Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
03-05-2024 20:14
Behavioral task
behavioral1
Sample
Volvo_Distribution_notice.pdf
Resource
win7-20240221-en
General
-
Target
Volvo_Distribution_notice.pdf
-
Size
43KB
-
MD5
3b42048dec68b9b0ee00d421b7a4ef3d
-
SHA1
989d72b7388bcbda729e9235e7f004815afe3a73
-
SHA256
e9b0a63bba1373fda64862b5fb883d05a077075b497e4ef1db08300d5430f5ad
-
SHA512
4c926ec919b292088770f3a1e2160f486e1d13ca01c7c26fe98f324298ee293042c7469ad60167598f281c219cef69bcf6df28cb1d9438704ad5d8a9eb2f9199
-
SSDEEP
768:jEPqKWFOnz7YFUJexce32AzsdUqvgVS0F1fttymTnVwRhYSAcRNtDObpskS/nLdj:uqJFk7lJ22OqolymhOh8c1Dk8/LcGRdj
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2818691465-3043947619-2475182763-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 26 IoCs
pid Process 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 3376 msedge.exe 3376 msedge.exe 4048 msedge.exe 4048 msedge.exe 5136 identity_helper.exe 5136 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 772 AcroRd32.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe 4048 msedge.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe 772 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 772 wrote to memory of 4652 772 AcroRd32.exe 95 PID 772 wrote to memory of 4652 772 AcroRd32.exe 95 PID 772 wrote to memory of 4652 772 AcroRd32.exe 95 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3188 4652 RdrCEF.exe 96 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97 PID 4652 wrote to memory of 3944 4652 RdrCEF.exe 97
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Volvo_Distribution_notice.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:772 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:4652 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F265618E807FA8BA362A4F25E3796C15 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3188
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A2ADA72BDF439BB33E054AAA8086B523 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A2ADA72BDF439BB33E054AAA8086B523 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:3944
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=269B7FED57F525E0B433198772FE4D75 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3564
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B956BA54107042E67C045CF6EFD1DCE7 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4588
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=140B49ADAE5B1D9A5200F05392C2B108 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=140B49ADAE5B1D9A5200F05392C2B108 --renderer-client-id=6 --mojo-platform-channel-handle=2456 --allow-no-sandbox-job /prefetch:13⤵PID:3760
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=23BE5F144791987ED86B63494DDA4703 --mojo-platform-channel-handle=1936 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:116
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://down2earthincs.us17.list-manage.com/track/click?u=a6722c149df2e70d2e90b77d5&id=0c16d919d5&e=627038960f//#/?//YW5uZS5tYXJ0ZW5zQHZvbHZvLmNvbQ==2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4048 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe30e046f8,0x7ffe30e04708,0x7ffe30e047183⤵PID:404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:23⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:83⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:13⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:13⤵PID:2248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:13⤵PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:13⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:13⤵PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:13⤵PID:1776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:83⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:5136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:13⤵PID:5232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:13⤵PID:5240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:13⤵PID:5452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:13⤵PID:5460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:13⤵PID:5636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1626100003129123435,8998726852279404595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:13⤵PID:5836
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4976
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5cd061944c3e9f3d68d442bfbe626c482
SHA19a66c6fbd9a565c5eb5e27ea0b82c44660ba3763
SHA256814d89d320072433b569fb45b06624e98c68e0e18bbff9d55670db916d69edd0
SHA51229deeb85153db5e2fca61a5a733c269d11273772ec091a9fccb7d5bc494a7d85035119d58b99504c9632de2ff8e960c3bd85c5a4c8be2ec55555fede9ba50fac
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize471B
MD55a1b7dc69422517f419c1d346f0e8ca7
SHA1176b927a09c0a65a73eef2250773ea6fe87ca092
SHA25654a22bcde4bb6d75f00df67ae39634046a30e9787a1c28b2c0d6363b85b27028
SHA5127e28633267fa355bb62660f354ca2cd9f5ab9bd56f952cf4d230121182f62dd5c3939dd92902b06609f1058f7ed7b050bff07355840df9433b3efff14814719c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize400B
MD5ad3c31726aae9b6578f720d192165ce3
SHA191365bacee18892db53d745cc0e19e27963e5e73
SHA256f6f989b21d10cdb419e30ac7eab8f18a14dd427ebf3651eb67918df9d21f3471
SHA512ac2b7cf4b6821ac5b7c25b00f9a3f9db7fc85ff1ef7ab060f315cc9e68fb0fb249e1c53ab7ff903cbc01c46b2fe835fdc4d73d7f9c5f0b3df2a6f21eeb05b790
-
Filesize
152B
MD5919c29d42fb6034fee2f5de14d573c63
SHA124a2e1042347b3853344157239bde3ed699047a8
SHA25617cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141
SHA512bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d
-
Filesize
152B
MD58b2290ca03b4ca5fe52d82550c7e7d69
SHA120583a7851a906444204ce8ba4fa51153e6cd494
SHA256f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2
SHA512704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d
-
Filesize
6KB
MD58abbbec80c29c5adbd2c7ab3e143ba91
SHA1ebd17cd45df247fa35b9d4ae2c5e161f17b8d5dd
SHA25618b67ba24925b4aa17a0976dd341c3c9b518c5b96820d590ac5da6c0d2ac071e
SHA512ea7212aba0427eb2b9c8b19f9fc928a00cb9328093f42eba644e7bf5c76a7dbd333cbe8ccdaa5d3fca5f9375b29fba99d97880a54c9d576355c504aed8d01deb
-
Filesize
7KB
MD541828e5fb2a0f254d943ee06b6390139
SHA10bdb193082fb87d157ce19a0c9c86a1011c28de8
SHA2568ad23751fa160e4737f840a32c4de7e49f483720f89c7d99de12788fc9fa4d94
SHA512ecf34b7ee5484fbc1b2988f0dcd2c001ef493e28a81780def3dae4e50d00b43fe65fce2f55cc1f7e2d130870323321eb69de19dcdf7588f16d8868c4705912cd
-
Filesize
5KB
MD56fb2ecae97d35f8eecfa9150f74027bb
SHA15591c7da7e0850ee18b33d61853ff1eaa23cafa7
SHA25629ce4d3f6e3f185454f39b41abcc0aa941d8fa48879f5be05d1e362c3c46f5d6
SHA512a3240b806c2b81a329733c8c724ae28b3c771e99c8afa8b18699526a3f4f4abde997957af179d423e4bbc529c754a4af68fa08f42d058062b5ba718d5252ebb1
-
Filesize
1KB
MD5df34f133864a442f3781949e5e0d07f6
SHA14587fd33e3a3c354fe7fef1eb47e993d643146fb
SHA2566f54926539f118f509d4d3af478437f086652e97ff978e4b3047402c9552e61f
SHA5120859b6e49a78d4e90c62642a2e8c81ea73702587b1cbd045b15623f18fe3b8c6a131c647683ce3bb9569d594e461e50c7d828dae941489d19364eb8d66eedef8
-
Filesize
706B
MD5a7921fca7bce285a4795c47886bc191d
SHA108ce0fea9ea6e0eadfc85bd2d8212603a1b99754
SHA256df220d392fe4d0e56ccb86a09fded745a53b1750907e061296cea1a08e2ea1c9
SHA512791bbddeb4df9ea146cf0db2fab4d652a4d7d9a51134a5f63dce36bff48a71d7ee19fb70c3b94817e1aff6669f5900a326394447a376f5fde7c08a5323eea4ac
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53321d63647174e90d73fb75134c72407
SHA1615bf39e933dcc5787dd7abfc318ad11c11f9bee
SHA2568d729db293b8cf8c19e6c95a2de79ed128b31c912d12a433340c6c9a0a4754e3
SHA512c21fb7f36b481a17302453c8ba033227305186df10ddf2ad12ea0e54ea1998ed8f1bbfcf3d7b534804717fe876dc8ccdb0bbf7e21f1280ec6edd6b254d6b5169