Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
320s -
max time network
291s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-es -
resource tags
arch:x64arch:x86image:win10v2004-20240412-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
17/04/2024, 14:45
Static task
static1
Behavioral task
behavioral1
Sample
81f761bbbfa9143f18ff8cf0f74d8791c4a70b36.pdf
Resource
win10v2004-20240412-es
General
-
Target
81f761bbbfa9143f18ff8cf0f74d8791c4a70b36.pdf
-
Size
650KB
-
MD5
601da4e7b3bb71f1163882943054229e
-
SHA1
81f761bbbfa9143f18ff8cf0f74d8791c4a70b36
-
SHA256
8e863848b911bfdbab2478b7165d6e1718dbfbbf2f44696beb08f8e6318ead3d
-
SHA512
7750dda067d89833ceaac565bdaeabb7dfee814a3381c5ad0eb1e0fff57121b81049f5540a7ed6df8f8db4d75d889d30db9209cca209406533348c92330a086c
-
SSDEEP
12288:PQoHq9JZRxMI7+JgUjTzu+TKTjNtRPF5tFgyYDIT0A2DP29NXO4P/NH8ZKG8XSQW:4oHUwG+TKR/jg9DIITu39nNcZKhiQW
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 30 IoCs
pid Process 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 4428 msedge.exe 4428 msedge.exe 1932 msedge.exe 1932 msedge.exe 2580 identity_helper.exe 2580 identity_helper.exe 6008 msedge.exe 6008 msedge.exe 6008 msedge.exe 6008 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2652 AcroRd32.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe 1932 msedge.exe -
Suspicious use of SetWindowsHookEx 9 IoCs
pid Process 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe 2652 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2652 wrote to memory of 3472 2652 AcroRd32.exe 87 PID 2652 wrote to memory of 3472 2652 AcroRd32.exe 87 PID 2652 wrote to memory of 3472 2652 AcroRd32.exe 87 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 428 3472 RdrCEF.exe 88 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89 PID 3472 wrote to memory of 4864 3472 RdrCEF.exe 89
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\81f761bbbfa9143f18ff8cf0f74d8791c4a70b36.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:3472 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BAC252731DE23317B902F30A656C627E --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:428
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CBAC8825A80203CCC474AEEFB84BE25E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CBAC8825A80203CCC474AEEFB84BE25E --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:4864
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=559936D0B6F51147F336FB757BEA3EA5 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3876
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=16EBD753456D14AA69D469FFC37A11BA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=16EBD753456D14AA69D469FFC37A11BA --renderer-client-id=5 --mojo-platform-channel-handle=1892 --allow-no-sandbox-job /prefetch:13⤵PID:2840
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2B96C30FE0ABE0A33F17E3DFBAB1738E --mojo-platform-channel-handle=2672 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1428
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F34165584305CA244409BFB0A9D242E7 --mojo-platform-channel-handle=2400 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1840
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://carls.el.de/2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1932 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbafb146f8,0x7ffbafb14708,0x7ffbafb147183⤵PID:2836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14238968057996937782,7194933645642448510,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:23⤵PID:2824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14238968057996937782,7194933645642448510,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,14238968057996937782,7194933645642448510,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:83⤵PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14238968057996937782,7194933645642448510,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:13⤵PID:4056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14238968057996937782,7194933645642448510,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:13⤵PID:3088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14238968057996937782,7194933645642448510,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:13⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14238968057996937782,7194933645642448510,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:83⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,14238968057996937782,7194933645642448510,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:2580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14238968057996937782,7194933645642448510,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:13⤵PID:5112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14238968057996937782,7194933645642448510,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:13⤵PID:2100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14238968057996937782,7194933645642448510,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:13⤵PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,14238968057996937782,7194933645642448510,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:13⤵PID:968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,14238968057996937782,7194933645642448510,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5344 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:6008
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3956
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4900
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5d7e6ae5e67a7f50ef2a96ea56f6bd480
SHA11675e58ffa5cb65144694a530fab0278bc63c298
SHA256763fb80d2679abeff728d7b4ea69e3d4be2700672496620511ae6c0d85d4507d
SHA5127be70d24fbfb52a53fda3d538aef356d31057b39fc6e58ebb440197cb752f4052ae3556211035c002bf51a152b94eff5bc7fc8e89b1f432b9e82a30085b302d2
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
53KB
MD50e5c2269dbd789a323d53c84f3613f86
SHA16d919cb56d3ff53bcf7f0ef6c551d977de966750
SHA25612adb33840b2c9ed86bfb338ad672fa1f47900159fa351d74d021e73ff333137
SHA51244711fda5cad0ee2b59a2fcc7031eae74ced98cca40d537b62ca2c137d07ead7c00eb649bfd0d50c30099525ed66c9f9ec3704094a863a2b3b1614731025130d
-
Filesize
152B
MD5dc629a750e345390344524fe0ea7dcd7
SHA15f9f00a358caaef0321707c4f6f38d52bd7e0399
SHA25638b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a
SHA5122a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902
-
Filesize
152B
MD5cff358b013d6f9f633bc1587f6f54ffa
SHA16cb7852e096be24695ff1bc213abde42d35bb376
SHA25639205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9
SHA5128831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD502f8ceaa90efbe2f866d61727e3eb721
SHA133abb695eb5f221e519d32a98ae319808ba81d2d
SHA2560af3b4e63fbf8729998d8f139c8a926be6393acbeae5a4c27be5822c57f4ecee
SHA512768a51ff9d48625d13e4a8afce21237ffe78438a1bb88282f85923be7caa9734387d84ff4bed74e1f6c101a592369b630a4161fef1dd669f29e3faff6a1c2196
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
820B
MD5a4fa739e3fe936c24799e83ee5f6ea49
SHA1103b33bd074444637b45762450a755f0d8c9c796
SHA256b8a0aa9cdcebcc2bdeb6d9157384ebe8137e6c4d618f0c0e94252a3728158505
SHA51291a6699237434f147b39c1250c9391cf622fb56b585ee644e082dbb2c3896383c6c5b8553528a2ed355027a40fd7cdcbe78c281c1c1552a97aedac34edc258b4
-
Filesize
6KB
MD572150b3b559b4dc55704c44eef2f7331
SHA1b22fec781298a46e95e8a0a47486fb41f944db4d
SHA256920196e206ef3eaae30bb8b37805945ccba939782084e12f48b4df6cd5370dfe
SHA512e09b8ab81cbf4be5856ff6ad8ec7b75dd8f6a6ff94b382cc886bc85e58e1bd754dbf67f5ae1ef28119fc116c91ee102d7735541452b91fdf86fd3cc07e667500
-
Filesize
6KB
MD5cedbf7be79a687aa1e52a6600543ce9b
SHA13dd6b7e0229e656eee8b55846a827c028b3bfad7
SHA2561d153b42eeb70970c9076efb02f3aed23eb061c5d1ec09308abcfdc4bd6089e8
SHA5127219e4d197be7daa7443bb3b7b9b5e0fc9e4aa2b004eeea700bb1722f300fb3c1d083d5b1716c13df0e2740431fba3113a55ebc23e447dbe2033447de231dda2
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5f7c05dbd3f3f0c837b8784c9f3944f67
SHA1c10fdb1d9a40b8fdf5de46702d5978f444efa60a
SHA256b158a0fdc65fc37ecdee434dc3f0a232700ab8dcca1db891b3be8d5fccf1ee78
SHA512d1155d219e38878102431cba8bf6943790cdd4c42aa911a7904e79f88cc1e1f01994283aac3389afa211e425c2bb049379d45a1825539539daef98942b50f61c