0000-0x0000000000F85000-memory.dmp	upx
behavioral2/memory/864-13-0x00000000005C0000-0x0000000000F85000-memory.dmp	upx
behavioral2/memory/864-17-0x00000000005C0000-0x0000000000F85000-memory.dmp	upx
behavioral2/memory/864-18-0x00000000005C0000-0x0000000000F85000-memory.dmp	upx
behavioral2/memory/864-30-0x00000000005C0000-0x0000000000F85000-memory.dmp	upx
behavioral2/memory/864-31-0x00000000005C0000-0x0000000000F85000-memory.dmp	upx
behavioral2/memory/864-32-0x00000000005C0000-0x0000000000F85000-memory.dmp	upx
behavioral2/memory/864-322-0x00000000005C0000-0x0000000000F85000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe

Enumerates system info in registry 2 TTPs 16 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe = "11001"	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3684	msedgewebview2.exe
2500	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
Token: SeIncreaseQuotaPrivilege	864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
Token: SeIncreaseQuotaPrivilege	864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
Token: SeIncreaseQuotaPrivilege	864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 3136	864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe	92
PID 864 wrote to memory of 3136	864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe	92
PID 864 wrote to memory of 432	864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe	93
PID 864 wrote to memory of 432	864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe	93
PID 432 wrote to memory of 3628	432	msedgewebview2.exe	94
PID 432 wrote to memory of 3628	432	msedgewebview2.exe	94
PID 3136 wrote to memory of 1160	3136	msedgewebview2.exe	95
PID 3136 wrote to memory of 1160	3136	msedgewebview2.exe	95
PID 864 wrote to memory of 3684	864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe	103
PID 864 wrote to memory of 3684	864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe	103
PID 864 wrote to memory of 2500	864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe	104
PID 864 wrote to memory of 2500	864	32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe	104
PID 3684 wrote to memory of 716	3684	msedgewebview2.exe	105
PID 3684 wrote to memory of 716	3684	msedgewebview2.exe	105
PID 2500 wrote to memory of 3572	2500	msedgewebview2.exe	106
PID 2500 wrote to memory of 3572	2500	msedgewebview2.exe	106
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108
PID 3136 wrote to memory of 932	3136	msedgewebview2.exe	107
PID 432 wrote to memory of 1336	432	msedgewebview2.exe	108

C:\Users\Admin\AppData\Local\Temp\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe
"C:\Users\Admin\AppData\Local\Temp\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe"
1⤵
- Checks whether UAC is enabled
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:864
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=864.2232.1681807648701660208
  2⤵
  - Enumerates system info in registry
  - Suspicious use of WriteProcessMemory
  PID:3136
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x140,0x170,0x7ffd71342e98,0x7ffd71342ea4,0x7ffd71342eb0
    3⤵
    PID:1160
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView" --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1772 --field-trial-handle=1776,i,16537696898107489279,999434646482454157,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
    3⤵
    PID:932
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView" --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2100 --field-trial-handle=1776,i,16537696898107489279,999434646482454157,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
    3⤵
    PID:4216
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=864.2232.5345268188564447557
  2⤵
  - Enumerates system info in registry
  - Suspicious use of WriteProcessMemory
  PID:432
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x138,0x198,0x7ffd71342e98,0x7ffd71342ea4,0x7ffd71342eb0
    3⤵
    PID:3628
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView" --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1832 --field-trial-handle=1836,i,12155672962247198818,11056269500599166813,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
    3⤵
    PID:1336
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView" --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2152 --field-trial-handle=1836,i,12155672962247198818,11056269500599166813,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
    3⤵
    PID:1748
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=864.2232.16038051557212521818
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:3684
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x160,0x164,0x168,0x15c,0x194,0x7ffd71342e98,0x7ffd71342ea4,0x7ffd71342eb0
    3⤵
    PID:716
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView" --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1840 --field-trial-handle=1844,i,10346092857892894163,5128116946910576172,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
    3⤵
    PID:4624
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView" --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2088 --field-trial-handle=1844,i,10346092857892894163,5128116946910576172,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
    3⤵
    PID:4384
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView" --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2412 --field-trial-handle=1844,i,10346092857892894163,5128116946910576172,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
    3⤵
    PID:4240
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView" --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3564 --field-trial-handle=1844,i,10346092857892894163,5128116946910576172,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:1
    3⤵
    PID:3392
- C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=864.2232.7928560477406136775
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x15c,0x160,0x164,0x13c,0x16c,0x7ffd71342e98,0x7ffd71342ea4,0x7ffd71342eb0
    3⤵
    PID:3572
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView" --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1836 --field-trial-handle=1844,i,6230861418027612161,795097521695556832,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
    3⤵
    PID:1284
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView" --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2084 --field-trial-handle=1844,i,6230861418027612161,795097521695556832,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
    3⤵
    PID:1464
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView" --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --mojo-platform-channel-handle=2360 --field-trial-handle=1844,i,6230861418027612161,795097521695556832,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
    3⤵
    PID:516
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView" --webview-exe-name=32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe --webview-exe-version=2.12.0.23 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3624 --field-trial-handle=1844,i,6230861418027612161,795097521695556832,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:1
    3⤵
    PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3804 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:3860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
80f5967a1daf746d49d9ee8d513b9f30

SHA1
46f70e3d4c60de3ea9220e26bed73aed630f6c13

SHA256
786507d2f284ab659963d17c0b7ef620739c2f4ea6b48ca389df6a503435da79

SHA512
ee3d29a3d122e1a007ec433a73b37ce47e0dfd45bfb2b4a41a0baf5bfe8d7965200a0d90ea0a879f60fd85eab8bb4a6b3d661cf3c9dcf7e3c990069201d5b1a7

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
d61bf1f5e6109e88ed1b3fca292e81c8

SHA1
7265e681838e5941fd2aeff787c1081cfea3eda2

SHA256
0334fe4e7aaad15bc0d668692f4322de135ec587375206cf4a9c106731bfac53

SHA512
5188380a3c7b3ab731c095eb63ed1d175db13eda9352d38282d847762cf0152756059019ab8226dc856d76c3ac3366f3ebc5fd7aa82384cfd994c67b55794059

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\Default\Extension Scripts\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\Default\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\Last Version

Filesize
13B

MD5
9f0786e66f4c80870bd874b7aba0a394

SHA1
74d461c9049086ea0301b956203e7cb59438160d

SHA256
da3e73d31020d249d320f01fc40220043e34ebc99fccaec56c5a97f671a8f227

SHA512
f766b4ee7c28886c1901cf76c1c917e296ddfd3cf843f4f27d7a73db37247ae0dfb8c3f343c4ba124d20f4475e0fb4cf60860215480341715bb907d73630cc6e

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\Local State

Filesize
2KB

MD5
2a91e4e7edf485f6f367d0935ca89411

SHA1
693fdf1e053719a796a22bd625f7d38901c80500

SHA256
6f60504640cf60b577f6e82b195f2736ce86be66c1ab6b8fc126aa18c5406dba

SHA512
7e268a6a9f4580833cc3de4258de5a862db281f20f0ffaa1948ea01ebf8aaf4ced72ff4926c18e57155d15ed2b09d5b792f727be040bc2b1dde54fa5271cf234

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\Local State

Filesize
1KB

MD5
047565b61663a4a0c6eba91f8c395534

SHA1
27354ca854d6ba077fa038555240e0dd268f11e6

SHA256
69e19274bea03df8c26772f6a79be52c9dd3c6eb6e5dfb9d17cacef6a21000e7

SHA512
01d1059c47aa8a4f3658c8afca192ae56e39462cab6e0d4365cdcaa7ec3df4d187aebac03b8f09f24187cf2dbc533d8d226cd0f5bdcacb330dea44d80e0715ee

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\Local State

Filesize
3KB

MD5
01bc5c8c807c396103bd576233241b10

SHA1
bcf8ed3532cec8da837479a300be291ee7d7cc28

SHA256
794c6aa60328be55e125dcea8f36d97dab86a73ebb8fc9075f4e082b04c593eb

SHA512
f011cd2cc25291407dd480bb14eb6ad187c0b4d8231f6b79382bbcce719553730ee2a6278338c07afcc6963f639f9f53e61307611a9a484bfa507645167cc25a

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\Local State

Filesize
3KB

MD5
c0c0a2a37c6c9046371fde6ff053a40c

SHA1
e2d47004b903d30b14419d5e59763377b4396fa0

SHA256
e3d9f8243904a836a948d0fb5decbfc27abf5273603b3589f67a570b943151ce

SHA512
600a6cff226ba8c8be3287d8253654eff2f53dd9114eaf1d053f6edde3bf13d3c76c7224bad223428b391a5e20504bd2acc53596dcb4810bac8991bfd436d4d1

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\ShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\ShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\ShaderCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Adobe\webview2\32807520170def1fcdc3996c2ccbcd770d593dde78cb9af8ef86f1d58ae5c82f.exe\EBWebView\ShaderCache\index

Filesize
256KB

MD5
4c3931c168614f94448d84e9c0e5246b

SHA1
14d5c5c49ea7f7b09370a793fc91876be44bb7c2

SHA256
9d505652de1754568a8138a1ebabb7ba7a476b05489ab8d53fedf19a091e4534

SHA512
24095ab4224e276aa0db2d2cf4a3393f02ab0cba23a1e529d55b97ce92e4d37c837f9693f945555e86d04697668fe3acb9ba14e9efd502542b6fbee5f389ce22

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
800fe33fef4965ea5f01606d05ac8ad9

SHA1
013755b6972e23cf8a17d57bae99e9af645f961f

SHA256
f4f1d2bb427e67db0979c15e9328f29da86d3a4d1e21ed625ac5eda780ccc457

SHA512
472193f43c5abc4dbc1b84333da2f8a1b58b931758beaae78550f24523b731e00e7dff5f42539df7ad0f10bea656529f8d15447ff8ed919e707886a94ce14d8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
ce2a1befd539b197283ca2103a94ba3f

SHA1
28b257e68bed71bdf778d1116bb69e9200030b80

SHA256
a1b4ad97775646a207812202eab9c11e863eeecc7d9771dcb56d2fadf2f864e4

SHA512
8a87de39f329ab0773b89ce0e8d6c1e34cfe1ed9dc55c8bb12d68c733a8fcc95baff414d22adf409c6810810af3d523c0cf484913b526bd27000fe37aee98e10

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView\GraphiteDawnCache\data_1

Filesize
8KB

MD5
259e7ed5fb3c6c90533b963da5b2fc1b

SHA1
df90eabda434ca50828abb039b4f80b7f051ec77

SHA256
35bb2f189c643dcf52ecf037603d104035ecdc490bf059b7736e58ef7d821a09

SHA512
9d401053ac21a73863b461b0361df1a17850f42fd5fc7a77763a124aa33f2e9493fad018c78cdff63ca10f6710e53255ce891ad6ec56ec77d770c4630f274933

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView\Local State

Filesize
1KB

MD5
bcb27bfdb71fb272698b1abfc2c8b3e5

SHA1
3fd6be2ea60aa261570cdbd42dde84fdbc68ae1f

SHA256
3c377c1397c0f7ff8a85bcb2d82eb087fc4712447a3a6c92e891605e8316aa92

SHA512
19c34495d1335dedc3469556d59514e99ebed190bf19252239f834986c7e3dd62fab25a4b60cd6332d94846a2174a11fc2e144657a688faca0cbc55cba699c10

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView\Local State

Filesize
2KB

MD5
b91e174624c53a1aaff2175ef8b44385

SHA1
94bd34dfb4a5c4594ee2028842a0ff9045413dd3

SHA256
daaefa6fe4674158d8f5ddfc179242ac6e41ce948ecabe1dedfd792623b849e3

SHA512
b04bb69ca0d04dd65a46acc627188dd10b48b1366512e54e0d940a689682848f3e1bcd42b511ff3f775ecaf3a5afd5e894aa58c4b8235f70e2ad27c23cdc44ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView\Local State

Filesize
3KB

MD5
c3360aed4abf7cadfc5e94ebafde2577

SHA1
dbe2d50f24a45430a022d71cd469f42fef64d739

SHA256
a3792134087d9001b028e6a8ab5dbe141b43f29d547bba0b0ea3279390430549

SHA512
8fd734f08929eb7a42fc2b8ddebbf299ee700000688a7db46b7668c9f6dd889625294bed3bc9323cf5cc035fa1b3bc6eece47da31843db06a351cb0d1933e527

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView\Local State

Filesize
3KB

MD5
7e05861894aed838b6e3178fc3a3eda4

SHA1
29cc4d24acf77a6971aa6e9de7165a2a8b69e2b1

SHA256
9adaf0b6cb572c72c76a991d42ac8fcedde04d91aeb5d24c23145afd8ee58145

SHA512
9f40a2294963b03d9dad552baf898cbeb302f4f250781df3c968f4856183e981288801fbdef283fe6b4f46e6f334aecc1589f416b90bbffc8a04cffdf5c80b25

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView\ShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\EBWebView\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{E2FDC954-0217-4716-9B3A-A473B5868FCC}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
memory/864-18-0x00000000005C0000-0x0000000000F85000-memory.dmp

Filesize
9.8MB

Download
memory/864-31-0x00000000005C0000-0x0000000000F85000-memory.dmp

Filesize
9.8MB

Download
memory/864-32-0x00000000005C0000-0x0000000000F85000-memory.dmp

Filesize
9.8MB

Download
memory/864-30-0x00000000005C0000-0x0000000000F85000-memory.dmp

Filesize
9.8MB

Download
memory/864-17-0x00000000005C0000-0x0000000000F85000-memory.dmp

Filesize
9.8MB

Download
memory/864-322-0x00000000005C0000-0x0000000000F85000-memory.dmp

Filesize
9.8MB

Download
memory/864-13-0x00000000005C0000-0x0000000000F85000-memory.dmp

Filesize
9.8MB

Download
memory/864-1-0x00000000005C0000-0x0000000000F85000-memory.dmp

Filesize
9.8MB

Download
memory/864-5-0x00000000005C0000-0x0000000000F85000-memory.dmp

Filesize
9.8MB

Download
memory/864-0-0x00000000005C0000-0x0000000000F85000-memory.dmp

Filesize
9.8MB

Download
memory/932-91-0x0000024EBB200000-0x0000024EBB555000-memory.dmp

Filesize
3.3MB

Download
memory/932-80-0x00007FFD95DC0000-0x00007FFD95DC1000-memory.dmp

Filesize
4KB

Download
memory/1284-268-0x000001EFB34D0000-0x000001EFB3825000-memory.dmp

Filesize
3.3MB

Download
memory/1336-92-0x000001C800400000-0x000001C800755000-memory.dmp

Filesize
3.3MB

Download
memory/3392-200-0x00007FFD95DC0000-0x00007FFD95DC1000-memory.dmp

Filesize
4KB

Download
memory/3392-282-0x000001AF04000000-0x000001AF04355000-memory.dmp

Filesize
3.3MB

Download
memory/4240-153-0x00007FFD96490000-0x00007FFD96491000-memory.dmp

Filesize
4KB

Download
memory/4240-154-0x00007FFD965E0000-0x00007FFD965E1000-memory.dmp

Filesize
4KB

Download
memory/4624-273-0x000002679C8D0000-0x000002679CC25000-memory.dmp

Filesize
3.3MB

Download
memory/5144-324-0x000002662D710000-0x000002662DA65000-memory.dmp

Filesize
3.3MB

Download