Overview

overview

10

Static

static

10

virusshare...30.pdf

windows10-2004-x64

3

virusshare...30.pdf

windows11-21h2-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250410-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/04/2025, 07:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    virusshare/1/VirusShare_3cd9a967b67fe69351e390195ca7a430.pdf

  • Size

    32KB

  • MD5

    3cd9a967b67fe69351e390195ca7a430

  • SHA1

    4e7f309d283182d76377ad02616a6a5933cac649

  • SHA256

    e96e3b90d9483a2e463fdda0edf27310ed10fbdb8a8b920c6480ca93bb2e1077

  • SHA512

    ffe9ffe8555ef0b914bdcaea5b50eb501c4b0d03726ab6f2baa0e5cf6875d9b0ac735679dbd03810d3f03905402f382bf32e3227bd2a11c0eef173082cb02273

  • SSDEEP

    768:XDNivfrO+Av3qpOCy71ShZ2/p1oaVBV2iKL2GmqBmmSE5fXuMZmwgCLWar8v:XB6zrAv3qpOCy71ShZ2R1osBV2iKL25p

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\virusshare\1\VirusShare_3cd9a967b67fe69351e390195ca7a430.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5220
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4760
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0B6C176E3BD933C6D686F6EE8982870E --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1460
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=669176037A529E20EB9F4F04C9AD720B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=669176037A529E20EB9F4F04C9AD720B --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5992
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0F48E1B02FC429A7AA6321D813D14AB9 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        PID:900
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6DEBDA906446D65425BCC5217DE0D72D --mojo-platform-channel-handle=1772 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1848
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0C75F0B9754D0BF182F4689BECEF055E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0C75F0B9754D0BF182F4689BECEF055E --renderer-client-id=6 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job /prefetch:1
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3460
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FD7B329A65DC111F43766EB34346F265 --mojo-platform-channel-handle=2412 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5264
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://formormedia.com/uploads/1/3/0/2/130289443/130289443.html#auma+electric+actuator+catalogue
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      PID:4044
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2c8,0x2dc,0x7ffde131f208,0x7ffde131f214,0x7ffde131f220
        3⤵
          PID:5280
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2276,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=2272 /prefetch:2
          3⤵
            PID:3824
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1908,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:3
            3⤵
              PID:2780
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2612,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=2628 /prefetch:8
              3⤵
                PID:4184
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3464,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
                3⤵
                  PID:384
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3472,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
                  3⤵
                    PID:2732
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5052,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=5084 /prefetch:8
                    3⤵
                      PID:5024
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5060,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:8
                      3⤵
                        PID:4864
                      • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5708,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:8
                        3⤵
                          PID:4988
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5768,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:8
                          3⤵
                            PID:2156
                          • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5708,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=5732 /prefetch:8
                            3⤵
                              PID:3404
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3436,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:8
                              3⤵
                                PID:5416
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1752,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:8
                                3⤵
                                  PID:4060
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6004,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:8
                                  3⤵
                                    PID:5108
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5492,i,1118636631964228848,11746309006789150223,262144 --variations-seed-version --mojo-platform-channel-handle=2020 /prefetch:8
                                    3⤵
                                      PID:2552
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:2272
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
                                    1⤵
                                      PID:5596
                                    • C:\Windows\system32\cmd.exe
                                      C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                      1⤵
                                        PID:820
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
                                          2⤵
                                            PID:5912

                                        Network

                                        MITRE ATT&CK Enterprise v16

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                                          Filesize

                                          64KB

                                          MD5

                                          9b475d44cd66e3d597dc6ca18d845b85

                                          SHA1

                                          bc39e187b13dc0a541589fc734ea3e612e9afa78

                                          SHA256

                                          c80c3adacec99bc102d3faac644bb87b6215c17f57847c367edc83f58e121155

                                          SHA512

                                          cca7311b9d55daca51f59e6cb5c56e27f2304a8c5c7b369e53fe3ceec1dd196ab1eecf0b17937c63713571b2f67dc79bf74b6635a3e62856d4888d1e6c99e390

                                          Download Submit

                                        • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                                          Filesize

                                          36KB

                                          MD5

                                          b30d3becc8731792523d599d949e63f5

                                          SHA1

                                          19350257e42d7aee17fb3bf139a9d3adb330fad4

                                          SHA256

                                          b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                                          SHA512

                                          523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                                          Download Submit

                                        • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
                                          Filesize

                                          56KB

                                          MD5

                                          752a1f26b18748311b691c7d8fc20633

                                          SHA1

                                          c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                                          SHA256

                                          111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                                          SHA512

                                          a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          280B

                                          MD5

                                          576f64b8f21f4203eed3f6c7b065f527

                                          SHA1

                                          e0c4e8f914319e112a4b3562d2d6f4107750aba8

                                          SHA256

                                          c39a636afaeae67ebd98682bf35ff7afafceac020ed21cb564ab954ab1ef6f87

                                          SHA512

                                          af606a5d7d4d96afd80d8e0117f2d5f02cc82b810149f50e26d46a5b8fd7c6b2aa119aa1b7123c54d2ef19d05ca92ca738994e047e24e567e53765fc1c52f653

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                          Filesize

                                          2B

                                          MD5

                                          99914b932bd37a50b983c5e7c90ae93b

                                          SHA1

                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                          SHA256

                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                          SHA512

                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
                                          Filesize

                                          107KB

                                          MD5

                                          2b66d93c82a06797cdfd9df96a09e74a

                                          SHA1

                                          5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

                                          SHA256

                                          d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

                                          SHA512

                                          95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                          Filesize

                                          2KB

                                          MD5

                                          60e426c477b5ea5246fda2b48dc33b5f

                                          SHA1

                                          a4c125a1b29f8bcab5d95f97c7e2ca8f5054e3e4

                                          SHA256

                                          045794c02c048868b2f44c80468b6a825b7f8b393d83840204a7445b8a3d9a99

                                          SHA512

                                          5c4320675772897b4da050b475a29a46582f2e2f63fc91f99302c7983de1339689bb22f9c8dbd13fd2c030b08968df4f474bfaf3210fd97040d4ff68d1bede47

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
                                          Filesize

                                          40B

                                          MD5

                                          20d4b8fa017a12a108c87f540836e250

                                          SHA1

                                          1ac617fac131262b6d3ce1f52f5907e31d5f6f00

                                          SHA256

                                          6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

                                          SHA512

                                          507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          15KB

                                          MD5

                                          65517591b3439841f9d9d26a38d4dcc5

                                          SHA1

                                          3b0e7b84c74b2869e00c4c37aab56ad3bf9e2439

                                          SHA256

                                          e9b1dcc227cbcb52878947f2725d19964258fb797b9eaeb6b3a2abb6e2f15690

                                          SHA512

                                          871649961f353c5d13c48e44a526c0daab32fcd87c0f8c425d9c5f63196ec794a7b55eaabf3f7f4b426aa0cb965ef09da72d8dabeb2f69f94f82a4d444da87f0

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                          Filesize

                                          36KB

                                          MD5

                                          69ddd3871d45707d555df4d7667a1415

                                          SHA1

                                          5332886d6325b8854eab048ad5e6022dd023333e

                                          SHA256

                                          8c2793a42dbe08de4f431a0e2eaf0c568e3ff1e9fd87800093655e372ab64c6e

                                          SHA512

                                          a0f13d42edbe47da54442a5a93ccbbfc88a12c8858e1f5c53581759d4c75d73de7ff3f59b430b5347a889b35b8596386a220302512b2485ebebda530d9f29200

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
                                          Filesize

                                          22KB

                                          MD5

                                          c4cd333dfda7755827f4c351e252cab7

                                          SHA1

                                          075c22e15953e0cd67d87974c994fb404b0acf2b

                                          SHA256

                                          5500a06a2a4c1143f5da74437413ce6a34de647038a0d9ad13e2a33c82ad2ab7

                                          SHA512

                                          3e1ee6e8f6a24f067783bddb5a03b9e9d4050d2ab9dbcbf1b56824c58f84790ba4fb9b65f94e2036d067a4c7d2ec6dcf9b8f0ad52c56066e074c8fef6600df2a

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                          Filesize

                                          20KB

                                          MD5

                                          dce9fae8453601d0e696d5d57d0085b0

                                          SHA1

                                          1920e6c3528d8d617d9781df7aa8938ebf80f8d0

                                          SHA256

                                          f7d61b045c1d91453b78cf2148c9ac9791c58a32b6db6fca69843a7ecaa1db2c

                                          SHA512

                                          2e410daf9b2346f745aa712f69beae88326f535a15f46f4e86fe2908753cad7f1a87fb58f195a8e116fc2e5ecc7d2440c94e0cd56abf2d67277356e24d11f615

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                          Filesize

                                          467B

                                          MD5

                                          52619575de5d67aee39ba2bffbab9192

                                          SHA1

                                          1ee4f2fbd5996f57ae3c380a3e5de4a3dfa05d7b

                                          SHA256

                                          633c4d973365ec848479ca88a477df78e87c1ad1898865233e1e353dbbe511c7

                                          SHA512

                                          c614da98e170abb8385a95e015276e5aab1071ff35db99f2961bc84264d786af1870a94d374517919298fad0e4945a265bd1a3ec1865e32cafa4bb434c319f5f

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
                                          Filesize

                                          900B

                                          MD5

                                          5f7037d50d3d1efe6ccf5bbc5112dcf4

                                          SHA1

                                          b37aceb46bee6d73b3472ff253e67718f658d3a2

                                          SHA256

                                          c2353840637d43abba8bfcbe659046c6efa090c30c7b0f6b3737ab1bd7af3a60

                                          SHA512

                                          eb7e4afe83d16aa0b2804c1bfcafdde56f109ba3aafce952960d9b4c7254453a0c09d53080eff676f559952a7496e99c78dbafc568aa461ae5ce716ac825ca72

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\b08601f4-159e-421c-b6d3-72e0e1d6e1aa.tmp
                                          Filesize

                                          22KB

                                          MD5

                                          3f8927c365639daa9b2c270898e3cf9d

                                          SHA1

                                          c8da31c97c56671c910d28010f754319f1d90fa6

                                          SHA256

                                          fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

                                          SHA512

                                          d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          39KB

                                          MD5

                                          0443f3a325798d37076886beead4f2e2

                                          SHA1

                                          d38c50def228ddf1f861f6c2dc2a0bcf82d29a96

                                          SHA256

                                          8347ee6acd4281d41a4ed1ce2aa31920b8d194439e91d807243ff7ae7c234a1b

                                          SHA512

                                          3dbdbe76c2158ebcc689c66bd01c53f1e1e5227918c55faeadaf2a55284312f4194bc1d63f24b845dc1c1b7ac12265c2864c473ed1db5db3da94ce9106715122

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          48KB

                                          MD5

                                          b7dfcedccc8945cdb026f4c35baf7ecf

                                          SHA1

                                          f6d70b2135c7ff383daf161413147d2f2d301b5f

                                          SHA256

                                          16a3c86c31415dfd14270741e9ce7fba39c022c654590793e822e0e187627307

                                          SHA512

                                          f5f9793b43f3e92d56c7252bed7775630713db90bc99e112ed77038b68b868be01be978bd417c9bed9e9eaacf5df10fa7cae69cafe782aba83a1dd17154e7760

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          48KB

                                          MD5

                                          6ec25e454881678201a027ff177d344d

                                          SHA1

                                          28c8b8b4c915b71052986fae97b8bf9da45806ae

                                          SHA256

                                          bc1a6be17a3a9decd73be03a30da888db5e05ea68aac151a89da6e249d7090fb

                                          SHA512

                                          8e0c3e2330ca441eb7faba504262b6f2a6402c3a5744bfaf1c1a745b3e4ccde6e753d5e18f92e0aefa214e8644dcec06a82f2b43068a0c1061a50b70f2332c55

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          48KB

                                          MD5

                                          b27ea0dee6cbfbf8b9cee81ff5fc1dac

                                          SHA1

                                          aa6ec93a1895538a6f0c7669a3d0fa43f71bf3d1

                                          SHA256

                                          c8462343be4af76b26954fa607196035185f844e543f3391cf6a474d7e645400

                                          SHA512

                                          13f9be17f77c35d1fa86e67b03b8420a75ad4bbc78deb060afc67b874a705e3b2066ef70dd63a45e49ffd535767b4cec3648d0756b0d5159f99efd8f0d3923f7

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
                                          Filesize

                                          2KB

                                          MD5

                                          fd9eab55a8f9a6c60e9de8b80518b0ef

                                          SHA1

                                          4e0924a27da1bb14a39033e6dd2e41d812f98a63

                                          SHA256

                                          a89142152678f595869c72d6423e71facecf4c9bdc4a9fa74980bd4a66f063da

                                          SHA512

                                          a309da7b71bdb7f6ea6a07de4afbfdad2a2b1e563e94cdbe986e583fad8e51d46a95a7807e563a3a493244c2d0d867e7b52a5593ef74b21efc4bff7c229421ac

                                          Download Submit