Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
30/08/2023, 23:55
Behavioral task
behavioral1
Sample
Claimed-IRS-TAX-18760.pdf
Resource
win7-20230824-en
Behavioral task
behavioral2
Sample
Claimed-IRS-TAX-18760.pdf
Resource
win10v2004-20230703-en
General
-
Target
Claimed-IRS-TAX-18760.pdf
-
Size
74KB
-
MD5
2fd0e1335df990948dbe4ab3c2706f37
-
SHA1
461f8a1b1f2f49c15ebc714905e8cac1d1d610c2
-
SHA256
3a044dc07fc2e2f635a9ce9f88d75f4e354e0a8c11d3b426e7639444cf617647
-
SHA512
ecc20cd76c6b52ad6bc9b870cf5ab4aa3c4e21050b77439b43c941d4a2c83aede8082996342f2899de156d8ed5512b3b5f0f644bdba64685623311e6993a3869
-
SSDEEP
1536:lzSDWV+M38jBGNAdJfDlJuW6yskBkDta2q4UGrJ1E7QQxO6LVeXUrdaLk:BV+LlZL/utkBitaWN1mJ/LVzrdak
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 30 IoCs
pid Process 2428 msedge.exe 2428 msedge.exe 3004 msedge.exe 3004 msedge.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 4820 identity_helper.exe 4820 identity_helper.exe 5580 msedge.exe 5580 msedge.exe 5580 msedge.exe 5580 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
pid Process 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 580 AcroRd32.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe 3004 msedge.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe 580 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 580 wrote to memory of 972 580 AcroRd32.exe 86 PID 580 wrote to memory of 972 580 AcroRd32.exe 86 PID 580 wrote to memory of 972 580 AcroRd32.exe 86 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 872 972 RdrCEF.exe 88 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89 PID 972 wrote to memory of 3360 972 RdrCEF.exe 89
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Claimed-IRS-TAX-18760.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:580 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:972 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=912A47296DF8ECA9C0E1BF34099BDEA1 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:872
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7B91B8D618D3E4B130ACC22841439797 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7B91B8D618D3E4B130ACC22841439797 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:3360
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=60AF8072EB313D3252E663FBD5C46C6C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=60AF8072EB313D3252E663FBD5C46C6C --renderer-client-id=4 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job /prefetch:13⤵PID:1616
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BD6DCD08A25524CE85A081104F8B30FA --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4244
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D7E2C747A354CDEBC417E28C2B377646 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2912
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5703C8573C1E2627376E5F242C9867FE --mojo-platform-channel-handle=2688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2624
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qrco.de/beIVpd2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3004 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb706646f8,0x7ffb70664708,0x7ffb706647183⤵PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:23⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:83⤵PID:3680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:13⤵PID:4840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:13⤵PID:4576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:13⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:13⤵PID:1816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:83⤵PID:2976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:13⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:13⤵PID:1632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:13⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:13⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:13⤵PID:5212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:13⤵PID:5296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:13⤵PID:5332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:13⤵PID:5764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:13⤵PID:6032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3713899632215267496,7652333145774305542,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:5580
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD55bdfb03eb086bc3e9ee0f9730fbdf7b0
SHA1b69d2f1571dfb76f593657340f966d4768bd88d2
SHA25679438cf948e1d5162e248484ff1d05accee01267bd1d321e673490f071c88639
SHA5128fde4a059df1a6dcbba5f901a4a6f1a3597e39ef049dac750788d8acfc32fe5422292fe3eb11f681fa2de46b3ae9c078c1b585122a5563b2a281018f6bc970ab
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize471B
MD55c4bc893a61e4fe592570c442b6564bb
SHA103acb6e9bc6933d2e54c32361c1dde1433026586
SHA256b562f0898fb1251df446efdb5e3514ae7afd3bd3cae55ce31e4bbe7cf0f637b0
SHA512418d5582460286bb462c9f344dbb5d97c9ecb950c7a55dac84147df753b489cabbfa7e23b497efac662205dc25065472a36fec6f6df441464d4aa3d89a88a49d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize400B
MD5c7b127c4add7f4140cf58b10b5932c3f
SHA122a816d191862bf80f61d4903bed0dea55101588
SHA256e0b9e57cae5613122692ac4058ef03cf86fc785993361a98040665fe48aa8a4f
SHA512a2d0426f9a14d7ca52d741e16947bce8690d0882ed24174fdf4657aa889d8de3bfb0822258210775697d1afc6e1f281dd57ed8e89c1ebb51d7a67c20b5de8aec
-
Filesize
152B
MD570e2e6954b953053c0c4f3b6e6ad9330
SHA1cb61ba67b3bffa1d833bb85cc9547669ec46f62f
SHA256f6e770a3b88ad3fda592419b6c00553bdadc50d5fb466ef872271389977f2ab4
SHA512eeacb0e62f68f56285f7605963ca9bb82f542d4e2ccc323266c08c9990cecdebd574e1ab304ae08ea8c6c94c50683180f83562f972e92799ebbcfcd8f503fb5a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\896cfac8-0418-444d-8d5b-dda266248ab3.tmp
Filesize1KB
MD5766a9cb78ba286571ff2cfb036792f7f
SHA1576912dacc902b0147722c696a28668f336cacf0
SHA256672261bc0ecd9ef699e1416d90b46e50458f410b227f25ced813a327cd6b7c32
SHA5126eb0e0cdc632eb25e99742f090bf5f89f1817096c965daa5b54aa2cb238f2100c4a5f03dc1f31653d66ba79c53780dcbc6d44af10b96c648d20a45ca27a7d79a
-
Filesize
32KB
MD5265a68c98e2d1fe2f235f9a49e533a85
SHA1a0cbf711a976a4beab6acc77809edfe2962e4672
SHA256401f827a496a900db8228eeedf0c2307f8e989e6becdf9b21408dc35e5bd9d75
SHA512f2e905cf1fb98473f1dab97e8b1366427d4f4ebba952096e50a3d24bda9bb4c092f08d6388fdc0c05f43fd89c3341ce008769c7ece1de5ac514fc5039da139ff
-
Filesize
41KB
MD5d4a69df7fe087527e3646d4ffa0e181b
SHA18a05ab9e8d1702bc88412575cb8008bfbd2bd91e
SHA2563e57a82c78b04d2ce71d64ad18025d7a001ef1f220bc4c8e38d0096e2d49113e
SHA512262c55794e1fe8a43a617d7250b15c3c61aaede2838a5eea58e557c86d7254e45c13c2d633bab213aaf2dfcbb86d4420f5601afc4bca3e35757398c599492c70
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize840B
MD53a275ce11a6d7b71d225631f9c1d4c0d
SHA195f1d61670ea23c337f8346b2d2b40d627e974f9
SHA2561ef8db161340725c77e8be335c2c83c0b23ecc6b97eb601897cfc00465b4c751
SHA512301de06525be37434ecb9b4a0406b2a940b84a7a2aa1012e7ce473bf884a20fd0c1c6a28f70611a18a112ccdb0c45befe007f1c813b514287f45004bfd0efe24
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
4KB
MD542eca7ff1016d0851e12059389982a55
SHA127cdbf93d9e9761937d97aeec961cde2207fd5fb
SHA256960d5d3b7af320c94816dbc320b92a29e3564519c23838766507213fc21cf1d8
SHA512cc04ee9d05ba5f3153a8e16f7fca5fa3b8d4e9f3e9a1d79d7bac5c5dea5919157974fb7fc94afd74f8ce1abe1a4aa3b6a6e01d95ccd283f6667f24159d62e945
-
Filesize
5KB
MD54754f0444affa3762d7c9877f04d8bc9
SHA1de53186940e96f1518e4902060a3161ffff6aca0
SHA2560e5b25697f5c1151174cf3a1a9b932131f335bb0eaab6b36fcf089c5ba02790d
SHA5120b5f2ae7f9234b6d040f5011881a7954a1fb035017a1209020e3cc644bd7402e5bbd5fd9f2998d18ed77f788be4a2b4018c640f505ef810a9bb03d6a96d7838e
-
Filesize
5KB
MD595fb95d61c424aaa2f96e1f249daa385
SHA1118f6a881ac415ec0113ca3a9fdab82d418ca0b8
SHA256367d71d5a12bd3ff7cee174bb4abef5e8ed93f7fc5e490803607f3fc80996cef
SHA5129245c2b8271afe95988b0668c60beb3cee87746b97e03dc6cab468567da39ec7a3b3ab7602076ee3d737a73f61d65c939583b4c0a7b4bc6c896a3c0e2dad8fb8
-
Filesize
7KB
MD55104d98fcc0908c9daffab6748aecaba
SHA122977b3d62a7868a35fc55a96dfed24158382f2c
SHA25683d55c2551fa145d553612659fb53d3ce4a345da6adee608a8a251165db3bad6
SHA512e27e222dadf716acb19dd8f36d17bc34691f604aac8ead1c14179db24f6b472727a06b33c74661f71a7a2ec679399046e9d7c41c40c406eb9c11f8c1945603a8
-
Filesize
24KB
MD55a478f1e08816969e8214f982850b754
SHA11cf5e7192f3c6e31c7e27b6cb34ebf89036eec0c
SHA256665cf5612c61412c9acc928b1e155c8f11ae83905ce614d9a1a7ad72cc0fd489
SHA5127e7ff60c157841f6f5bb206ebbce29f6df3a6c0c671805415ad7226654e13da49ad76e39a6d0afe28992348f3b5685ecacbfb44178fd61998c54caebbfd97832
-
Filesize
1KB
MD5b51476301eef9b39119a5ba7760a8f98
SHA19b531ceb429ce670fcc843d52676dabb5e15e3b2
SHA2561769dbcde02d88c92864066571a4694fe70f563e4312ddfbc7e9a7b883bb2ad3
SHA5127de74ce07f588dcf0d3040484eb5b363a49cc614dce6893edc50dd96d7c11a1f3b04ebf3313d0621655cecd9df20ea66a1b22ab25ccc760ca14ff42cd87c026e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD50085352b8e76fc3c10cdd7b9b3236c31
SHA1fc0e0518316de8d57d32459e0c4925c35c9db61e
SHA256aed15cd562ad2af1c5ee8037e0fddf75703e93461d79bad3330e316d88d00f0d
SHA512d37ca6450bab3f8ee90f6d447a323c672feb4f959ec6ae62f1ee2c4fefd2a543df1d42c1898d1e395b5909e93a113aef43d80666c330c40b787f3da3f3a022a0