Analysis
-
max time kernel
72s -
max time network
71s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:09
Behavioral task
behavioral1
Sample
JOB ASSISTANT AVAILABLE 1.pdf
Resource
win7-20231215-en
General
-
Target
JOB ASSISTANT AVAILABLE 1.pdf
-
Size
139KB
-
MD5
0c2a4f79f33fcc8041a64eb452a05b2e
-
SHA1
210fe26ac8b0964772d8fdffebb6069092e80373
-
SHA256
f7bf5eb8055f64b27f0272ba72a3f17b770277c266566ec439234dc273799008
-
SHA512
9f5467de35be970621a3cb967d4f40fcc1472fec080a8098d8290be89b3012452d3eb7dfb5cdf18d7840a5febf2a996e922c74199a71d0150991100db9652ac1
-
SSDEEP
3072:+tjG0YjjIhkMwDrg+KkTX4ox2sPpeFA+cEELVRO4L/9pk3hbVYmHfK4:+tjBYBKO4K2shrEkpEy2C4
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 26 IoCs
Processes:
msedge.exemsedge.exeAcroRd32.exeidentity_helper.exepid process 3096 msedge.exe 3096 msedge.exe 1800 msedge.exe 1800 msedge.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 5796 identity_helper.exe 5796 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
AcroRd32.exemsedge.exepid process 4864 AcroRd32.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe 1800 msedge.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe 4864 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 4864 wrote to memory of 4408 4864 AcroRd32.exe RdrCEF.exe PID 4864 wrote to memory of 4408 4864 AcroRd32.exe RdrCEF.exe PID 4864 wrote to memory of 4408 4864 AcroRd32.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 2268 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe PID 4408 wrote to memory of 4040 4408 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JOB ASSISTANT AVAILABLE 1.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4864 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:4408 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=446B4FED1D81C4FBB2125B3B18997A61 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2268
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E4FB43A0FE7E1890FDBD923703EC5329 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E4FB43A0FE7E1890FDBD923703EC5329 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:13⤵PID:4040
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=97724A33247E6BA953509726881AF852 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4520
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E56586BCBA60A3BB957C3E4FC8E6399B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E56586BCBA60A3BB957C3E4FC8E6399B --renderer-client-id=5 --mojo-platform-channel-handle=2432 --allow-no-sandbox-job /prefetch:13⤵PID:3964
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=14CF460AF872D2207C8FB496276E428E --mojo-platform-channel-handle=2700 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3996
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=76C652A37342EACE37A872C8A128CAB0 --mojo-platform-channel-handle=2800 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1248
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/forms/d/1I9ftbFjw0tMdzIb1rXpQe9UG071bZp2or0Pgmty-uhw2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1800 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc723e46f8,0x7ffc723e4708,0x7ffc723e47183⤵PID:2360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,332073130746515742,13189786246184215999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3096 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,332073130746515742,13189786246184215999,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:23⤵PID:4012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,332073130746515742,13189786246184215999,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:83⤵PID:2484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,332073130746515742,13189786246184215999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:13⤵PID:464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,332073130746515742,13189786246184215999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:13⤵PID:2536
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,332073130746515742,13189786246184215999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:13⤵PID:948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,332073130746515742,13189786246184215999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:13⤵PID:5708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,332073130746515742,13189786246184215999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:13⤵PID:5700
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,332073130746515742,13189786246184215999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:83⤵PID:5772
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,332073130746515742,13189786246184215999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6108 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:5796 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,332073130746515742,13189786246184215999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:13⤵PID:860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,332073130746515742,13189786246184215999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:13⤵PID:1640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/forms/d/1I9ftbFjw0tMdzIb1rXpQe9UG071bZp2or0Pgmty-uhw2⤵PID:3920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc723e46f8,0x7ffc723e4708,0x7ffc723e47183⤵PID:3352
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3608
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD5c119664480c06f5204312636366857db
SHA16607328978ef1df9985d9da406f2620d428494d9
SHA2567dfee3ae13a0bae3b992064178f53786a3be7d1520eb89b15fbb1d6c437db29e
SHA512e1549d1c0e1ed91449fffa9df53d271abdb18b8e36b247109860c4f3cc22bee7bb8c39d7d61d01381409b399d6562da00da5dffa049dbc704916b41e1704c94a
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEventsFilesize
12KB
MD511d4b2128635ed44fac01b9231dc72d4
SHA1981da36fe2dcc8578f46e4b6cb2236c21c05e054
SHA256e7596094fb6836d064c316fe854c2aded641ae35dc702117fb964f097a8dbcaf
SHA5123afc5105a748021a2aa03b4480e7ce582558c76af17bcd7059646a0cb4b85e2656b5e1a43a93f81d0cd8966b97283b6761aa3bcabb71abe6a11a493e8dda3abe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5efc9c7501d0a6db520763baad1e05ce8
SHA160b5e190124b54ff7234bb2e36071d9c8db8545f
SHA2567af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a
SHA512bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5d322f4ef8342808db90b6c1f4312d72f
SHA183b4db2ce3324f5ad381a738fc209cf9392dc5aa
SHA25617b3dc849412be1db2123e79397f734b8b279890b966d0ddabd0fc6567823c71
SHA512085e74de9be5da317eec18165f0751278980f87fe40ecb63e0ae60637e33072624d63b46ef58d65432b95cab3670c3c1a72f21971cd264e283468a5493c880be
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5f51d14e4420308267250fdc1fb8cb4ed
SHA106e4d62bcfdb5e28780352cbf34bc67c00ba850f
SHA2566d6694d82cb5c49086f3c624f3d75b4f6773ee911ddeb101978a9a59ba415ab4
SHA512bbd8fc616dee1b229f6c77e63f0c5aab4ab2c95eab6d39c6c0798067ae91b87a5c09a8dce55347d34276a5081bb50992b8f2c6f8ddcd4cb315ec24a9f92bd1b5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD580c2666d0153d0557c8162cfcdd8d64e
SHA1346643fec7312e6f279eae7c7ceb81cf34d166ba
SHA256d486384a0307eb2c964388a00f9d0ad29f6c9ab95324cca08012873c604c5907
SHA5129903103cfa19590aa0bd357e2554b9587f91b964714915b457ba6ca89d6b5dceb40764085ece7d343b6ae6fa623093434f78111936e7794ab83e22d0e43ba204
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD5121510c1483c9de9fdb590c20526ec0a
SHA196443a812fe4d3c522cfdbc9c95155e11939f4e2
SHA256cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c
SHA512b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
371B
MD525e35c489b2f1755e3369167103a9361
SHA112a70d40e97970dc63d55c351c5c9f1b0a87562e
SHA2560f2c47ed5d77e25d8a96f39baa297db1a942b5e5f2792bd3677be5b91c4197e4
SHA5122c925f503ad4a4d8477e64b2b81462eed5ff19264b67911348084955ecc6e6f4933f8570320705181024bb98c5da3a6053cc3f20a1e92def137721ef3edcb812
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588d37.TMPFilesize
204B
MD5b27b764268bead7cbf32af5cc3643e3f
SHA19abe5ccddc462c27b92130ec76b8a87f9a1f5c22
SHA256646a9c52a9245f65648859cadb07601515a1b37ad352bcbebd12314e92e6727b
SHA5123deb673146a742973f45e56822a2171ac3ed22556b1aec78dfcd92b12689309f40eb9ca723989df26901dc776f9f61ea4e1053c301da66dae9850ea605eda110
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5e6454043569d7299c1fa338038f9977c
SHA12ed1ec0b624d0fd3a86f56bb7fe824c6f2bddf03
SHA2569ad843c980c9d0ff4386206ed1d4ca1f0a26f98c643ab73eeabb1b4aa49512c2
SHA5123fffc6eacb5bd477f4ee58df238277fa5379fb0a5b2a5b7bd85dd57e7d505a3cbcc3a146bf7d2334256e3854a1173e6a11f439a5706e3156d4bea3a1f2b77d46
-
\??\pipe\LOCAL\crashpad_1800_HHGZNQUVVMXIOBMCMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/4864-84-0x000000000A010000-0x000000000A031000-memory.dmpFilesize
132KB