Analysis

  • max time kernel
    18s
  • max time network
    19s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2025, 16:46

General

  • Target

    ARTISTIC FENCE ADVISE.pdf

  • Size

    206KB

  • MD5

    a835a43e3cad7f754cbf3691a6920ead

  • SHA1

    7312c96eab50936afd5c22cbc19846ae7d8242ac

  • SHA256

    edc1aa1f0814aa42e55b83659fea9ab3c417c1d2d7f84643dbd9e6cf39013f90

  • SHA512

    d4a609b6c295b2220a59dab9a659335fa2a7d625334cd48b4889f3ff2882770d366ba0d74ff5f785616bae0848633c6424423e4c6baa08f8729d244b4702c986

  • SSDEEP

    3072:Tt0z4+PJfUPw6YGC++tDtYXXkpRhA70EmgrnCi9aif3QW81q7bgbDblU2:Wz4+uP6GCftJYXXMi5mqy03dAsU/B7

Score
4/10

Malware Config

Signatures

  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ARTISTIC FENCE ADVISE.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:6132
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://g4.eyfmqqka.ru/5gxA8d/
      2⤵
      • Drops file in Program Files directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:768
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a0,0x350,0x7ff8ac09f208,0x7ff8ac09f214,0x7ff8ac09f220
        3⤵
          PID:4884
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1804,i,14326289560888049822,15393303882909209290,262144 --variations-seed-version --mojo-platform-channel-handle=2460 /prefetch:3
          3⤵
            PID:4644
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2148,i,14326289560888049822,15393303882909209290,262144 --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:2
            3⤵
              PID:4660
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1952,i,14326289560888049822,15393303882909209290,262144 --variations-seed-version --mojo-platform-channel-handle=3052 /prefetch:8
              3⤵
                PID:4764
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3496,i,14326289560888049822,15393303882909209290,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1
                3⤵
                  PID:4948
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3504,i,14326289560888049822,15393303882909209290,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:1
                  3⤵
                    PID:4812
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3500,i,14326289560888049822,15393303882909209290,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:8
                    3⤵
                      PID:5056
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4864,i,14326289560888049822,15393303882909209290,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:8
                      3⤵
                        PID:4004
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5368,i,14326289560888049822,15393303882909209290,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
                        3⤵
                          PID:5540
                        • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,14326289560888049822,15393303882909209290,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:8
                          3⤵
                            PID:1812
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5828,i,14326289560888049822,15393303882909209290,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:8
                            3⤵
                              PID:2924
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5640,i,14326289560888049822,15393303882909209290,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:8
                              3⤵
                                PID:2996
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6212,i,14326289560888049822,15393303882909209290,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8
                                3⤵
                                  PID:5760
                              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
                                2⤵
                                • System Location Discovery: System Language Discovery
                                PID:5032
                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=23CABED5331D2AEC0376FFC753096988 --mojo-platform-channel-handle=1712 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:3956
                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7E3B6A24CD3ADF9AA7AF2623404822BB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7E3B6A24CD3ADF9AA7AF2623404822BB --renderer-client-id=2 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job /prefetch:1
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:820
                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4B438BA678D55C760DB1C8BA1193EDA8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4B438BA678D55C760DB1C8BA1193EDA8 --renderer-client-id=4 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job /prefetch:1
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:4956
                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A998EE8A403F97ED703E3C30C9170D85 --mojo-platform-channel-handle=2552 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:556
                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=061C8F915664DFB91ED79E862E9E73B0 --mojo-platform-channel-handle=2668 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:5432
                                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F5C411933DBCDEFBABAB72C2E39328AF --mojo-platform-channel-handle=2556 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                                  3⤵
                                  • System Location Discovery: System Language Discovery
                                  PID:5560
                            • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                              1⤵
                                PID:1160
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:428
                                • C:\Windows\system32\cmd.exe
                                  C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                  1⤵
                                    PID:6000
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                      2⤵
                                        PID:3916

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      280B

                                      MD5

                                      65044109d1beb8ed8d59560642cbc519

                                      SHA1

                                      0084485b0aa26069232fab51ee603682e8edfd17

                                      SHA256

                                      a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d

                                      SHA512

                                      96dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

                                      Filesize

                                      2B

                                      MD5

                                      99914b932bd37a50b983c5e7c90ae93b

                                      SHA1

                                      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                      SHA256

                                      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                      SHA512

                                      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

                                      Filesize

                                      107KB

                                      MD5

                                      40e2018187b61af5be8caf035fb72882

                                      SHA1

                                      72a0b7bcb454b6b727bf90da35879b3e9a70621e

                                      SHA256

                                      b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

                                      SHA512

                                      a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

                                      Filesize

                                      2B

                                      MD5

                                      d751713988987e9331980363e24189ce

                                      SHA1

                                      97d170e1550eee4afc0af065b78cda302a97674c

                                      SHA256

                                      4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                      SHA512

                                      b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

                                      Filesize

                                      40B

                                      MD5

                                      20d4b8fa017a12a108c87f540836e250

                                      SHA1

                                      1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                      SHA256

                                      6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                      SHA512

                                      507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      16KB

                                      MD5

                                      46917e9d573febea2aaa36df8e88c196

                                      SHA1

                                      e9c2aba53cd23cb75b74171f5621a123fbcca97a

                                      SHA256

                                      458a6d713c9944ea863315e9cf66ae18c74d61926b309ba25e598068f6f8279d

                                      SHA512

                                      025f9a086d835a467856afd27c352a979e5bfc44739ba8438c694a3cb48922b49d9d0d9904175689efc179e4d407c8f4159d59134b4bda13abde4de62843334c

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                      Filesize

                                      36KB

                                      MD5

                                      7156c445f5ac1301ff9a1cef7584194f

                                      SHA1

                                      a0b63cdedd6c6bc42aa966a873890b1415495246

                                      SHA256

                                      211ea4436793bc341945416c13bf6a801687864d64193f553b20a5d79db53d58

                                      SHA512

                                      3dfb97a660b6fa54991af7e62a6d40120bf1bd5a791d1ed0f1fd92af5453ea9524dc1c8667b13d289ec34c52a5fec3f72cbc091b67c01f84cc664cfa5bf1a3fd

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

                                      Filesize

                                      22KB

                                      MD5

                                      3d61ee0270f37ea4c6cdd87474002e32

                                      SHA1

                                      2b639a54c788c589495fb09a14fdd6aea27afcc7

                                      SHA256

                                      4e337c13e7becede21bb616b0f68fae9bedc04ae8f7273dc00b8aaff4458244d

                                      SHA512

                                      2fbb47dcce3bcf6c6e60e10f375c2a91800b2095bd4e1047d9f41a5b18c781662a4beb491237b90b0d81218f488e3a0388737cbfe943df1eac3dc30d13fa4de6

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      40KB

                                      MD5

                                      cbaa46baec9014936dba22397d0049d3

                                      SHA1

                                      f9a1867061022c2194112ac2c32d048a3e0a11f0

                                      SHA256

                                      064f766b24e968a046776502e3a1a883e7222dbb846828a66ac1f093d2fb7054

                                      SHA512

                                      a4c6279e38a8d62f4ec1d62c9ba09641bace1d7771121736d56631392889f9d0a2e492cc79d5e10c882233a699be330c0debd0fcf75c7af115442704423e51da

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      40KB

                                      MD5

                                      a63a7d2edbe47af9a1745fb3b40421b1

                                      SHA1

                                      fd7ed055ba8ea5dbb91a142f73e9b6f2b41d1a3c

                                      SHA256

                                      5b9ce18507a33841d92da80f4abe058d154362d328d6c850d9d2e0b546256254

                                      SHA512

                                      4e50e1552cdc4aa1765b60c428e88426bd3fda4ecc1d93f91eaf588d421149b20cbf2ebd31cf59d394261d950737bc1028b468f592d11fd57a94d0b96b069b30

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

                                      Filesize

                                      152KB

                                      MD5

                                      dd9bf8448d3ddcfd067967f01e8bf6d7

                                      SHA1

                                      d7829475b2bd6a3baa8fabfaf39af57c6439b35e

                                      SHA256

                                      fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

                                      SHA512

                                      65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

                                    • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                      Filesize

                                      2KB

                                      MD5

                                      905d283ca1dd0e62b2a0ed9bc44579cf

                                      SHA1

                                      296937e27e2db0fa50841ad545390fc832625136

                                      SHA256

                                      cb1fa6b0d1e97f9471bdf0cc7a06a7dfcb8a3543bc2267caa7ab4ba0cc6b7c1f

                                      SHA512

                                      99f45fe639650cd8fb923450c1819470674df818749ecfd51c5942151174e3032a3810001a0a801bfcee1e85f7b94fc73637b0b12866f644ec1ea33eda6f430a