Resubmissions

03-05-2024 20:17

240503-y26pkahc82 3

03-05-2024 20:14

240503-y1dbmaec91 5

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-05-2024 20:14

General

  • Target

    Volvo_Distribution_notice.pdf

  • Size

    43KB

  • MD5

    3b42048dec68b9b0ee00d421b7a4ef3d

  • SHA1

    989d72b7388bcbda729e9235e7f004815afe3a73

  • SHA256

    e9b0a63bba1373fda64862b5fb883d05a077075b497e4ef1db08300d5430f5ad

  • SHA512

    4c926ec919b292088770f3a1e2160f486e1d13ca01c7c26fe98f324298ee293042c7469ad60167598f281c219cef69bcf6df28cb1d9438704ad5d8a9eb2f9199

  • SSDEEP

    768:jEPqKWFOnz7YFUJexce32AzsdUqvgVS0F1fttymTnVwRhYSAcRNtDObpskS/nLdj:uqJFk7lJ22OqolymhOh8c1Dk8/LcGRdj

Score
5/10

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Volvo_Distribution_notice.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:772
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4652
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F265618E807FA8BA362A4F25E3796C15 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:3188
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A2ADA72BDF439BB33E054AAA8086B523 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A2ADA72BDF439BB33E054AAA8086B523 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:3944
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=269B7FED57F525E0B433198772FE4D75 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
            3⤵
              PID:3564
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B956BA54107042E67C045CF6EFD1DCE7 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:4588
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=140B49ADAE5B1D9A5200F05392C2B108 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=140B49ADAE5B1D9A5200F05392C2B108 --renderer-client-id=6 --mojo-platform-channel-handle=2456 --allow-no-sandbox-job /prefetch:1
                3⤵
                  PID:3760
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=23BE5F144791987ED86B63494DDA4703 --mojo-platform-channel-handle=1936 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:116
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://down2earthincs.us17.list-manage.com/track/click?u=a6722c149df2e70d2e90b77d5&id=0c16d919d5&e=627038960f//#/?//YW5uZS5tYXJ0ZW5zQHZvbHZvLmNvbQ==
                  2⤵
                  • Enumerates system info in registry
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  PID:4048
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe30e046f8,0x7ffe30e04708,0x7ffe30e04718
                    3⤵
                      PID:404
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
                      3⤵
                        PID:4396
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3376
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
                        3⤵
                          PID:1536
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
                          3⤵
                            PID:1684
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
                            3⤵
                              PID:2248
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
                              3⤵
                                PID:4372
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                                3⤵
                                  PID:2420
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
                                  3⤵
                                    PID:1192
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
                                    3⤵
                                      PID:1776
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
                                      3⤵
                                        PID:2596
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
                                        3⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:5136
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
                                        3⤵
                                          PID:5232
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
                                          3⤵
                                            PID:5240
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
                                            3⤵
                                              PID:5452
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
                                              3⤵
                                                PID:5460
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
                                                3⤵
                                                  PID:5636
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                                                  3⤵
                                                    PID:5836
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:4976

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                  Filesize

                                                  64KB

                                                  MD5

                                                  cd061944c3e9f3d68d442bfbe626c482

                                                  SHA1

                                                  9a66c6fbd9a565c5eb5e27ea0b82c44660ba3763

                                                  SHA256

                                                  814d89d320072433b569fb45b06624e98c68e0e18bbff9d55670db916d69edd0

                                                  SHA512

                                                  29deeb85153db5e2fca61a5a733c269d11273772ec091a9fccb7d5bc494a7d85035119d58b99504c9632de2ff8e960c3bd85c5a4c8be2ec55555fede9ba50fac

                                                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                  Filesize

                                                  36KB

                                                  MD5

                                                  b30d3becc8731792523d599d949e63f5

                                                  SHA1

                                                  19350257e42d7aee17fb3bf139a9d3adb330fad4

                                                  SHA256

                                                  b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                                                  SHA512

                                                  523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                                                • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                  Filesize

                                                  56KB

                                                  MD5

                                                  752a1f26b18748311b691c7d8fc20633

                                                  SHA1

                                                  c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                                                  SHA256

                                                  111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                                                  SHA512

                                                  a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                                                  Filesize

                                                  471B

                                                  MD5

                                                  5a1b7dc69422517f419c1d346f0e8ca7

                                                  SHA1

                                                  176b927a09c0a65a73eef2250773ea6fe87ca092

                                                  SHA256

                                                  54a22bcde4bb6d75f00df67ae39634046a30e9787a1c28b2c0d6363b85b27028

                                                  SHA512

                                                  7e28633267fa355bb62660f354ca2cd9f5ab9bd56f952cf4d230121182f62dd5c3939dd92902b06609f1058f7ed7b050bff07355840df9433b3efff14814719c

                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                                                  Filesize

                                                  400B

                                                  MD5

                                                  ad3c31726aae9b6578f720d192165ce3

                                                  SHA1

                                                  91365bacee18892db53d745cc0e19e27963e5e73

                                                  SHA256

                                                  f6f989b21d10cdb419e30ac7eab8f18a14dd427ebf3651eb67918df9d21f3471

                                                  SHA512

                                                  ac2b7cf4b6821ac5b7c25b00f9a3f9db7fc85ff1ef7ab060f315cc9e68fb0fb249e1c53ab7ff903cbc01c46b2fe835fdc4d73d7f9c5f0b3df2a6f21eeb05b790

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  152B

                                                  MD5

                                                  919c29d42fb6034fee2f5de14d573c63

                                                  SHA1

                                                  24a2e1042347b3853344157239bde3ed699047a8

                                                  SHA256

                                                  17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

                                                  SHA512

                                                  bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                  Filesize

                                                  152B

                                                  MD5

                                                  8b2290ca03b4ca5fe52d82550c7e7d69

                                                  SHA1

                                                  20583a7851a906444204ce8ba4fa51153e6cd494

                                                  SHA256

                                                  f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

                                                  SHA512

                                                  704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  6KB

                                                  MD5

                                                  8abbbec80c29c5adbd2c7ab3e143ba91

                                                  SHA1

                                                  ebd17cd45df247fa35b9d4ae2c5e161f17b8d5dd

                                                  SHA256

                                                  18b67ba24925b4aa17a0976dd341c3c9b518c5b96820d590ac5da6c0d2ac071e

                                                  SHA512

                                                  ea7212aba0427eb2b9c8b19f9fc928a00cb9328093f42eba644e7bf5c76a7dbd333cbe8ccdaa5d3fca5f9375b29fba99d97880a54c9d576355c504aed8d01deb

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  7KB

                                                  MD5

                                                  41828e5fb2a0f254d943ee06b6390139

                                                  SHA1

                                                  0bdb193082fb87d157ce19a0c9c86a1011c28de8

                                                  SHA256

                                                  8ad23751fa160e4737f840a32c4de7e49f483720f89c7d99de12788fc9fa4d94

                                                  SHA512

                                                  ecf34b7ee5484fbc1b2988f0dcd2c001ef493e28a81780def3dae4e50d00b43fe65fce2f55cc1f7e2d130870323321eb69de19dcdf7588f16d8868c4705912cd

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                  Filesize

                                                  5KB

                                                  MD5

                                                  6fb2ecae97d35f8eecfa9150f74027bb

                                                  SHA1

                                                  5591c7da7e0850ee18b33d61853ff1eaa23cafa7

                                                  SHA256

                                                  29ce4d3f6e3f185454f39b41abcc0aa941d8fa48879f5be05d1e362c3c46f5d6

                                                  SHA512

                                                  a3240b806c2b81a329733c8c724ae28b3c771e99c8afa8b18699526a3f4f4abde997957af179d423e4bbc529c754a4af68fa08f42d058062b5ba718d5252ebb1

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                  Filesize

                                                  1KB

                                                  MD5

                                                  df34f133864a442f3781949e5e0d07f6

                                                  SHA1

                                                  4587fd33e3a3c354fe7fef1eb47e993d643146fb

                                                  SHA256

                                                  6f54926539f118f509d4d3af478437f086652e97ff978e4b3047402c9552e61f

                                                  SHA512

                                                  0859b6e49a78d4e90c62642a2e8c81ea73702587b1cbd045b15623f18fe3b8c6a131c647683ce3bb9569d594e461e50c7d828dae941489d19364eb8d66eedef8

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595a5b.TMP

                                                  Filesize

                                                  706B

                                                  MD5

                                                  a7921fca7bce285a4795c47886bc191d

                                                  SHA1

                                                  08ce0fea9ea6e0eadfc85bd2d8212603a1b99754

                                                  SHA256

                                                  df220d392fe4d0e56ccb86a09fded745a53b1750907e061296cea1a08e2ea1c9

                                                  SHA512

                                                  791bbddeb4df9ea146cf0db2fab4d652a4d7d9a51134a5f63dce36bff48a71d7ee19fb70c3b94817e1aff6669f5900a326394447a376f5fde7c08a5323eea4ac

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                  Filesize

                                                  16B

                                                  MD5

                                                  6752a1d65b201c13b62ea44016eb221f

                                                  SHA1

                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                  SHA256

                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                  SHA512

                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                  Filesize

                                                  11KB

                                                  MD5

                                                  3321d63647174e90d73fb75134c72407

                                                  SHA1

                                                  615bf39e933dcc5787dd7abfc318ad11c11f9bee

                                                  SHA256

                                                  8d729db293b8cf8c19e6c95a2de79ed128b31c912d12a433340c6c9a0a4754e3

                                                  SHA512

                                                  c21fb7f36b481a17302453c8ba033227305186df10ddf2ad12ea0e54ea1998ed8f1bbfcf3d7b534804717fe876dc8ccdb0bbf7e21f1280ec6edd6b254d6b5169