Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
70s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
21/11/2023, 06:14
Behavioral task
behavioral1
Sample
Passive-income-is-a-new-reality.pdf
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Passive-income-is-a-new-reality.pdf
Resource
win10v2004-20231023-en
General
-
Target
Passive-income-is-a-new-reality.pdf
-
Size
562KB
-
MD5
cf936d3277b7d35d14db096a75565780
-
SHA1
40fda0085e1b479232a782915e036299814f54a4
-
SHA256
dd8f13397f1114e895f3850d024aa9df8f09971eaa6c89dcb2a5896e67e43a7f
-
SHA512
2481343552ebf7accbdfcaac6dda10bc9e1c00cdfaad9ac52f0640e5b1ee6b9dcc656f06e34a74aa0a9fd915237e9c1d48ec2342669c0c80d1b8628a8708f805
-
SSDEEP
12288:3y26HtSYHo0s3Nl2PviGwu60CW8j9ongrGSAVaQscfeGiFUlARUzNv:3y26HtSgUly/YTGCGSAVhrtnlAqV
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-984744499-3605095035-265325720-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 26 IoCs
pid Process 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 552 msedge.exe 552 msedge.exe 2384 msedge.exe 2384 msedge.exe 5716 identity_helper.exe 5716 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 428 AcroRd32.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe 552 msedge.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe 428 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 428 wrote to memory of 3200 428 AcroRd32.exe 90 PID 428 wrote to memory of 3200 428 AcroRd32.exe 90 PID 428 wrote to memory of 3200 428 AcroRd32.exe 90 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 1504 3200 RdrCEF.exe 91 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92 PID 3200 wrote to memory of 4000 3200 RdrCEF.exe 92
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Passive-income-is-a-new-reality.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:428 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:3200 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=73726758D89CEA7CAFD3028427CBE2EC --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1504
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=417A8747843EF57BFE4DAFFBE2135631 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=417A8747843EF57BFE4DAFFBE2135631 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵PID:4000
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E49025B4B11721C3D5DF42AC5F1760AB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E49025B4B11721C3D5DF42AC5F1760AB --renderer-client-id=4 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job /prefetch:13⤵PID:2032
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9DD5D32C8C5246659F8FD9CDF84F79D4 --mojo-platform-channel-handle=2460 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3176
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B8A2C737EAAFB03846B1E11D8A7506EA --mojo-platform-channel-handle=2584 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4972
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CEC8C7CAACEA5A101F57B62D5861AEB9 --mojo-platform-channel-handle=2680 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2888
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://donow.rimnonstop.com/?_lp=1&_token=uuid_249rblc35lc1_249rblc35lc1655adef71b41f0.526019722⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:552 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9016446f8,0x7ff901644708,0x7ff9016447183⤵PID:1980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4913341871273364842,15979065065618382338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,4913341871273364842,15979065065618382338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:83⤵PID:4364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4913341871273364842,15979065065618382338,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:23⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4913341871273364842,15979065065618382338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:13⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4913341871273364842,15979065065618382338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:13⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4913341871273364842,15979065065618382338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:83⤵PID:5692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,4913341871273364842,15979065065618382338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:5716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4913341871273364842,15979065065618382338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:13⤵PID:5192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4913341871273364842,15979065065618382338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:13⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4913341871273364842,15979065065618382338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:13⤵PID:3020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,4913341871273364842,15979065065618382338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:13⤵PID:2540
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2128
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD58d683017e2a126bba643b8921188935d
SHA1b42c405ca3046613ce41eb86a36657be48b59f13
SHA25639e2420959a17957e8e3951a304bc7d2e139d5e3feb4b4e034eac34630b5a560
SHA512206e926870c3ee202fc2861947f66030e394d0f78ba4e824881789ed73298338d8d5e2e8c4a714576d0c1438c24366d05f09bdcf38c9d666d60dd7439d727a7c
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
152B
MD584df16093540d8d88a327b849dd35f8c
SHA1c6207d32a8e44863142213697984de5e238ce644
SHA256220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c
SHA5123077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5de7578730c95042a656677cc81dcc955
SHA1188cc520fda7356e501c03432d785e5a2c9da397
SHA2569523f42a2b03726291ab088d51baf456e87371c79b9153e81ef392a471c3c7de
SHA51212a44c37f9bfd470c4ff445b2c6f0c9115dc2ad6b23a4e33490705d2ea77a104670ef1774d3521dd79d900a7fe1ad8f515226dbab69593de7e92376f55c9b626
-
Filesize
5KB
MD551174c92d6d345e742a6080ab1247116
SHA1de3170d6540263e08c3c32c2abefca9167759590
SHA256f40d88bfbf92f9d95a4bdd54132d3f930fa36a60c913d745cfee0b6ad0aa98c5
SHA512272d538d52401c1cd1fd455d49efb8d9854d5d317703b264106bdb4bf43fd3892fbba554a084731fdf7792c6840cae8b5b7a99c0b21b30b74351a8e55031fb0a
-
Filesize
24KB
MD5918ecd7940dcab6b9f4b8bdd4d3772b2
SHA17c0c6962a6cd37d91c2ebf3ad542b3876dc466e4
SHA2563123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175
SHA512c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5db925d9ea85a5d0a24f083e49c6f4b37
SHA12bf45a283bc7e04edd1751f0b9d8caf9f806a03e
SHA256a93f0f3c68a1cf4f9043711599eccd8431769c0cc30755d299e516f7f4ec2d1a
SHA5124866baeafbd1cbc498f640ed82f5ae08b2d2797e731b8e4554e70461491792e1b513eefa2e4c6cb54a19c1dc86165de57cc8b420e243e159cd48c456cf8a80bb