Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/08/2023, 23:55

General

  • Target

    Claimed-IRS-TAX-18760.pdf

  • Size

    74KB

  • MD5

    2fd0e1335df990948dbe4ab3c2706f37

  • SHA1

    461f8a1b1f2f49c15ebc714905e8cac1d1d610c2

  • SHA256

    3a044dc07fc2e2f635a9ce9f88d75f4e354e0a8c11d3b426e7639444cf617647

  • SHA512

    ecc20cd76c6b52ad6bc9b870cf5ab4aa3c4e21050b77439b43c941d4a2c83aede8082996342f2899de156d8ed5512b3b5f0f644bdba64685623311e6993a3869

  • SSDEEP

    1536:lzSDWV+M38jBGNAdJfDlJuW6yskBkDta2q4UGrJ1E7QQxO6LVeXUrdaLk:BV+LlZL/utkBitaWN1mJ/LVzrdak

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Claimed-IRS-TAX-18760.pdf"
    1⤵
    • Checks processor information in registry
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:580
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:972
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=912A47296DF8ECA9C0E1BF34099BDEA1 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        3⤵
          PID:872
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7B91B8D618D3E4B130ACC22841439797 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7B91B8D618D3E4B130ACC22841439797 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
          3⤵
            PID:3360
          • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
            "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=60AF8072EB313D3252E663FBD5C46C6C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=60AF8072EB313D3252E663FBD5C46C6C --renderer-client-id=4 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job /prefetch:1
            3⤵
              PID:1616
            • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
              "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BD6DCD08A25524CE85A081104F8B30FA --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
              3⤵
                PID:4244
              • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D7E2C747A354CDEBC417E28C2B377646 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                3⤵
                  PID:2912
                • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
                  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5703C8573C1E2627376E5F242C9867FE --mojo-platform-channel-handle=2688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
                  3⤵
                    PID:2624
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qrco.de/beIVpd
                  2⤵
                  • Enumerates system info in registry
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  PID:3004
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb706646f8,0x7ffb70664708,0x7ffb70664718
                    3⤵
                      PID:1560
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
                      3⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2428
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
                      3⤵
                        PID:4528
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
                        3⤵
                          PID:3680
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
                          3⤵
                            PID:4840
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                            3⤵
                              PID:4576
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
                              3⤵
                                PID:4468
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                                3⤵
                                  PID:1816
                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
                                  3⤵
                                    PID:2976
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
                                    3⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:4820
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
                                    3⤵
                                      PID:4348
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
                                      3⤵
                                        PID:1632
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
                                        3⤵
                                          PID:4264
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
                                          3⤵
                                            PID:4848
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
                                            3⤵
                                              PID:5212
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
                                              3⤵
                                                PID:5296
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
                                                3⤵
                                                  PID:5332
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
                                                  3⤵
                                                    PID:5764
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
                                                    3⤵
                                                      PID:6032
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2
                                                      3⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:5580
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:3008

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                    Filesize

                                                    64KB

                                                    MD5

                                                    5bdfb03eb086bc3e9ee0f9730fbdf7b0

                                                    SHA1

                                                    b69d2f1571dfb76f593657340f966d4768bd88d2

                                                    SHA256

                                                    79438cf948e1d5162e248484ff1d05accee01267bd1d321e673490f071c88639

                                                    SHA512

                                                    8fde4a059df1a6dcbba5f901a4a6f1a3597e39ef049dac750788d8acfc32fe5422292fe3eb11f681fa2de46b3ae9c078c1b585122a5563b2a281018f6bc970ab

                                                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                    Filesize

                                                    36KB

                                                    MD5

                                                    b30d3becc8731792523d599d949e63f5

                                                    SHA1

                                                    19350257e42d7aee17fb3bf139a9d3adb330fad4

                                                    SHA256

                                                    b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

                                                    SHA512

                                                    523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

                                                  • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

                                                    Filesize

                                                    56KB

                                                    MD5

                                                    752a1f26b18748311b691c7d8fc20633

                                                    SHA1

                                                    c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

                                                    SHA256

                                                    111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

                                                    SHA512

                                                    a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                                                    Filesize

                                                    471B

                                                    MD5

                                                    5c4bc893a61e4fe592570c442b6564bb

                                                    SHA1

                                                    03acb6e9bc6933d2e54c32361c1dde1433026586

                                                    SHA256

                                                    b562f0898fb1251df446efdb5e3514ae7afd3bd3cae55ce31e4bbe7cf0f637b0

                                                    SHA512

                                                    418d5582460286bb462c9f344dbb5d97c9ecb950c7a55dac84147df753b489cabbfa7e23b497efac662205dc25065472a36fec6f6df441464d4aa3d89a88a49d

                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

                                                    Filesize

                                                    400B

                                                    MD5

                                                    c7b127c4add7f4140cf58b10b5932c3f

                                                    SHA1

                                                    22a816d191862bf80f61d4903bed0dea55101588

                                                    SHA256

                                                    e0b9e57cae5613122692ac4058ef03cf86fc785993361a98040665fe48aa8a4f

                                                    SHA512

                                                    a2d0426f9a14d7ca52d741e16947bce8690d0882ed24174fdf4657aa889d8de3bfb0822258210775697d1afc6e1f281dd57ed8e89c1ebb51d7a67c20b5de8aec

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    70e2e6954b953053c0c4f3b6e6ad9330

                                                    SHA1

                                                    cb61ba67b3bffa1d833bb85cc9547669ec46f62f

                                                    SHA256

                                                    f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4

                                                    SHA512

                                                    eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\896cfac8-0418-444d-8d5b-dda266248ab3.tmp

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    766a9cb78ba286571ff2cfb036792f7f

                                                    SHA1

                                                    576912dacc902b0147722c696a28668f336cacf0

                                                    SHA256

                                                    672261bc0ecd9ef699e1416d90b46e50458f410b227f25ced813a327cd6b7c32

                                                    SHA512

                                                    6eb0e0cdc632eb25e99742f090bf5f89f1817096c965daa5b54aa2cb238f2100c4a5f03dc1f31653d66ba79c53780dcbc6d44af10b96c648d20a45ca27a7d79a

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

                                                    Filesize

                                                    32KB

                                                    MD5

                                                    265a68c98e2d1fe2f235f9a49e533a85

                                                    SHA1

                                                    a0cbf711a976a4beab6acc77809edfe2962e4672

                                                    SHA256

                                                    401f827a496a900db8228eeedf0c2307f8e989e6becdf9b21408dc35e5bd9d75

                                                    SHA512

                                                    f2e905cf1fb98473f1dab97e8b1366427d4f4ebba952096e50a3d24bda9bb4c092f08d6388fdc0c05f43fd89c3341ce008769c7ece1de5ac514fc5039da139ff

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

                                                    Filesize

                                                    41KB

                                                    MD5

                                                    d4a69df7fe087527e3646d4ffa0e181b

                                                    SHA1

                                                    8a05ab9e8d1702bc88412575cb8008bfbd2bd91e

                                                    SHA256

                                                    3e57a82c78b04d2ce71d64ad18025d7a001ef1f220bc4c8e38d0096e2d49113e

                                                    SHA512

                                                    262c55794e1fe8a43a617d7250b15c3c61aaede2838a5eea58e557c86d7254e45c13c2d633bab213aaf2dfcbb86d4420f5601afc4bca3e35757398c599492c70

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                    Filesize

                                                    840B

                                                    MD5

                                                    3a275ce11a6d7b71d225631f9c1d4c0d

                                                    SHA1

                                                    95f1d61670ea23c337f8346b2d2b40d627e974f9

                                                    SHA256

                                                    1ef8db161340725c77e8be335c2c83c0b23ecc6b97eb601897cfc00465b4c751

                                                    SHA512

                                                    301de06525be37434ecb9b4a0406b2a940b84a7a2aa1012e7ce473bf884a20fd0c1c6a28f70611a18a112ccdb0c45befe007f1c813b514287f45004bfd0efe24

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    111B

                                                    MD5

                                                    285252a2f6327d41eab203dc2f402c67

                                                    SHA1

                                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                    SHA256

                                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                    SHA512

                                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                    Filesize

                                                    4KB

                                                    MD5

                                                    42eca7ff1016d0851e12059389982a55

                                                    SHA1

                                                    27cdbf93d9e9761937d97aeec961cde2207fd5fb

                                                    SHA256

                                                    960d5d3b7af320c94816dbc320b92a29e3564519c23838766507213fc21cf1d8

                                                    SHA512

                                                    cc04ee9d05ba5f3153a8e16f7fca5fa3b8d4e9f3e9a1d79d7bac5c5dea5919157974fb7fc94afd74f8ce1abe1a4aa3b6a6e01d95ccd283f6667f24159d62e945

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    4754f0444affa3762d7c9877f04d8bc9

                                                    SHA1

                                                    de53186940e96f1518e4902060a3161ffff6aca0

                                                    SHA256

                                                    0e5b25697f5c1151174cf3a1a9b932131f335bb0eaab6b36fcf089c5ba02790d

                                                    SHA512

                                                    0b5f2ae7f9234b6d040f5011881a7954a1fb035017a1209020e3cc644bd7402e5bbd5fd9f2998d18ed77f788be4a2b4018c640f505ef810a9bb03d6a96d7838e

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    5KB

                                                    MD5

                                                    95fb95d61c424aaa2f96e1f249daa385

                                                    SHA1

                                                    118f6a881ac415ec0113ca3a9fdab82d418ca0b8

                                                    SHA256

                                                    367d71d5a12bd3ff7cee174bb4abef5e8ed93f7fc5e490803607f3fc80996cef

                                                    SHA512

                                                    9245c2b8271afe95988b0668c60beb3cee87746b97e03dc6cab468567da39ec7a3b3ab7602076ee3d737a73f61d65c939583b4c0a7b4bc6c896a3c0e2dad8fb8

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                    Filesize

                                                    7KB

                                                    MD5

                                                    5104d98fcc0908c9daffab6748aecaba

                                                    SHA1

                                                    22977b3d62a7868a35fc55a96dfed24158382f2c

                                                    SHA256

                                                    83d55c2551fa145d553612659fb53d3ce4a345da6adee608a8a251165db3bad6

                                                    SHA512

                                                    e27e222dadf716acb19dd8f36d17bc34691f604aac8ead1c14179db24f6b472727a06b33c74661f71a7a2ec679399046e9d7c41c40c406eb9c11f8c1945603a8

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                    Filesize

                                                    24KB

                                                    MD5

                                                    5a478f1e08816969e8214f982850b754

                                                    SHA1

                                                    1cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c

                                                    SHA256

                                                    665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489

                                                    SHA512

                                                    7e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581400.TMP

                                                    Filesize

                                                    1KB

                                                    MD5

                                                    b51476301eef9b39119a5ba7760a8f98

                                                    SHA1

                                                    9b531ceb429ce670fcc843d52676dabb5e15e3b2

                                                    SHA256

                                                    1769dbcde02d88c92864066571a4694fe70f563e4312ddfbc7e9a7b883bb2ad3

                                                    SHA512

                                                    7de74ce07f588dcf0d3040484eb5b363a49cc614dce6893edc50dd96d7c11a1f3b04ebf3313d0621655cecd9df20ea66a1b22ab25ccc760ca14ff42cd87c026e

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                    Filesize

                                                    16B

                                                    MD5

                                                    6752a1d65b201c13b62ea44016eb221f

                                                    SHA1

                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                    SHA256

                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                    SHA512

                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\da07ce34-1205-41f2-8ee2-0d0ba0aa2a9a.tmp

                                                    Filesize

                                                    11KB

                                                    MD5

                                                    0085352b8e76fc3c10cdd7b9b3236c31

                                                    SHA1

                                                    fc0e0518316de8d57d32459e0c4925c35c9db61e

                                                    SHA256

                                                    aed15cd562ad2af1c5ee8037e0fddf75703e93461d79bad3330e316d88d00f0d

                                                    SHA512

                                                    d37ca6450bab3f8ee90f6d447a323c672feb4f959ec6ae62f1ee2c4fefd2a543df1d42c1898d1e395b5909e93a113aef43d80666c330c40b787f3da3f3a022a0