3e034fef3a152b2ea16d266d6eb8b29a7a2f619a96b094c3871637340ded6701

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vm_Charles River Associates_vmail_81d10b82bfe74a9d61c3a735d8a5824bldangeloldangelo.wav.pdf
Size

60KB
MD5

cb44e2cdf0b1976dd937ed863ae08e6f
SHA1

508b8d3b188fa21517f9d03500f93ec064a86f52
SHA256

3e034fef3a152b2ea16d266d6eb8b29a7a2f619a96b094c3871637340ded6701
SHA512

573581d65c5e3334a20b70ee0d10f2a47e0b52799fe42aeb451b94366eb429411ceb3f4bf8e7d7c8df5f65268c3b00a1ea32017fab667051fd0a2bbf3b6f3006
SSDEEP

1536:ggwE41Q+r7bcNPkGf3tmtPHkTgChGUQ9JMAotrxzgCb9:gg+hrncN8GfMpP5UQ9JTKFgk9

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
1852	msedge.exe
1852	msedge.exe
1372	msedge.exe
1372	msedge.exe
4364	identity_helper.exe
4364	identity_helper.exe
2016	msedge.exe
2016	msedge.exe
4336	msedge.exe
4336	msedge.exe
4224	identity_helper.exe
4224	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3472	AcroRd32.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe
3472	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 3440	3472	AcroRd32.exe	86
PID 3472 wrote to memory of 3440	3472	AcroRd32.exe	86
PID 3472 wrote to memory of 3440	3472	AcroRd32.exe	86
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 888	3440	RdrCEF.exe	87
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88
PID 3440 wrote to memory of 2524	3440	RdrCEF.exe	88

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\vm_Charles River Associates_vmail_81d10b82bfe74a9d61c3a735d8a5824bldangeloldangelo.wav.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3440
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9356208D74B96CC3AB9123D23CF90493 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:888
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=98085BA3EE56EA36CA36041533BA635D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=98085BA3EE56EA36CA36041533BA635D --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2524
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B8D25053F308BD176C43579086AC5716 --mojo-platform-channel-handle=1788 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:848
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=517CBA1003599A86CD9E703316CF9C2F --mojo-platform-channel-handle=2348 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E46132C62092FDE4BB9C348FFFAE9CB1 --mojo-platform-channel-handle=2424 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4592
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=897322278297EAF86E7216FA1F47E297 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=897322278297EAF86E7216FA1F47E297 --renderer-client-id=8 --mojo-platform-channel-handle=1608 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://service.saddleback.com/MediaCenter/Herd/Login/Default.aspx?returnurl=https://zoom-metting.tel/cc87be0b84bcd9357ec2113c95403c67#bGRhbmdlbG9AY3JhaS5jb20=
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9a8446f8,0x7fff9a844708,0x7fff9a844718
    3⤵
    PID:2936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
    3⤵
    PID:1832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
    3⤵
    PID:2396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    PID:2596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:1892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
    3⤵
    PID:2892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
    3⤵
    PID:4752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
    3⤵
    PID:1552
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
    3⤵
    PID:1664
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
    3⤵
    PID:2868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
    3⤵
    PID:4996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
    3⤵
    PID:1596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
    3⤵
    PID:3868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
    3⤵
    PID:1896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,15641496936152203836,14007368544287200412,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://service.saddleback.com/MediaCenter/Herd/Login/Default.aspx?returnurl=https://zoom-metting.tel/cc87be0b84bcd9357ec2113c95403c67#bGRhbmdlbG9AY3JhaS5jb20=
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff9a8446f8,0x7fff9a844708,0x7fff9a844718
    3⤵
    PID:3444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
    3⤵
    PID:1596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3008 /prefetch:8
    3⤵
    PID:3808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
    3⤵
    PID:4824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
    3⤵
    PID:4016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
    3⤵
    PID:1688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
    3⤵
    PID:2972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
    3⤵
    PID:2572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3668 /prefetch:8
    3⤵
    PID:3812
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
    3⤵
    PID:2788
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
    3⤵
    PID:4236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
    3⤵
    PID:452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
    3⤵
    PID:1464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
    3⤵
    PID:2108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
    3⤵
    PID:4236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
    3⤵
    PID:4756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,15933666827806858179,7386052744492694841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
    3⤵
    PID:2140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
2bec1ac52b9ce8ddd93ffaecac6b7f9e

SHA1
c09e8f0c46df4e02a4b2dbd89656edfd71ae8789

SHA256
019d54e0aa5b848f3f09dd81fa013ae6a333dfba7f9819be1ec3a8004adf05cc

SHA512
0a6feb3fb7fcb11c2ec59b411a2397297e4b1b31006b962f20c4ff87c7e3fd3100e583648c4d4125188298f462ecd791b62063053752aa39fcf50f02114f99f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
6d5d7d3589c3daa08221c99cf53e6ad0

SHA1
46faf66d2adca6683e94b9b4cf379850ae5b28f4

SHA256
d6671565f0b32d97c621d13e4236282881348561bda753043d70ed39cfca1ce5

SHA512
4ffca8f3089592e689b0226d93f8eddf1ef3f9118927085dc160782467c9ee9410d19467279cd468e172dc1bd1577b0c3b75341208052032300780eebb097504

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
9943dbd6a1ddc3b310d0d7b87f50a432

SHA1
b2aedfab48b2daded395fcd90a73a56ac6b34ce0

SHA256
8a7a0e886cc5eb1bde028ec2da8086fcf352a8fa2b1b37fa2701af538e28d01b

SHA512
ebef3ae8dec600e6d169087c7e31946d8eab0ad060b7bc24e28ae2981c4f98dbb0335f41abe98b1fa91e7f989aba05da4a89b348f9944a399df32c303f2c2c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
793d5df67dd2bdac5b13002fe6a56feb

SHA1
d7c7e4fc13101e854103ae0d372f6920eb1e6da7

SHA256
b89c6850b95a11456edd863216a85ff4f7d1b62941fb1f57ac975f821e7623e7

SHA512
0dec6027427b4980f58d5f5c15b2bbc8a3de5b1b65335ddea7656d0511d022e031f61d11dd18cb0abd2e22e8accec6433e6faaa00f4d7720a8d0e7b003baf8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f86c4100387bf2641538dedb9e0d5b07

SHA1
549e86ba24375ee618183f4323bcb73672052cb5

SHA256
98b713daa29148ab8a183cba3772776e671b1a25b49be95f25b111cb97f24eef

SHA512
d9aaaf619d3cf2715858c3d7299b59fc9603693cc71faa4477bd9c05aa628361e40bcb1106aeab44ca812d4f983cbf50a7af8bc2a5b67a851f8f08b94efa26a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
91eae20bc7be190fed2d548b21b743c5

SHA1
28361948f91d296a5a8fd2f14fdce85bb7a914a9

SHA256
36b9a74b24db3c92a348926c6246126253aa166376fef9f89d76fe35588b558b

SHA512
e11398c6cc23d8e6773c06fdb9398c33fc3a3a14aae0d82503e1c9bffabe08cc920ee9f8e9e7e48ecacfb846d4417d3c196bf82cd03b3c60432341fd435a1ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
b775bf97fdebb24adc4a58c40111e001

SHA1
1015d70edef44a5a124e90c7def30978bdcb8f5b

SHA256
4cdfc1dc5c738834edf170e942ecacfaceaabeb9fe9c236b895c748616e73720

SHA512
372153777da497671a7f41b38b6b0e9409631aa54eaa6aa0b0d9ab538a9830ea4cf2ea8063a979cd59ebed3ca39e275c121075639638996baaa2444349846fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
606e2153c97c1468c36f997613c8043c

SHA1
57d7d5895c1529d8f49379d5fe38ae5c2c2ddaae

SHA256
6cd9596d28fa5860484efff45a9e20e895746a53f6abc177b96cc97b96248fa0

SHA512
46dbdd92accef2ddaea3383ae97f5628b61d778bee25d1d369bfb311576d3c6b3cbabc804c4dee211d077579d47ae833dba13701be5636f11ace7896b9c5f449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
8.0MB

MD5
389c302a5fff843ade5cb3be85bc756e

SHA1
c665e1ca3d8bff80436fe1a8123d5f4c26ba5047

SHA256
e03e8c9be1dcdb7ff61c9c650c1ec15febb5e48c35e14d0f88b0df2c38a4b606

SHA512
4c2085e8f301a33a327e72569906217b442979699c4d87267e8c085b33a6289babf15d5a5ce66ee72bbad0c971b82a8abf843ce692e47cc9d03acf273fa96e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
01bc546de6832afe726a8d237209bd4b

SHA1
55a3132ba7736428e31409e16399a73aeb4cb8fb

SHA256
31efc65617f65f6d7bc141913b8deb14e02a3d8b3c75ab5125e3ad0f09bd9074

SHA512
ad3ad2af3a62555ff7ecfd6dd4814679bdf4757a58587f071ee4b630a169a91be9a89ff80011e3de625f29427970bd2360edce45fe261df36175b53e4eed1133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
b836c2b0e01566967511d5d6797a3959

SHA1
09d20276f7b242516034198f3d6897425935c666

SHA256
fb8df1fc98b095df64024b79314249576777b70548e238f1bebe777eb11e6a12

SHA512
4dfebba9ed6a74d5976ef474987f86ce33a0a3b4a12fc021fcc523b7ee20907d567be0361e936b7a06b793363ad930a53abd445c832f1809d2f857ac562f82cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
33e28ac142e04ba49257553b7028936a

SHA1
b0d3ede0d8f8faa61cda12f52fcfc0a30603bee8

SHA256
99fe69ac8be359c9a1c1674732fd2d1c0c87129053bd78e73c5ffea20fb9a7db

SHA512
e6dfb8c5cc3282b20c8422dcc7801c988e8afe554d194daacc3ed1ade4c21b5e38a2447cfbec32b8ed96957fc36993b029144c19bf3ecf594e3f669633051b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
b004bf9bba4fc5c86c28fac85d02d97b

SHA1
72283257d14a3a67c9b6cf52751bc17dfa5a0d81

SHA256
aae3985e91cb55baf9667d7334639e5ffdd9ce5da2e0943c3e05ffb0386d7105

SHA512
f8b1207173be040ec084b206fb36b854179124771c4399d1902b843f4fc9a4e94da484e89274a5afbef84c5c49edd6c9776ac18c914034be50b07d902da52def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
32KB

MD5
aa71b13f38cd575e0c440acc00998306

SHA1
816b51d575cffa015c404498e54e2255d8b6a38e

SHA256
06c01ba125f926109fde45e020de6af4d4d57ba7a37d59888fdda195854ceb56

SHA512
07e5e164961fe5e24ff3f2272cae7266fe41ec928755e52f5d637aaa89cb711abebea615638930f690338ecc093c5dc225dd7d96de0d750e341cac008f64c0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
c857dd00748707f77d09e7f3f83965c7

SHA1
057cbcf5e94ff3d4798c0db15ff6e416c371bf32

SHA256
c83957ebe4165ba590adbb23350018dbfc6780b1fa2628a279dbd4015c8bc854

SHA512
a7599ab7fa441934ab2b700d42196944c06eb71e1dfb6737f2178de2266744043668e4450305966d16f68c9d7570f637e8ab0e628ce5941b2d3540cb815a9c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
132KB

MD5
41b7df5ec04237ec6b3036c4794f5c35

SHA1
96427203c3c3d361f3908ecc723537ab6773158b

SHA256
a12a13970dea56c2c93bae5d69ab52d0e96f0b068432f17890e3eaf287fa7569

SHA512
926e5ce91910419b092fa4b9f449f3030dc3e59faa8ea8b3a6a32ca6d7c270d0807e997d60b584a2605e27dc479a32283593ae961a17a48dd3db887da02d405c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
5KB

MD5
597937b853c023bfc7e6f6c89277474f

SHA1
b1dcb5cc97967bb2983b2d035d0a5699b134b70e

SHA256
a466e338d6e75b6f0006104174cd87555e43e83f6d255aa9ddd9f6975b0c0d9d

SHA512
e6e2de7c2bc5b28de19bebdda7a15f8b754049b68ab43b772f79ddb46bbd42c8cd8b4a696918834f1b2501f62c3bb39d86da0c9a1335a965e5553bf7e6751f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
a02fa8dc974bf74fbfc74ff64f691cee

SHA1
f15b8ffbcccdd3e112b6ef29009105653344d065

SHA256
fa1c6acd3b4da7cd18003a23ab8fe769f04a9d630e6f3a4373221728a6f4c696

SHA512
57efd534e9c236ac59ed85f655386e5cbb0236d5f5e0a40c35468f21978499317bff9bed657f9823bd1d2dd3825d03d2ddd7e4f6d65f4c2f9a3fe3d1fd5b9b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
148B

MD5
d4566111d77fdb383f70fc654f21df8c

SHA1
4d09fc45d866423caf2302ffb533a764854b62f1

SHA256
4512bb5190a898efcd8204943ed8ef5c3d113d13df4a11ffc238da98dc327f33

SHA512
7d13bb63268db79bf66a156af14837ab2382d419edc62f886d3f41f835c560f322c66ac3aa4638279933db7542a86580931a80dca4f9b854a0d48892e1620763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
c8723dc9a92166c80ffc163d07f42e86

SHA1
10237741c28103755f0582042000546bba146d29

SHA256
8ba7c3da6e37f7fd25ff3e60e8cb34238ab96784f8df15c55b2f81c7c83292fd

SHA512
b21c6a7b6e8dee1f4f5528924ea8316e649b7b5dcb21c621513ee9de04a3ca31a1ed2535bbaefeb1c69cfb72a8bb99dd9e2e7fb0ce29f7e319af3009940a2bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e72c416be21df5031414ddb61e94a90e

SHA1
948d776cb8f0ed165ce506add930e8af62737a42

SHA256
1700100903fcbc9ee76e0ca307eed87fac0df688f90970e288841d8b02833518

SHA512
ccf28c19e5adaf357a992e4ef62568ebd14f8aeb31ba566519b7a24a36c6951c76bdbc75d47ae3e6443338005f1e1431acb5913646c13bb9cba77382c755f69a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca3aa1e2218675174064a81bd5c6d475

SHA1
fc2f3354748aaae957c68cf12d171595bc6f954d

SHA256
836269922782598ff524950fcd28a256d9b7f988b4f79aa43104b8649107f292

SHA512
fa7e551d21a81f2622d6d425f3a05dd0938557bd12f912f0a12a40dd220ae0d03020f951969c5605f3bbaa9d2ebd096364d18562b3498645e86a093390a63159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
278abb12e78bf64a96bf406aac09fb7d

SHA1
c7f11ac0a065e2d10db7315b1af8f9c9ddcb41d8

SHA256
45465740c83af941ec518c47460d106044b9ed6c966258c727f510f74fa90547

SHA512
6cc38764fc856712168afc189288de6da26a0306dbdfccc15f589554849644ff486ab369930568a2dfb32c1a01428d5f9fa80a264d02ed1df270ba932b9857d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9fd868fa159c59f7c17e59209896e709

SHA1
6d68707dc96cdf42b9aeac0cc7a3312a8fe7ddd5

SHA256
19ca032496bed6d095929d99b14f3d9255202146218c2791ae6206bd71e01e03

SHA512
c49f8fac47f05ef519f6112d4b7c59ad5b1bc360df480bb53f08a9feeb18c6aa21550448a6df08c785de5d1b70c6412d689a02ab25985a8db661c02a5122b17c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cdf0e4860b9b4f86310ea6d86d665721

SHA1
a889442151cf1e64e70b19702c8deb717989d113

SHA256
3281598339ba9c90637e6db6f370ff91296a03fa3012e2b8b1eb534f9bd26f77

SHA512
3f7a9ca719b86d1afd43395cff96c4496f9f6a2cb2e056ebce2987dc39713448643a0d0446499564577691a51ee5ee4d96eded50dbf362344f15084af8075980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f351c4691f99aa1f6bea3d408309c8a5

SHA1
1b757c125696d09209eee728bbea3519c8d04eea

SHA256
06b4bf1ac1ce6e9cc4bac3d804f1ca6f0705f55423d7ce7b0466ff68716d5ccf

SHA512
3001c7473a81c9f6673ae946a986c826d086cd97b529923d68a868af713728c510a18a0fcf79bd785d61d21794bc802b08cbf6f122e28c37b957ad0a8f2542a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
57a5aba16cd45245e870efa8a934e7ff

SHA1
219f2df75461137b82566c28c0561e368f860288

SHA256
81ef1d2ccf4471bc9b595a8f511a91499d0e30a36fda0ffce9a65ee1172d18fe

SHA512
ee3c8cab62d37ccf5cc3c352e03ee8a35ad64b5ed6ff8f70146cbae5314504011f5ea8cb1d213b639fd0ab2c9f0338eb225d43402428ab36eb095e1781ca8b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
228B

MD5
ceeca0a1fb054805669148645cbc1f35

SHA1
e9e38a21ee127f55a71409d9e2b5f0e00cab7f88

SHA256
b0f296c1c71a3936e434411c22c739b515be8c108bf4d43df6083b08aaa8e7fe

SHA512
30d51171c707f4a12d8b452fa4da580c745b0bdafa0e3908205b57f7db8b31c2e50d4c4953d8441b5de0d939520e9a68681e7daed03aa78107a8fc9bca1d6745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt~RFe598a83.TMP

Filesize
235B

MD5
357e61d98c37068ae8dfce20a38744c0

SHA1
f55970eb8111fc88657ec3f66f70b8c6e81ae029

SHA256
a22b8725f26a0f7fc72c36c137c331f6709fa644ecf263a8fe88aff7eaa1ba52

SHA512
22e620b55b145d02a0bab431b684257273ef8b5750bfd45c982e782f5ae63d93b1534c32e04f15c18b377fd0df2088cc57d8101ffea8830320d61df4f37c9eee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

Filesize
498B

MD5
86c64b515eb5370b63262181d521e40c

SHA1
07a3670fd56939ad0e61d1e0a771353e7f7025f0

SHA256
920c17f5af09a8fc959245e9424f27702bc968954be19c0b21840c76f87707c5

SHA512
26cfa9e4dc2324fd94b731e15b1960f0b29aae597745d510e0cbc739f1d6474e5f233bc0d327f47d8ab7ba6a77e9f2b8eec9e9fd8ae8ecde85e54c4c209d4946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
295B

MD5
d0e01850b6c26d03c8e8fd00e563ec77

SHA1
27dab04c35769e0f1731f5cbc310fb73270b65b7

SHA256
f0f506a667fa40b687cefedb07b3616ba64a7abfa7340b7cb4317cba12c160c7

SHA512
cda268691926a3dd6d49c74c4b1ec4d9e26452d7b18259e86f0ce3dea9a06772ed92a11dfaa6e7f24fa618de972204b41bad1009ce4ea73f8a976ef55a3669d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
00362c4a64ccd73a54f696acdefc87d6

SHA1
d18f1042370c6dda1cb6b439eb107a8020414ddc

SHA256
2743da3486228fd4fe20f4668ce2ea1aef3b827f23176e77ebe2d20bc38303e0

SHA512
241ef856d7120d5c674bbf90e5397b10e61e2ab91ad410fa8df2aac34964bb5734a99701206d1447176591a95409d2d0812e17c72ad936b1719dfe66b213eef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598a83.TMP

Filesize
48B

MD5
bd2643da33a353185f5006dd9c2db445

SHA1
5832c0bc1e82f3c026d2065c4aeebe77d9bc0156

SHA256
d4fc968b1a46c1fd94088abef241c7ee4908fc6b32ae42e0a2eb12fc75098de1

SHA512
33c7526a0bf543c6d596ceb99df885caa156c0e100f25bcfe6d6ee329d2b5c3b005823d21ce2a0fccba2e0305433b03924b7a4fa0aa6d361f5853a3177d08642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
730B

MD5
c5288b1a5232ffb49608fa9016902ef2

SHA1
51b1e80df55f3fe30120551a50948cc11baf369a

SHA256
7bffb15ef3e5237c6a356773c063c1f34c08a8bb17b59d3dcaa731334b735859

SHA512
e2b925f64732b583f484d1eeff702123128d5148d735ea3271f4d39f61eb57d0884951bee213f48194348395aa1aae5df6f2b0b180fe4a819a0ba047b7e27a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
78a154c150fc437cd00a3b1aab0609f6

SHA1
433d6b6bc917e3ea2a37b2105cc7873445049435

SHA256
727230cc6d7ee7f71bd99df29b3706675c00435087b6db33880f8f4d8b530049

SHA512
3170d88829c9ab1d6f12104cf7c1d2728e771c0ecb437df96b4dab8e7dd5c7ed1896a91128d51274886d52bb6ca9f185212582bf40ff43610c03ae90a6e670d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367417225258104

Filesize
16KB

MD5
c9d1d7c4ba7d62043b7c7eaf96375fc2

SHA1
8c65f0f2726207d33502bb768a3b58f10062eaf7

SHA256
0d928f5ef9dd7ab328d45bfdeef2cf594dd42dc44af9894ee609be3a38e34855

SHA512
c1dd5feec7684874eb93e2dec0999c5c0a410683312a03522154f0c2684302c685e72f76dcdbc63ea74237febccb85c634bd9e8b8b805508c8b34dfc3dc9b72c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
a064afad93533b937e16831fe676d07c

SHA1
51032ba556a5a7ff5753a93e0189565531d5e921

SHA256
d159e0f542b5f069b2858b7f97c2c028985a149c492d0eedfc2037d4c238f7e3

SHA512
30b683a9e66284b74fe96f146bebbb66ba40d0d88fd21673b4e927ea98ce9c0bfbb5fc8c7acc7bede682cfa48bb1ae2d701ae7ebdd9217a8be866ad0401041d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
90a962a048ff31ff55c937a81bf8e879

SHA1
d32946655ad26e133bb2ebbc996fc3782533fa2a

SHA256
c3fb6810107f35d9128aed1a0574501be2f4b47c41653d9abf80369f82c4c525

SHA512
ad17dd66c5917b66d768ccd3b11bb67f4e3adcfe35fc5838897b884c8bf04bf1e374f1c2e4c15f22ef760da5b0fefa05f5ff216b2e8b8ad39ef19adae6ac921e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f8b80c8667be99572280d18d8f3192cf

SHA1
2b75ec1cf6b1508875a33816e76d64e615349a83

SHA256
d0b0a5907f9d4c333206be5356c8195d2d45d8167d138545002f2386e4e1ec6e

SHA512
3b077171edd0c8a52d5f7ed97cc2f2b9d9ae9debf3b271a9501cc7b799ace45c79e2d698592888a57f9fab7a3469a3a00776a636c5eafb07d8ecff1728cf4fb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8480f014a546208a52a5275ae8d5ad6f

SHA1
604412b204122556b865b39c92d009f42ec396a4

SHA256
3e0031a3388f5f45305986efc7969c60f53b12f543eb72afa557f7fedbb81912

SHA512
abdc5f3154ff8f92ea16ced24510c79ff2555fe43ef3dc402a55fb14bb1a818ea657c89cd9a986c261f4efe1acc3fe0ed14cb46ea66c336953b063ae4cb199f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a831f6ba63a20107a8971abef5a83190

SHA1
36ed2d4e8f491408c85e0cc842c81ffbae85d6e4

SHA256
55af40bb59982f23e2856b89fa4bd4c50b0bf2bdd3da89e92ea29cac930023ba

SHA512
0ffac7003f0a40c3d11a7c1dbda696353feb178353536fa53f8fc2d82bcafb689d0452799f35b9a7eaf27c57b09f13fbe7a87840c1dbdf56f78aecbde5392089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598860.TMP

Filesize
204B

MD5
27f953b48ec5d12e7a04e2d68ce394b3

SHA1
8d103070dd46f45daaae64a401fb42f9f0bc820b

SHA256
858dee08f41e6cc460f2382273591ec74b7d0e1710913e96f86796ea46cf2fb4

SHA512
af6b8bcf88ede93c1034debb6ce81ce6b2a2c05a56d67416e73c7ec6de6c364d320b8222e80543469c70989258abee12415885bbc41cbaa2c56602bbf255f47a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
48cc6fe6780a23e67ff5105a5844000c

SHA1
1469558541d49eadccbc2838ee15e9ea2c1a4fc7

SHA256
1a63a34f424bb74bc977135404b2001f2b0d5f523f34f3e0ef3aab46eb53d438

SHA512
7175f8c25eff4f447fcdec85e6bcf4586169e8963be6c5de5c834128e0d487b9734d774c8c381148d184293cd2a59e8ef200c00fe263ee247b5de95cfdf5ff5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
1.2MB

MD5
7f1c8f6b68353a0d90bc26e16dc2f9ad

SHA1
66e4b37c08d555bfb0576eecbd29fafa363768b1

SHA256
2eb9c4020d10b2ee368b91ffe2d8da5ee77da03c9f28d7a2eb489421d58f3466

SHA512
906957b41909f565758c6bbd0b7bf8e0e70a5a156256e495c9930f72c745df64162ae05294cf04b2f97b3bbdd8870d665ff6f442636a4936dd1a7e53d62b0c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
59e2d68c2537df22dcbdf44a2dcfeaf3

SHA1
848cf5a030100f4b38c850a65538dd70ec2c7ebd

SHA256
72e594d16c95ba6b38ac0d8a3ca41d0f5cc8698ebe38608562648373276f9361

SHA512
c53412e1ee191899b17c6d1bd749ae3ffe2fa2da8b4c127064f784f0c9c1aef2af35bad553615dec17dfbf143d0ee5ce8feabcc6810033bb19accfa32194a37b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
899d346ab89a70cbfd038fa8b6db44a8

SHA1
ece3e6b925165b7b5ffd6d9af05562ee46372a7b

SHA256
14d063e9aaf47c95ede991acd39b192baab1f98f84f67b2159fa941e2a3cd1d0

SHA512
732e5359fc04270f394c58f93ee5740b9e608fea7823a1ca8cf9b1f295df13f0a1171fbc7dd960950686b3e2a02b29c9a19f53c17c31ccc1f73b965a6118218a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
afd5a3f336af777c3b68981607e03651

SHA1
7964400f408650e3c23aa674d5e7270892b7ad86

SHA256
8e68756a7a7eb0927ace0a98e4de2f22a4cef5dca0f7c6a6161f5e4e34f7b35d

SHA512
c8158ab081b2738097d1712670115b0590a2450b74cb4c9de9a9c90f49d54bae1d78880998b5280218316e1c151a30354519d75ee2dcbfe9210caefccdf86f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
2fb038e70aa83d10212389e67a2b78c4

SHA1
03c996d398d17055138751c44ead3c5848ad5943

SHA256
f08515f1e00991d0745675472f8edb24bb8509d1d523072cf62f21421c3b9937

SHA512
9b8ce819ca557aa85c08a2086701df34f6c446238b0dac2dee8af4f9b3f738a8193f7cd21ebcaca199b72f0e969478ec15275b73d3755dd79b971cfd0a69ad02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
e1f5d68ff7604cffd91c84d4ba3eb8d0

SHA1
c45bad4e1dc601aedf72ff67958b37eb41d3b75c

SHA256
19528d7cc1f031ce19f3ae69c7cc3bc2c2afdc35104f3b7d452cbbb4cc01cc9c

SHA512
0d4b255318330272e90860220932c1408cf3d89f646c575e2c82944995c95a05b1b021a40ba34c4124443dfa0f3fc97e26add3b10e26691252c3d5901f41e004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
760819b680772e1f038109d30153deb2

SHA1
300b47a353cdf27f9a395946d81e1dfc288e3490

SHA256
677f247ef921567b233fc2579742699389c070127c162d2b76ef144d38415da5

SHA512
a7cfbccedf000da539473faf487811d222292141390a8180cce5673bc202ee9bbaacd856811ce5c255725e12fc08da01babbda149b671aca965ecb8bbecce707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
60e9bc9f30650bc5a8979ed44dd2b298

SHA1
5cf6373380dd975fc77d6b1bb147fa223c01a9ba

SHA256
e506c6aeeef44f52074ccf24463002dfdf07d2c9ce61361a388bc2653ef54248

SHA512
94d0774c8b5ff50977363a3be01ed6733e71934f28623f179022e798d2dabfb48365e05593eb7953eb01716092eff525a8282354c1258b9a45d2646092de774e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
16KB

MD5
8468a0d5bc1ac2f4f2b6183df040b979

SHA1
8e005205d30de5a0ed98c12d76caf5217d437eaf

SHA256
afc79070a7f9188ece4037d0bec4b66a50b0bbed2b5e4d6dbceaf4bc1dc98171

SHA512
0745ca258e7e2dab9a424acee028938e68e3ce953280f4ea6f89fc3287066cb229411bec263e9b5ed7863f18131193e5b9c4e56fa5b7a08b0be1407142d95f0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cbd20cd9013656a8fb077c8639f52189

SHA1
132b151c7228d3fcd398764dc93c6974f8298f96

SHA256
86128d11b3576517efbf584da30995fe2d57037fe040c79daba74f03455d041a

SHA512
7f44b61272f63775bcd19fbdae4e4b8bb2df6cd53fc02e51cf83b81861505e6f3c07753be01527347516813f4695ba1f73b37d36fd8d5b3151f7e731b0debbe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3b73fee36e6e22ee85cbd7deeed6d8ce

SHA1
257898b29744b0dd654ca1f84c08395dcb4b470c

SHA256
5d8b9e13eea76c979ee68b785f7a789c9143151f66bbb0b8e1f029bd1df19982

SHA512
5f05394d1942b0afebf23e7644c9a78ecf68bb30ae0b9381ad87ce6a2eccd913ffab7a4112404d4492a88fdc69eb56d74c7b05a72d160a7ace70fb217d8239b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6e7f838c89d79d9e60af607e0aa87a82

SHA1
f55acaac776bf48e51bd1c10ed11cb97c1a3b2ef

SHA256
1c9236a1b065481f1f0603117696bc3f4abc4ea16c302edb30b45141bfe4f132

SHA512
e535cbfd4a6d2f9ca375e7ddf7dedb920b75ff63cac6ce11760cd1e83921d52ff8bf88969c65aa152f4aafbbf655746f2c5a45efd3e041e4f4bbaa43637024e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
f90b244a5fa8441298c5f4c58187529f

SHA1
735599849ab86b0247d2b677123da114a5031a2f

SHA256
23e7f1da837fab9c5be529e0f000273850b3e7011946a2bd729cf852eabf58f9

SHA512
db8f4afa4422c68b30b60e4f7e15fc5808d8fe1bfb2b558bd59a5ade838cfabc73e0511fe911eb61a9b9942fc01e3068b121ce6d87720cf7bd7601880798da56

Download Submit