aba9d814f1af03fe68cd859daf9946db057a2a4c0b2486c0642e67dc86f06770

Resubmissions

19-12-2024 18:33

241219-w7behaxld1 7

19-12-2024 18:28

241219-w4anssxlbs 3

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
19-12-2024 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Salary Pay Cut Letter Jan-2025_298735.pdf
Size

84KB
MD5

ec49a7c01fc2c5f9041a46b5fa1c000a
SHA1

555940c2f8422fe5a26256e6fcb0d7f0af7b522f
SHA256

aba9d814f1af03fe68cd859daf9946db057a2a4c0b2486c0642e67dc86f06770
SHA512

d66a440acc52d236163ab1cbe1772e7be2d9a1866ed5db0eafbf0d382f65da2d13232248344fd2de8a664dfcd0a01bfd48b478523561b196e1969467973b54d2
SSDEEP

1536:nxL9oakpfN6q+sHo79HD591+NlGj1X1JWlS9ryFU8dSslg0yrDFZ:bxit+bj591Ck1D9MUgSseZ

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
1752	msedge.exe
1752	msedge.exe
768	msedge.exe
768	msedge.exe
3220	identity_helper.exe
3220	identity_helper.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
856	msedge.exe
856	msedge.exe
404	msedge.exe
404	msedge.exe
2088	msedge.exe
2088	msedge.exe
3064	identity_helper.exe
3064	identity_helper.exe
1436	msedge.exe
1436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
1052	AcroRd32.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe
1052	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 4264	1052	AcroRd32.exe	77
PID 1052 wrote to memory of 4264	1052	AcroRd32.exe	77
PID 1052 wrote to memory of 4264	1052	AcroRd32.exe	77
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 2820	4264	RdrCEF.exe	78
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79
PID 4264 wrote to memory of 3220	4264	RdrCEF.exe	79

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Salary Pay Cut Letter Jan-2025_298735.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4264
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DEBED2D846D94E6A33ECE2CF8C5984B1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DEBED2D846D94E6A33ECE2CF8C5984B1 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2820
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=57F82348C1E973A773EB4962F0C4AFAF --mojo-platform-channel-handle=1764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3220
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7467FE8764CE92759A3F32454E931BDD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7467FE8764CE92759A3F32454E931BDD --renderer-client-id=4 --mojo-platform-channel-handle=2376 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1224
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=48C644F6FF65716A3490D5BC4E95FFCC --mojo-platform-channel-handle=2704 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4388
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D1CA7AFEB13C6D0C9C64BED48C60AE66 --mojo-platform-channel-handle=2032 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:648
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=92B7BA917B640AA2FCFFE3B28CB10BE8 --mojo-platform-channel-handle=2036 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mic%c2%adcar%c2%adom.r%c2%ado/officexx/#[email protected]
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff852913cb8,0x7ff852913cc8,0x7ff852913cd8
    3⤵
    PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2044 /prefetch:2
    3⤵
    PID:2660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 /prefetch:8
    3⤵
    PID:4816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
    3⤵
    PID:1896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
    3⤵
    PID:2188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
    3⤵
    PID:3140
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
    3⤵
    PID:1860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
    3⤵
    PID:2096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
    3⤵
    PID:2264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
    3⤵
    PID:4068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
    3⤵
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
    3⤵
    PID:4676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
    3⤵
    PID:4832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
    3⤵
    PID:2188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
    3⤵
    PID:488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,12787592121804418588,17210250047477576807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
    3⤵
    PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mic%c2%adcar%c2%adom.r%c2%ado/officexx/#[email protected]
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff852913cb8,0x7ff852913cc8,0x7ff852913cd8
    3⤵
    PID:4456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
    3⤵
    PID:2788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
    3⤵
    PID:1448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
    3⤵
    PID:2932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
    3⤵
    PID:3316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
    3⤵
    PID:1984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
    3⤵
    PID:4872
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:4948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
    3⤵
    PID:4300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
    3⤵
    PID:3456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
    3⤵
    PID:3840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
    3⤵
    PID:4932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
    3⤵
    PID:3096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:4860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
    3⤵
    PID:1604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,15353583698866628374,16318362222965421471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
    3⤵
    PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
16d48e9e774a57a9b0847fe2d25b92a4

SHA1
d138ef7635aac2d091c139b63ba66860e069478f

SHA256
b7747dff2c922b50f944e5600247dd4fcc7ca9637f32d39a09f975dda8991ccd

SHA512
5cb0d0bdc8e88030eb043f46b99668edc1bad07ef3fca6bccffdce23ad1da15a405181500212b1036ba9b916b2c631d7b1398347cc774379256471e4f8bffde3

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
76248f4ca28bbf08afa515f55ff8a23f

SHA1
5730feed1ffc9171294badfa26fbad256535af9c

SHA256
d0d8a16650a94e5f937a446ae74ee566367089be78f1ce9832c51e2a583742e1

SHA512
400aa65d49055fe76f82e86e1d2665f39de7b92926a13209deb1509a4d68c01e6511d86dab5c08e1831de333788a04366a3d31d45021936d48a863f4ef2c428b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8956fdd8a81812861268518117d3da32

SHA1
6862b764b28d922a11845bd940849c313e04c583

SHA256
c93f57a78ad76e23e1d86a9553e5fad085e40d85e97d62295cd5735f0b9ce020

SHA512
8f1532f7aad5ddfc56df1a629c983f8ba948d23c66371eec31393b6e1814ca3a37d14bc79bef6d74e27a5dc150d13b8c331a9a8300fc63f541c79a964d710088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9adf0d627a11f8e0b5f0416983972d80

SHA1
903b846660c25cebaeccaedf9999d5fe1663e57f

SHA256
d5836abdd978a1db4706467de2c4fcc9be2689c030baeb656078544e642ce2b1

SHA512
046126338cbf7ae2956d60c4575707eca12cd2c316410f03265f7766ed5a2888a807e6e050f6190fc9a1c424f6a41ab924e76bd73cbe24257b523f09f8af9789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
5691991934185c08200e05498c123f5b

SHA1
984626d4f98dc353a9f8fdedadd3d2b181a0fd02

SHA256
bac531031f11cc6360678277301bb0fb4bc514c319e0a548cacc59201a0a8797

SHA512
b4c7bd8b98b1561f5cc4a068ef2cf9cecb68e185110ba495bef28c6e014a3495c05d4b6b1ce0827004b9fb774cb2313fbfb44b2c51d2aeb33fc4457d4d209b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
e9c91a2fcdf5acbb7222e1bfadc46d2b

SHA1
727566a31ec72322e1352b384baf45bd8e097f9b

SHA256
77c75450a777d59aa6caf1d41c79a44dcf1773934ef018779a023ed338f0920c

SHA512
0d9a8a451b93dad86f42c6f8666fc10f1773f53968f93e513cb256c99812b95d487184f35643267ab0270c43e8f56d2f07b47ea3928e9e0448364b92ac4e66b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
676d97722ca85cf27cf3e7609dc82c7c

SHA1
e7f15aa9b3289250b34db3e5255613a3d7531d91

SHA256
00f1b1a3cf6356a944f7eda6c2bbb5328fc2b61d8924ff86d384009e2997923f

SHA512
5269ee3fa69a76585f1e190e3ac29fe6e3d16e9d666c293b8186c14b82ddac3c4025cca26496ec2cf1310404eaf741c13db8d4aa3f31f0e64ec26594f44b68b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
16KB

MD5
ba1936ccad1ac8bc4410f222a1847981

SHA1
877c7a32f4eee5aa7d9a628bfa8769c6887f4f0c

SHA256
3005882847c7f28e2211be62a4318b733b0e37c5c5d03dabfb93ef2dfbfb10c7

SHA512
a5a7d96c98d0536dba271b81a898383b46d708a1ed38bd66db45399f0022c00779f7139dae311eedce2e294f013212395ba3307f1f439fd4d8516008e207dcf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
42KB

MD5
f2bbca9d53c93d26d6fb872c342ff974

SHA1
586f4722b5f065b39fe28f8beeb5f35bca5e5ff0

SHA256
97484f6be071802bc804da2efa6cddbb98e63844969e9d92daf713a6afc4001b

SHA512
62a735246a59ee5e7327fa6bae0dab5e2aa154d5dd3709405105850451b7ab59608c239f0ce06f92f604f7f02e8944740b15115743197ee149ae0402705c9807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
314f9839ab642768ef960aa0e3825402

SHA1
6502dba3c026360d1f0a1bac4f2245c308474b56

SHA256
8d426c725ddba25355f218930ee4ba29fc47a450d53209346fda1dbd572d9eab

SHA512
9f9bcee0e5868fa7c1b83a753401d987fd3995b145ed319ae15a01165ed4252e1988cbaa104d1c8f21820b992def2bc6100915b3894dddfa0d59b07b9ada5269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d130f736c440315_0

Filesize
222B

MD5
af9c83cf64855bfd463d14cf31db1ea3

SHA1
1aaeebcb0f925579a2b3affa2be4189c51393120

SHA256
16ca3dbc8c6584984876dabd45f4e8284943ca3a3ea41eb3af7f35d00616e535

SHA512
d68f53a4f221d032341be9c668b6cc0a4c8830ba35f9b89f6887f422c8398057120211e2ca0dd2d7e4881a98f44c9fc26cbe39c2a794df395f15b7c8feda80d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca143af04e9ed163_0

Filesize
226B

MD5
49164c899e867a66ca4bc7cc0811a0b8

SHA1
72f274aa6566b4e80dbd2a0decbae68f5f2485f1

SHA256
83c4ce0aa0088c7fb784c35ee7a74a541a6fdbcd8dd9c0a07fc707a5d8dd26e0

SHA512
9f0338f9bc0883f9dd8569a632bccf88ef8f465148ab0d696a83da87436d6df91828c4ca20782913df7f6ab15788797c44c71656bd66a7c45d4b4ef63837f946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2266aa635144491_0

Filesize
213B

MD5
8fde3dbca76cf5f368a1608ea0057689

SHA1
7b7ce86d73389e293764e6a0080a2de7380e50e0

SHA256
32033ddc56165615aabf36b799409ee07d4756e888ea8f6bcdeba2f3915004d4

SHA512
e32f1151ae501e3e17182c84afe1e84e5d2050f481b738b1ddd1a5598b2b1307561a44623fb34c926c4795165ab0c01aa2278f58463d7f03f9c04d7e35785304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
5ce1e403c5d80537fc8bf445c21fed79

SHA1
f863d9faf6bccc9d52ddfd136356346549098941

SHA256
d10d4ab89da5acd6856bd6aca1bb8d5cdbeee4b79c6066c5df5a284df4b64c3a

SHA512
7edc30fed15ffea37c5207b2fa5683070e9fd8d3676ce189b80818ae386487840126383d45285d480afb9e5e9a03bd8971105f731a144c8c556d121492f9f119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
dfdf02fac284dcf3b0246ed6fe1f7bd3

SHA1
aad892efbd1877a0e89db6ce2544ef588cbe73c3

SHA256
c41a44b608fb201f6920a576827bda07d4ca0abd0aff01274ac4d00f4177c3bd

SHA512
22ed77650c50b1a0bcce74e403f50abedc95ab05754ff6113b715de183699622b04564e33b52c1faa83cd8c722b534038d4bf96c67bbfa9727c87d14ad9c7046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
f9e2d9a83f9183cd51f61c3193fd6f2a

SHA1
381bc14a617148d072c71f1f5d48ee6ee17768c3

SHA256
cb40ddc5d3e8de0b513f65504e3dd8292b47929dfcdb7d9392f832af76462b37

SHA512
302140f6bce3939db7ae0fc7d9223683e9124fc3800681a34afc8015598abb0e98182ac9ee4347d075be37fe1c3bd4537aa64c4697a9de0c9b6676a8f27d8c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
98aaaa7803a71479a452667f8409f2d1

SHA1
e6f9bfbd4525db8f39b2960b600a982ea62af423

SHA256
2032d6cef912d9504ac6bf2c37ac4fd09473d8458b76d8dc53a1c0cf4006214b

SHA512
925f04bdd46515cfecbc88781c4b119998ca4a6e9b192a4f8511ff07f8be6fdc75138825c28e7b40cc55cb241532cf60747e4ed478f7886d7cdbeda32676a596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
6423efab7aa6efd114cb0173e3d297e4

SHA1
14ff317237dd4a6971c0dddeef966a8c3c5acc3a

SHA256
4e8145b5cbc7c5bd3ff18ff54d02131f90e5b9aac3bc15dcc28e2e5582a69141

SHA512
707683519980a377b00ccc607792c54aa2f67804ee0549e80c589d2d2dec21f98b65b9ce08fff8eae81518b117eff02f48e1a0490d9533cad232dc6928df4429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
d3bad54935bbfe86d351e2283af74973

SHA1
2faa65700fffd777311ebbef0e4782315ba33828

SHA256
3ef8489fb7e4bc8d2ca290bf123f75765533311ba329431e9aef657ff175a384

SHA512
6b2bd81c99ca48104d4f802db2ccf9db79dc2823355c6644e5bdb870632db403a9abbaf3fa270753b35878ded119f9c459459d71bde41a812dd488068d82a84a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
f1c3d413505828c0813e799919a976e7

SHA1
6a6fddd8b7065bd6f0bb0f3fed946cbc3d0235ea

SHA256
2a7248dd1a7806a8b9d782af83a617961db97e1f5ef2a6b9daae40885c10b35b

SHA512
8b42d81e770c48bb374f449676a9f73bc4ad2acd224dcb991ca41e42efe5c55de6e589dab0a91f287002edd9087bb455e9d16f91a26b4ad207bc7612bb41fce6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2d36a2eeb0f8f7b528834e2b64487063

SHA1
ff2a172bc0de8b7909637a8ddf1afcbded0a1674

SHA256
f2258260c2edfe9743cdf0a6349b728640055e8d369435cb540d174610a802d8

SHA512
1885311d3d1affb18c712395b3a431fc155abce52b8ef14151660d57c28eb2d3d4619fa12fff0139c67fc102f04741ee2e632381be8e79b28158a9b28f911139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bb9b64fe2a72d6e8d9b0d1b9ecd3b429

SHA1
5d9f3a5d5554d2e90bb872d76c2dd2d4cd4910c6

SHA256
b4b8258f0b31faca90df9ef3a8cccb704656e7d38492523f933e7c9129727dba

SHA512
060992696733faa2b305ce35b5f058aea4a3a4cee3eecb0e9cad61a1d909bebd6cbd88901827820738ca7147333bdaec0a39568f552946d60cd9b7849525426b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b6379c1c0d94c05080e568491ea4c70

SHA1
56854c455a47007e19eeb0ea61f8d572f7a395e1

SHA256
982273c9b202f6a96b1c3cc50caba82c1ffc05142435c4cef6a9c27382e3f9f4

SHA512
e0aac168a95d9eaff000f273f2f2bf7a1b64391fdf26a26b15d1950d437552263de5db9c7a0c6928b512852986751901829031fc6c495589a31c9108da9ddf6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f15defcb743e3f88765ba9f387e443d

SHA1
e18288d7176277dc2b98c196152215942f53a081

SHA256
71964309418c4cb67601fb571716f30ea2a203799309730b629890130b894e92

SHA512
43044f4f48be759020bef8af61e87fee905ec3bd376d6a451af969d8f576db9b1adea1a0f6bbd06e41b2b09b20cd0716ff4c4bbca786bc9d353de281da53baee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
019dbd3c5c0679971e1b850217d9ccad

SHA1
f10ce99e3a4e4dcf433b67ce98929b0862c676f8

SHA256
dd87795757e73b651d30faf0d89ca1a64fcfa9900162493bcbb45690936557ae

SHA512
2ff447cf11faba2d71ca554659e42cb6aabca030f1e488b311c181b52226a7dae73a694b6b2d47e5809eb83a6d16fabb931d98024ccc48ad37bb27d4cdc5747f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ef1e4db1353ff794bc96760764293920

SHA1
51b2e669ec44ebd26a78899bebfa0b44c7e6c53d

SHA256
6074b95ec908b1ca4a8dbeb3190f82261aa175c19c885e6f669203a252a0e909

SHA512
149851e7171462d7dd742a0643b71a756cd6284b3e8bb52049412e85191a4524697d517cc2f86e91ecefd749ea0e6ab485362f3c7a7d068a6912c04d436b1c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3af8f05b2de294d5b147943729af86d0

SHA1
3bee692044370557575a8210e987aca1b0773ab0

SHA256
c43d4128f4247a220c3bae8d419c95c01623c58b77d18d06a84d4c424549ce93

SHA512
abbf0396d8f2890e27921fcc02e9cfe20f78d4484272a7dec4a4acd6de2d1f410177f990bfd2a9702a3f17c2648b7bc1ba14ef759c9afb4c1ad1e6d296c7a0b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bfd19f368b4e253bd7e6cc2ddef86feb

SHA1
c26f930720176fd7bb4aa66cc77deccb6d968955

SHA256
89a8fb5cb2678b6fec40aaa8dd103ac7f2b4cd36bf687b35ab470eabfcc3bfb4

SHA512
32f1ba51a0eb7fa104693e25d99d44dc2b1c029c6d22f25497b23558d5a52486992a389af7d63469169154d5c201281ad047fc82151be7574530275a46bd0ba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
67f5344e44639d5784cb154d2ecd17b5

SHA1
6e248fdcb95b2c3b704ed1080a59143a4aaba831

SHA256
d4586755f1a3cb80ea9f029101b01dee840fa9f6c606f9812d19f7ced405a957

SHA512
8236e2a89ff09a358364cbcb008791dbc64622ec2f86db70f82ab8367265a092958df4b8e625669eb957048937459e3e07a73a9f6cdf522e27d41b90aada94a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
358B

MD5
be6a47509e436fb3e50ec0dd1a104262

SHA1
7f576f660d46282e6bb8444dc5293f6b2b933829

SHA256
293dab663299d5d6bb72c77e6103d92add23c726e9d3d3ab64ffb7d4462d00c1

SHA512
5bc54b72d4a61388ce79c144d7006a168ffe437d18beb07bd09c509695b9b76cd875fa7ed2336d3c08ba556cd5bd3d8336ac2b8e1633859afeab922ffe4fb32f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
05c271d73a5ba66a8a99090ba3d5132e

SHA1
80d4527ed70fe579226798b8097845f307dc9b07

SHA256
ab56b3379fc4d61e045208e7ee1f8fbd34104fcee6b2b504e9330399536d3c26

SHA512
503976cdb205faaad88aaaac4e842bbce242ba980e5fe3036e686ada7afda4ac04b53156f9769f71a6abf989fd1b26f50f61345410dc60450f3a4c806ea8870f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13379106811091605

Filesize
1KB

MD5
f798b4f58cfa241196bba63e95eee25a

SHA1
4dead8bb01908155e2ae31df4c926d5e555a7ba7

SHA256
0807e25a2191fe7f77baae5bb294c49376682eb1411e69c70e2af147f3ff4746

SHA512
dbaf082cad5f8e29932b01694a13cb5068f830187484bae8536cd8becb2e517afb0d2f80535114dc8840a40cc8f2bdfc0f3bf69b9e470e611dded8033adba684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
a2f837306f03b45f9c46f9c8e24ff342

SHA1
63605cf60b04c77ddd70a609e587775da6a343d7

SHA256
2679cf33168609fccc660940fa73191a23fcbbf27b4fd2f1af6e778019d35a2d

SHA512
a8eafcc69f36716dc6454da56454cdc0108081bf65514e9c599af57044fd23b6b2fc2371a586d15f8ba7c537c14b9227fe1b73aa9c95a5911499a76c414846f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
8413e718520037153b6b74182807f127

SHA1
dd599a4ab1bcdb4a9762eb8ed71c32e6b9889139

SHA256
634d2243c4325a6c8808548ca051acd26179edab22e2e4ee4ea559b9b9fd0de1

SHA512
9a73070fdd5421d05fed907693a8f14dfcac14c536f9daa610aad4096357f0a0593ec26fc21808ebceda13f093e13f4245f7b53caa434f74ce0eaa398261290c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
ad8a607710837a1420628407b2666c7a

SHA1
c8fa7456784593f6f16535d861beb7b8b2e87f8d

SHA256
43b6431a0a69f1ff008d149bb1af87cf0d4f1a8f86640696dbf25cd3991d61a0

SHA512
ab68b68f8125f1784bd08bf6272338b0017d93fcbd8cae5c58690c8e29de26469eb002dc85e8de56cfb9182ed0dc6ad041ca5f70c02f8ad59d3b8d526b6a50bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
801f41ae0eb364c9de4cbbc664dfd9d6

SHA1
b5121f17c1c447473630cca8af3cd42785433bbe

SHA256
943f3c5f3831dacf7fe56daddbafeae81bf0776b25f5b3471a479ca5229607b5

SHA512
1dad1bc379e4254f5116f264c25b4329af18f952cbe7c635e056b7d9d9fd8a7a9a983a7d633292247bd30383bcd5193a32e7aba188268ccfc7fdabbcd4cc4a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
f3bed6f5a74db8149c4668f51a0fba24

SHA1
813e27b38fc96566fadd8209a7e0653bd5751cb6

SHA256
4243e5fe743a618c58c080f1ea8e31d38ed4736d930856b50dc33f282bfd1789

SHA512
1f050c40979200a3848f16e69fe1cf1260d9b75e5faa5e8f5c938165ba0ec99dbe2edf965b00012f8621e23439468f0f3e07fcdb3dabe480c4673eff4ae4996e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
15cec863648d2373eba3e86cf02aa758

SHA1
33689d69965f3ccfd0b80882ed8cb0edf2493d4b

SHA256
0116f3244178097d880496e6b46896b532406499c2351b73190f93c22f0f1f6a

SHA512
37c9fd20145570140185a3424ba6667c350c93e53a008db62c43b84bdcbb28e828ad54f81c70e076bd669984ebd489cac946685bf24554cbff03a3a73392d991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
8ac55496fe24df0b6b815f4cc20365ad

SHA1
6645c7e9f660b256f401cd9739320090d53b5e0a

SHA256
f2452761ae4ae671417c47f3054ffed5251e8e5160f223da959388f994a3ae6d

SHA512
9c7bb22a79e9df9f0d43cd256867ba278df9966b73be390b74d5ef8b01f4a4e984e28252073fdeec228604c8412076834301d137775cd6a92e8c9eb0dcd6645c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
deb21213d17ef68d904919507c3fb833

SHA1
d51c565ff2306141add1f025a1607360b7894f6e

SHA256
e4b223f952187b343fa97cb206a2733e5d62e241542c16ab2a256b675fd1f8c9

SHA512
8e120f63a1dacaf242f3ec7e891b4f336c1dd1ebef79cfd0e683ef50fe759380d0d51cbbcff67e171aea1ae55f4d6006d278478d9b64d5dea070eee0715ee241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
cbc17bb48b28c8d0752a359e46e926d6

SHA1
c9b5abde39d0eb13d64225faf38e43c6dcf7f542

SHA256
5cb50a22d12ce65995c55f6a490ae995ac850cbf8caac58540f01ce8db40c19b

SHA512
f1cb51a1ca1ab0d19633ef07879e5f58dc1394168c3003bcdbedbc5968a9bd45e53cfc48a35951dbc9b15e62c40f64e5cde8add60784e70d17d5d5acc059e89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
23fd2e872915015d41697ba20753741f

SHA1
f2fc3ac5fcaddd6aa0c5a5dd37427534fc11578b

SHA256
79ff2910785000899cec8ff46cbfffbb0def14fcb6b013e81b86130a9f33a591

SHA512
5faa3d56f9d97b8450eb13dd468721438dd1decf59d6b771a1486ba959234f70b96ae4995edc64ce79f2282f317026f6dfcb604d74074483c848adc2a7d87341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
c84eb84a0097e6dcbd1941621ea5428f

SHA1
0b49df0d6fd50f11bdfba8e54cf6e740245d9994

SHA256
5d681b2b98ce27da719dade1e7e9e516d07870bb865e7ffe6152d1f99a50b3c6

SHA512
280692987ef1902ed03d8781c3d45b741d6ac9ae4f21187e012dc27f40fc6ed1b65b721f4a566e59e5dc36b862bedfa1975ddcb91c022869e456ce068899b8eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
8181d41b13e024a49f03f4ad61a740e6

SHA1
47cc647f8f0e191e32781edca4c89e9fff1c9b03

SHA256
f5d28d9f574f99f0410507df74cf991a968bd6a3d89862452c5d4a46c43cb1e6

SHA512
6638c5d1e385fc62bf6b4cfb78ec42fcbf7a8bc2274adaea192e6206dff04cd3916fe57e1c55ae16cd368f86b53350c787b97858bfcbff59320a110ed6b3ccc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
e31313ed3a7a3d19b04e91a46096a22c

SHA1
01a700a5e315bf8b94f1e83ee3b15fd1d678ea1f

SHA256
38dda5208cf2ed8ee9b0afe55892ef16b46fc753d058536e8de46da91a3c2c6d

SHA512
9bd595c81400a358cfde65427e18190ba94ebd53d40dd0008b6ec4c741736b9bbe0a0890e2bcee6bf6f2f93ffff888ceff72cdf00fe5687726ae1f8379429796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
897ff23dfa64c55dfa622a3228d64a8c

SHA1
94bf7530899c6ea12505448f5ab8cceeee38847f

SHA256
6c599e62b6450935de4ae7612918dd6ceefe6c0f04b162e9a3b58494c495cdcf

SHA512
907affb3613b9b2c4dea28bd10dc6dc16194dee0ad1bb8a674edb55dae98ace532bb1e231f6512dc8af4b61c95964ef4325fc385f432200e21fb41cb9f9501c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7d69d08584da9da6f341ec03d977e149

SHA1
abca7057bb843ea2722bd3557e74630934dbecc5

SHA256
a29a4ed5958454c262415956648d551d6293cb187a6e2f16ce36c93ce7f4c954

SHA512
4dcdb69058f4c30a08e26215b9780e8e7c0ad89c7d6a26d0321604e04a478a1635129861e217694024fcb9b4a7eef9400f68372cb06bb3c149d81059b3d29929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a437842504e4b77daa9ac525768f119

SHA1
327eb9695c2e8fe630857bc25aaeb2ba828ee0b4

SHA256
b614d2454fecf29f64521a51208ef641d9c206a21ff504169360a09342296fe0

SHA512
a813878142f75e94fa854cec1aa14ab0cdbd9c49b47e93991e986c8331e2f2c7147954d55762e096d2f9f4bf7a39a46f087a754b0b7cbcad582efb27e3ee1c44

Download Submit