ef86543a3d29807bf87927b49d24f68fe5a1bcf93a21f427925f747228536797

Resubmissions

28/05/2024, 16:45

240528-t9m5zadc77 1

28/05/2024, 16:37

240528-t5azvadb39 4

28/05/2024, 16:29

240528-tzgkfabg7v 1

28/05/2024, 16:25

240528-txecasbf9x 1

Analysis

max time kernel
269s
max time network
271s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 16:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

lumen pdf.pdf
Size

75KB
MD5

903ad91c0303928d3e77d3650a8ae68e
SHA1

a03f33dfcce9b1137b604bb2a7a2a8558a368ecb
SHA256

ef86543a3d29807bf87927b49d24f68fe5a1bcf93a21f427925f747228536797
SHA512

41dfd072c57d7029f12762211d4dbb1c5c7a16d493d6f677af940ceb23e97db0d78c9091b1d229e4e3235c9bff6697ac0c75e56cc196cfbc08cf23a4b6f14692
SSDEEP

1536:mVg/doRa8XICaHimpbJ2ZpnUbHkivh4AHHE0tbCmwh1+:iadoR7IHdpbMQh4AHHEACmwhk

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133613874251869562"	chrome.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
1176	msedge.exe
1176	msedge.exe
4324	msedge.exe
4324	msedge.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
5628	identity_helper.exe
5628	identity_helper.exe
6076	chrome.exe
6076	chrome.exe
5228	msedge.exe
5228	msedge.exe
5228	msedge.exe
5228	msedge.exe
4284	chrome.exe
4284	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe
Token: SeShutdownPrivilege	6076	chrome.exe
Token: SeCreatePagefilePrivilege	6076	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4984	AcroRd32.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
4324	msedge.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe
6076	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe
4984	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 3952	4984	AcroRd32.exe	90
PID 4984 wrote to memory of 3952	4984	AcroRd32.exe	90
PID 4984 wrote to memory of 3952	4984	AcroRd32.exe	90
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 2400	3952	RdrCEF.exe	93
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94
PID 3952 wrote to memory of 4872	3952	RdrCEF.exe	94

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\lumen pdf.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3952
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D4BF409FF10D65175AEC211CF98C3DBF --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2400
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=58DBF32E29E3B3E56208BCE7A2E30063 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=58DBF32E29E3B3E56208BCE7A2E30063 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4872
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E6357B7FEC05CBEED9508A8C9479BC7E --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2108
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=497517AE861E39568F5E2B46F0D9DBF0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=497517AE861E39568F5E2B46F0D9DBF0 --renderer-client-id=5 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4588
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CA52AF1E2C5046083AAF46D7596FDC96 --mojo-platform-channel-handle=2656 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4424
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=59DE5F6481E19EAC2EED5FFD25F7BDC3 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fortifygenerations-my.sharepoint.com/:b:/g/personal/michael_fortifygenerations_onmicrosoft_com/EdkLHE2s4rNElIZRFzqlxfgB8xXc75TTbLU3KB-cz6d4pg?e=fUBojl
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9eaa746f8,0x7ff9eaa74708,0x7ff9eaa74718
    3⤵
    PID:4356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8658193569738250592,2817940557858372397,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
    3⤵
    PID:2388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8658193569738250592,2817940557858372397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,8658193569738250592,2817940557858372397,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
    3⤵
    PID:1568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8658193569738250592,2817940557858372397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
    3⤵
    PID:2400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8658193569738250592,2817940557858372397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
    3⤵
    PID:3704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,8658193569738250592,2817940557858372397,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5076 /prefetch:8
    3⤵
    PID:5168
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8658193569738250592,2817940557858372397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
    3⤵
    PID:5348
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8658193569738250592,2817940557858372397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8658193569738250592,2817940557858372397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
    3⤵
    PID:3896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8658193569738250592,2817940557858372397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
    3⤵
    PID:3916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8658193569738250592,2817940557858372397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
    3⤵
    PID:5780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8658193569738250592,2817940557858372397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
    3⤵
    PID:5784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8658193569738250592,2817940557858372397,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2796 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9e850ab58,0x7ff9e850ab68,0x7ff9e850ab78
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:2
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4356 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:8
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4776 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4764 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4368 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:8
  2⤵
  PID:6200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:8
  2⤵
  PID:6208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:8
  2⤵
  PID:6660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5048 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:8
  2⤵
  PID:6744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:8
  2⤵
  PID:6780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5224 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:1
  2⤵
  PID:6968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3520 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:1
  2⤵
  PID:6460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4932 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:1
  2⤵
  PID:6872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3448 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=2020,i,9072186897183441331,15838218534418732140,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
74fdb7e7d74991d536923dfcd937ee28

SHA1
0d5dde7209e63bc742e8c4b06e95d3482b912fd3

SHA256
6c9290cdef425f7be0ca26892110ca87e76c033fc4f4d191c31adfaa6c5f8a16

SHA512
fd37cbfdba6247faf1206c9d9179fb6344a64ebf720b60409ad43f59f694db6e80fb9ea6d9aa58e85590d338320dbbfc9ed8ef407e6d84da9b354ed40a538f70

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
95209b12e9995beffba96a87673a8a71

SHA1
2c183cef39e2463696f04a0b20202a9c05521bd7

SHA256
a6c49c2fe21b43394b50218c791985db6fd098dcd5c1a275f113ae4fcad28fa2

SHA512
af036447ce268c9fc2ec56b0a2a4f9b9094c191074ea582d183eca60b70bdd275173b513cea5e5b392f08bebb265726a1917801acbcad9f9219144bcb6710817

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
5b8d62a663d7023186280935d82d155c

SHA1
b4b22f4526741fe8ea7e30a97635c4c66a6fcd09

SHA256
96acfa7b4e3fa497e3f3175b4db92b5ec3cafb72201a4c25fb85f9695fb2a0a3

SHA512
defb0f663694ccb0e0a6bbdcf0a3ae7a699448cd81c4ed86d7d4f312a48ac90cf9d10df7bfe16cda86ee6fc9cbe6f7e5bc11feb2df948e28ac2b4a5281df61af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
07d7f828a419f396b4a657306706ad0b

SHA1
f64045773ab2f622e8fdbe43fd5c93a6d0c7b20d

SHA256
83d5dd8e2f0595047b8b78a575144df9014f5caec23834d90bcd41d4f8d17e8f

SHA512
23c8a3bf859b6d6db5f06db75242b4ac7d414127d65f93c1af8d813f6dc9c336f15039e80684749b6dea6078fdc00c0981bf0837fe49483ed0f1b60bfe69ff44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
baceeaa6d9cefe2c6a3cc1f8cec208e0

SHA1
40501de2cb4f6d68f9910b2d2c2619b91540845f

SHA256
096241d3b1dd05c3178d6498df3c0016cfd7667c56a42f39e2777bf28c8f76ee

SHA512
a85360dcde8666558387ac7115caf169343c4bb9343782859654d3720fb71fc00b5b75473078c7f1dcd32a7e69c1e898c0f615ce793363a0ed5bc3b1efe096e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b55dede24eb44189424fc3c9454f9f37

SHA1
91d6472f52107f75e8e50089aa1b62a2b34a4019

SHA256
f2d061c62cdf9798e9b4cc88b982bb27ae760e001348ba4234e6a8629cb4e668

SHA512
c2a1f2e4cd703582b50cda3506ad43606c85b1764a578d4601ad03e34b84fc43f6f9c1be4346941f19a337ef8d5602397aaa73bd1b61af68d48d7c71d3b35e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9c7c8842a475d0df2ebfe9e8e4b34917

SHA1
8dace61624d9b858652fbee31dc50f48ed79ab56

SHA256
d839a05d981ca0a3378623af40da9884b23aa59aadff287888f4e97cd7c3bbb2

SHA512
df8c3e2f97aef3c163167d27b4d4f452aa151b79450462477496abd409e8b9df2ecb92ee94b556a599df2006e8bd83a5f40c3e82e7ff467e08e0ed2e652d52ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c3efa663111d9cc52540476c954a6016

SHA1
0aae891aeb708a65cbee550589d84db0ce0652e7

SHA256
f5a30633ede18c894ca33aa7f72e238b626f90ddaf3caa44ab1c94684ff235f5

SHA512
dfaa42cf759deb4ea5f5e1c79545de2a3636d6b5b9f8562cfa05278c84ee823a3b9df58cc884c1a1c8b294988a560f8ac2e5a5f352993f6131b5623c3a651230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
f8225cf856811e5587217bf332828398

SHA1
19700430f1d5bd9aa0c4d796dbede998bdc6b5e0

SHA256
08d4bc98ca18b63f6967e0872f3f3bb06522e672f11b595b9cdeb3af3f5f7ccc

SHA512
c194e3d41207826c2509c7833b361086a96d06670c465c962598945116a41ffb86c41ee10f9dd288b97f358d8d2684764661e9ae85fcbe4d6197fedda7d6cce1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
63c7e8b690171b7195f32108af57c2da

SHA1
c3162ffe564b545afc75d45069389dcf804e1836

SHA256
8d38c9ba11b2010ca68002b21f1639b59d8381d58ea7eb3c7aa49bff09c9bb49

SHA512
2b663f925204710efa7578736d0e77de6407999ba71dcb69dba1971f95ee3aa8fef4fd1147d9580e4ffbd86a46650d279b4e53c72e3a656c2b73754b51da96fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a763103ebad7e749dc03af476c89d2cf

SHA1
5ec856434971c8fed0ece1fa5eaaa8255bb0b756

SHA256
ec77a93ac10bb50b8ab3e85f9e7ebfcc531e18b1aa9931927d4455be790b6a8a

SHA512
12cd624872e91095c3242da785ab8c9618d5f5dffc3adc13ecf31d4aadb0e84a37d661c406259cda2e858a3b9c9efe51b4070c6578c9d264252701c47a15db6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
94545fa91ee7542df6662bfd72769871

SHA1
ef55b84ef9669c881fc2902971753a134e4888e7

SHA256
d6d05e5205bdc1f53412215d475bcde7a7c5a3d8bfcb0deb3927cfa0dd2c0723

SHA512
bec6fd0ec42e345cdcaa2b66dcfe85554ce0843ff945c93bbda90303b2bd8561f94131d1886dc208d947565001786db09c29d2500e69f0dbe2abd7dfc69296bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
058b89f46026124c176f540a04c5bd93

SHA1
9beed1d3d60d5b61e98c0295a0cb5f7bedd229fe

SHA256
b3620d45a09d22f11badb48a4d1992df81ccfccdfb1b458781339b40a48fc7e3

SHA512
d2dfb0d14fb4a16dc2892d0ce2da4af0305146b10aa1109b16d8e9c3deb81a720586eac12072693aeb78453bac1330d8bd6728e2f37e8f09fb5d0a43565a4400

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
9b7db8d48163e6cac36c17231355d987

SHA1
e7f2fb7e4c6fe71f72dae063978d012725e23d37

SHA256
e26cc3afc38cbdf420f231922229ab394880519b995e1573995697844d094ed1

SHA512
cbe2e6d53696bb6b11e247d08c14d490263c57948fd5ea1def239d0e8f21b3a2e7a08503f2257eef1a53024262e7fd305e28b976910b4ceef8a4c766225c86ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
6c9364ef78306bebb78a0fb013e481d9

SHA1
b2294dc2601572cfc4e2bad6e23c198cc0c835f9

SHA256
0bd394da4fe7109d02d79524c5c668437110b67a3589cf8a7ae07d3764e37a7c

SHA512
5824a7ba2482612bcfa692e629167abeb86d5a960a16088706748c7fbcadd871ef23812820b375e727f7aaa19cb957998c8b14cdb63377e68a80d6cfb4397158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
38KB

MD5
9f2cfec6f515c29a912aca38fbe84f65

SHA1
a1c61cd44073cab0c1cc2b5c02e4a099f82b95f7

SHA256
cb23d3583d5d8659b2d2f22a9426d925c9e85b117cf04a4a83566f3fb5ad67b9

SHA512
02a98f644dda934504a0024dbfcfdc1ead7b28506334636ecd5fd20ce232048d0e317b5a301a7e3001a9c44d1ebf95b00d923fb234cb52bface51b50cff593bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
fa817dde7ede3b4d8a0e1272fab009a8

SHA1
4ed794af93de1a0abc60c5190d26a4b5901ef246

SHA256
7295e9d0c24f991ebe72a846ee9f4eebead12f89af1246ae67d6c80a2e6d1427

SHA512
5a209b49f95141101f7641f00b087f43ba3b32388e7ab9a18a11a47ca5f4e3bb7a0c0cdd5adfc9d2bb09abe308c6f68e03bf2635876d5354867bc1a17679acab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
621B

MD5
2bb5284a8f4fb12aca278a824aacbbf5

SHA1
f719a8342a28c32d23c47031bed86575171108e8

SHA256
da80e49ba5af310ffa21723e4d45734798928dfea7f9f8e941e3b2c39dbfdf6d

SHA512
eff13485a13fffd9cb09a8d42292b7bbd1692d5e3fbf44c698c4e3d043a30292b2e0150e89e4100f64f17b563eb6c7d6d7370ce6ecfd59146378fe4899f3cdaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77e508a3b3e97ae4aeaaa3b609a76926

SHA1
54a8006886ed2d683521a915820d3c0910a8bcb9

SHA256
5f85f822f378cbb4ab89e3e513bfef9b83f8c65ca3663615561e8b0b254a2249

SHA512
058c1f6b9547b7c43e31b8aacc94eaec69ee1a1d4e714c6d19033bedd49fb39adc6d30ce3a2f7493404ed63e9be3bc1671a9aab617ac0a5f06b59ce5a04658f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ae130987474c7e9cf66e67742f72de5

SHA1
67c161fa3fabb003dfbfc102d6d74bff8d25822f

SHA256
c4a46bebc3987151e72e2575aa9ed340a2b952e1b5c93d18312b3e130422a923

SHA512
7925c6faae0f33693942bea2b982a1d65d4356d289f6d69fa32ae3dad77a3672b3786ddc4b2245f2c35aa8650adc11eba4c5703195a9a2cb30428bad887fac1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
99d81a2be6c2af056edb6ee04d34e422

SHA1
dec4c63932b9adb4caad4b17645470b5f70cfc86

SHA256
8b5b9f501769acacd5510c8f08df298ed16309b3e6de2fc61f25feb426e2bc27

SHA512
85163b79c540c600234542654400a08e561def220f83efe7e4406316fa6c7d2ccc385da86eb6ce564fc2aedeb3a49461ea4f7e80b33a6edd7c01a2927912b821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7da5723606a7e64751b2b9cd36a7d84fe00b1c7b\09134c41-e1e9-49db-be01-c9b0c58a5643\index-dir\the-real-index

Filesize
120B

MD5
653156b96511146b6c68bd6292f421c3

SHA1
e68f627a24af02d6d65d4f1d3ff3395d841ae6c9

SHA256
c80fb571204692b4a2c43faa3f3109e80298ac5ee6b1ac75d8a443ed9e100ed5

SHA512
f9098bac4e229e0956d348cc3a4feee4d5a26bd07f852abd0f96a92f65d46196f787978c4011d1bf8202f1a8f2143958aa6ec1df562c762ba0d0e6e2219a60d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7da5723606a7e64751b2b9cd36a7d84fe00b1c7b\09134c41-e1e9-49db-be01-c9b0c58a5643\index-dir\the-real-index~RFe588a69.TMP

Filesize
48B

MD5
0c88b5e0b41a2383982b37a35426cb31

SHA1
439fdc1925f5b9b7797b9b81a2f7b79d421fe3ef

SHA256
2cbde5258f5c5435c9fd23a410a93c093a53713f4e2b7d3acebe17826456960b

SHA512
1e30a6ed304cb24c33cf6450a493deb3d3c8fe3fd7ddf2017fc39c9707bf027f5a6d4e0db8b48ea0f8985b4b90830cb9104bef722e9b9c441c7dad0998dac506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7da5723606a7e64751b2b9cd36a7d84fe00b1c7b\09134c41-e1e9-49db-be01-c9b0c58a5643\todelete_7a48c130a6a40c0e_0_2

Filesize
142KB

MD5
224f6c4b87a0098c2cc9faaa6bc023c7

SHA1
4608c357914c433c884d30bc87872fbdf643596f

SHA256
e218f1031a1b256e79180b78a4efafe48f5c02cc815034d5023175c82f74acba

SHA512
836809d64cca695c2a7e0626a026fd42a787750e84a0f604bc6658e5fe5dd7079b7bee041f77e59f9dd248030c2c50ef51ed122568ceab39d043ed4fd3068099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7da5723606a7e64751b2b9cd36a7d84fe00b1c7b\09134c41-e1e9-49db-be01-c9b0c58a5643\todelete_7a48c130a6a40c0e_1_2

Filesize
288KB

MD5
7ab5ff6fc66f942e7900b73e64f80e8d

SHA1
3caae49150ae3c9ef81ba90e3b644a4d03d65498

SHA256
257cb83ae3254064e8301cd3bc3a5aa5c6a996abda0a220b7f422b3e735c8f1a

SHA512
d92832e0646745027eb03f548b16367d4b37730eb122c5126ac43ab895376a906e76f9e856f48fa53bebf023155dbf179db221efbbedf0f906fff2cb3955f641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7da5723606a7e64751b2b9cd36a7d84fe00b1c7b\10bd49b3-89ab-4989-b0ee-1ea05f4bd48b\index-dir\the-real-index

Filesize
1KB

MD5
3c3ee566f7e6f37f387f0e862dfe43d3

SHA1
d8c82fc7ab07c4a3fbc3a07af0c00b23b09efc95

SHA256
a89b03432172e6165116e1b362416b0ac676c36d570fead58c5278bc8fd7f43e

SHA512
b49d04696b1353f34a93887b06658cf045ab59bdb4856ca8dd82416f9b6b5543115b8bae442be0a4a0e2c436daf8dd2d6bc19481c2f8a3cf25e64c9fb30d971a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7da5723606a7e64751b2b9cd36a7d84fe00b1c7b\10bd49b3-89ab-4989-b0ee-1ea05f4bd48b\index-dir\the-real-index~RFe587ad8.TMP

Filesize
48B

MD5
4492fbee1b628873aa298b6927de6ef3

SHA1
f255eff88f2d195e0cc21e69f34127604b846c82

SHA256
90c07957780a86ef3ada6e3ca02b14ec19759da3f3725dc38d9ab91bffc88897

SHA512
7d2c299aef2ae5a3e84fcb6edb5ff2cfcbc0d00acf9eb0c01282a3b0f3a7a20c22dfff1a5e2f34bae68fec6be74257410170518ba99a90b6f9ac699cff2c46dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7da5723606a7e64751b2b9cd36a7d84fe00b1c7b\221ce221-8823-4f12-b997-f8ebae46d736\index-dir\the-real-index

Filesize
768B

MD5
d44956357b62dd91aa47a3ef953d7fa0

SHA1
561ac49ee2d388d65aefa712a9f5d83efbc8adfc

SHA256
867134693c10a02fec18af9f0a8f40da8e806493c2fd7ea95d40e848efc8633e

SHA512
ad309b17ce559b45b4ec0c75aff2b8efea37e81f9ccc7fb70febccc29cc643d0cec8798b6d4c8f0e92df81b2799b64189d2b798ad7825610cbf8f6c216bf48ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7da5723606a7e64751b2b9cd36a7d84fe00b1c7b\221ce221-8823-4f12-b997-f8ebae46d736\index-dir\the-real-index~RFe588e22.TMP

Filesize
48B

MD5
38764f6e662017ee34747ade1ab8942c

SHA1
db3c4b3c1d387db0e6e4fe700c74478069b546a4

SHA256
6b81a2024b24a85f9bff2afcbdcc305aa9e2ff5edc539bd8d283d3557b151d68

SHA512
2652453bb7e41e3b838344b5b46f4676b3b7da335c38bc294ff16d3b3118dd9779b0db2d534b87decf768122ec06393750a7fbf5e2c120a4bb679833688c1b1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7da5723606a7e64751b2b9cd36a7d84fe00b1c7b\index.txt

Filesize
250B

MD5
09cacc4a7fceab1786eb1cdeb02f46f5

SHA1
8b5451fe9aad0694ca7fe99b6d7ea3c659a9c3b7

SHA256
8eb1b84cee09d0a0c9f84378bacc3efc7d38225052a616bab4e911f2884198b6

SHA512
7daada9e3f31f2af5685167468576f63ee6b13404e05c8fbbe72d505b19ee25266e1aa0ec9d7cf9279acaec63a0c5b71b17584f9a87413ca428e59df636f4e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7da5723606a7e64751b2b9cd36a7d84fe00b1c7b\index.txt

Filesize
111B

MD5
c76d5ed9b6bff9f68560837c970839b7

SHA1
ed8f19ce48b4cdc74ceeab7863741f08f10bdf89

SHA256
2858b175d08c006d712aac2242e12351678e7b1844846995229924f8f25eed23

SHA512
a206eb19db331778ef5663e973cdefbfcbe392a8a48501e794b6fbf9a6cd2947b88d91bfb472350e04ab465e37f680ceb52dd838dc90f95ad3b43ed4ae095c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7da5723606a7e64751b2b9cd36a7d84fe00b1c7b\index.txt

Filesize
189B

MD5
1a19375bf40bbb1e4f22e8f3a6f07463

SHA1
59d272780602664cd18437cc27be5c05278a7eed

SHA256
2ec411ec07f7364a56ea9da1d0a28346f61e3b2e58b74749d5f9898d7ab9d5b5

SHA512
17f4ffbf7b2f27d528788657d0e0e4c5e7680e30bde2a20a1c0085a6153957b5d4749cc77b79ce7fc410e9e0bc4e4c86c7c321ff79c30309e7872c0969a984bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7da5723606a7e64751b2b9cd36a7d84fe00b1c7b\index.txt

Filesize
255B

MD5
e431354b837d01569990c3b48ba1fc08

SHA1
929ea36f1431f0c671a3498be66046aee6f69654

SHA256
b9f16c7f7d8b4a2e42a24294729331e1d1f4d72aea9075f94a3081903f92ccf5

SHA512
7838347d1fd405ae4a0b8df0b4f721cd3e218ef0b441ab12058d271d02728a3faa2cf770e19ffa9619f40deec44513b9d5da5e714bab0209391f1c7b4afe8b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7da5723606a7e64751b2b9cd36a7d84fe00b1c7b\index.txt~RFe57ebb8.TMP

Filesize
118B

MD5
b4806848b00efa2905e24ce551dbe032

SHA1
277059c29b5ffb723d475382123b7cec0ad437f5

SHA256
4d4019e0c330d55dd5ce352cff55d4f594a0d15642b8c050f8fc05e4d7716213

SHA512
0987cc73a5bd5f9670421c45ab1fc71983afae620ee8f1dc0d1fd8be6ff16dde2675fa6f766d182fd2fb2dc9128bdaff3ec70ca23265f41b23c73a096bcbf1bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
e6fd2df4e20e67231267d2f2118b1354

SHA1
c286467be461dcb7b0a1f68d492226f520989d33

SHA256
ba7ba488bcd6d4d67c1c6fad6bf99401c0b40c60a5a6a2cfea12affea517df7a

SHA512
00fd7676dcedf2066a3e34aeee05b9b883ca9dff1783e6a3e4e744a03e68649c0de65c35192b7894eae4ef9d63aabb1c78b781f3724bfa349dd810a64880fd97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57eb69.TMP

Filesize
48B

MD5
1c808c9853a5207150b7557c508108a5

SHA1
b8729c79265d52587f55333ebff8ec3032a03695

SHA256
dd7f67db9829119993efc4df5784696b7f2ea7c4a57b4e32f31b629d37f84414

SHA512
7745b58b75cf97b332a60f65312318e599227b5665110d968b9a94caddb1dde470b5de4ed7d5ed96c9a2a0b4adc9e206771000356e7b3d80adba38882fb051aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
4c06529b249ec35732ba3eab5b5e5de8

SHA1
1f0705d2afcd78e3c3419155371bea37bd9c6fac

SHA256
f8377377162f52a600e8be29bec7e522271815d07a0acc958744e1a7209180d5

SHA512
9c84f9db55a64d37b505a976c1ee094f1631fb1eae570daf81beff741b60106095118b6a0e882338d95c028ade515960f5399a2b61657ab7109faf7c850f8743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
971366d6dbba1d923d4f61dc181c460d

SHA1
73090f678422925201bca83055ee9a03e485f903

SHA256
2816f48f88198becf8ce12f0f74640d3dd479505afbac9485737b79ada017b88

SHA512
7035a9b38bc9fdebf13bb1f68879c9c72348767c5f9e195433474b52ebf8739372fd0452cff58271a8ec6d86a3574923d39ee3f59277add66775aeb1673c90c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
c1d3ae3f542b438f5751322ab00d69d1

SHA1
6e3caecb801474f1d1ce08cce38e9940eeb7ac21

SHA256
a21ab7347270aee99a77e627c3cc0a028fc0df0394264a54dee05d8e09245706

SHA512
8b717220370aee78695edac4d9a116da1b82d1402abd8db73a06a3e7daf6594156a20905b759399e96c540f776a2d4a40a7aec5806f270560edcbf8d8fb433e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
acc5d6e58414bec306f03913aa2d61aa

SHA1
650e3cb50e89724fd6108c3f68e94aa18a5107f9

SHA256
4b2683eced9fa1869a19912e66d7c5a2ba7a32d2f6bbbd85ef5b66fa454b19e9

SHA512
7b709c383825068b49a3b32d6d876e6f073fe2398c7f861edd26a38e9866f87aeb26736fae45a887e0bdb202839a9a906228bcf1735643740dcb9843415b5b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
41507a0a9696893f9bb20272a8b3d069

SHA1
574bfb05a6643985c9925af64645f1e33197d26b

SHA256
b58333e0dfe1aaa435b4326d299b03b87d9e40758bf4580a651f086f86b09a49

SHA512
a74f19fea65aa47969090e6dadd86538a1b277bdcf4d77d3c50b69922ca306dd6fcc1ac431978d4b68822a088524acc8ea59e0c8300ce426b795ac6b2050d2e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d225.TMP

Filesize
705B

MD5
03246d74428d45a9d6abe59a779c6e57

SHA1
bdaeed9f3e8c95a93faa3bc093a0b4709b8c0795

SHA256
911c125ec89ad4d4aa9b52fe5416ffe6baf288748c68703a2a3f27b62ea13ab0

SHA512
df628bd8b790158ae767f9e01feb2e5e851e19424c66dd18b29c8e34b835ee46a002a702519dbf548bd369b0408987f1be3b975bdb6523c478160ad135ebda06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7ce3cfb4251c1fbe2d3a4701dace302f

SHA1
4c5e3c133417b89b5c60027d00f95700edb6bf39

SHA256
2df230885193306594fba7c0b5e9b6b7dd6feb9cb7df8f93f8ff6d8dab503c22

SHA512
1424dd3a8f5763561078eb53ff16a37b71b9f02a3e547d70bdacfc0beee8dfded80e0c5fa3715eac2bf9026d571252ff64d99ac20495315dc1485323961ff9a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8bfe39174a1e72c23be8857edc75215d

SHA1
d8495ce5fe1d1cf9b9e32d64b9d19a7fee2fc591

SHA256
6af9bac62a33802761ab24f93ae7680b540a486cd1b85d430c404e53cb981f7e

SHA512
50fb5894d4862c3a4d466f9fffa00c0595a946e478475c68d159926b95e7364bc8c8dc08baeeb747247c953fcd3d9fe62ac06e292268a01fbcf21943b2641e31

Download Submit