Analysis
-
max time kernel
148s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
04-05-2024 01:23
Behavioral task
behavioral1
Sample
Volvo_Distribution_notice.pdf
Resource
win7-20240221-en
General
-
Target
Volvo_Distribution_notice.pdf
-
Size
43KB
-
MD5
3b42048dec68b9b0ee00d421b7a4ef3d
-
SHA1
989d72b7388bcbda729e9235e7f004815afe3a73
-
SHA256
e9b0a63bba1373fda64862b5fb883d05a077075b497e4ef1db08300d5430f5ad
-
SHA512
4c926ec919b292088770f3a1e2160f486e1d13ca01c7c26fe98f324298ee293042c7469ad60167598f281c219cef69bcf6df28cb1d9438704ad5d8a9eb2f9199
-
SSDEEP
768:jEPqKWFOnz7YFUJexce32AzsdUqvgVS0F1fttymTnVwRhYSAcRNtDObpskS/nLdj:uqJFk7lJ22OqolymhOh8c1Dk8/LcGRdj
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 26 IoCs
pid Process 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 5668 msedge.exe 5668 msedge.exe 4988 msedge.exe 4988 msedge.exe 736 identity_helper.exe 736 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
pid Process 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1524 AcroRd32.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe 4988 msedge.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe 1524 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1524 wrote to memory of 4908 1524 AcroRd32.exe 92 PID 1524 wrote to memory of 4908 1524 AcroRd32.exe 92 PID 1524 wrote to memory of 4908 1524 AcroRd32.exe 92 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 5820 4908 RdrCEF.exe 93 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94 PID 4908 wrote to memory of 4924 4908 RdrCEF.exe 94
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Volvo_Distribution_notice.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1524 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:4908 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=351AEC16C731BB70DF743D42FAF16E73 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:5820
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5871F4571E204C00B4CC25B0C73F5F0E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5871F4571E204C00B4CC25B0C73F5F0E --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:4924
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=72752E297607220E8BECA7BC812F1E55 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:5676
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CA6D43CF7D5EC179D6286CFA4F004835 --mojo-platform-channel-handle=2416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1552
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=99014A1EF525676167F2093D16194627 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=99014A1EF525676167F2093D16194627 --renderer-client-id=6 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:13⤵PID:368
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AE9634E6B3C6E7965485E296A012F0E2 --mojo-platform-channel-handle=1824 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:5300
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://down2earthincs.us17.list-manage.com/track/click?u=a6722c149df2e70d2e90b77d5&id=0c16d919d5&e=627038960f//#/?//YW5uZS5tYXJ0ZW5zQHZvbHZvLmNvbQ==2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4988 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa112346f8,0x7ffa11234708,0x7ffa112347183⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:23⤵PID:4208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:5668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:83⤵PID:5620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:13⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:13⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:13⤵PID:5256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:13⤵PID:5220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:13⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:13⤵PID:4092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:83⤵PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:13⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:13⤵PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:13⤵PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:13⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:13⤵PID:5360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:13⤵PID:1680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4680 /prefetch:83⤵PID:460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:13⤵PID:3924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:13⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:13⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:13⤵PID:640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8535913006772436360,9728990960836525943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:13⤵PID:2748
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5348
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5b739d83c60bdd46ebb3eca29830ee78a
SHA13f65b999687581d5b9c05dddda5d3842a4351e84
SHA256612f81eb46c7a83947370887c3dbee7c898ce160aa9e8f58afa8fa332c148b29
SHA512b23654f8360830eec8ebea5fcf4ad0b3735280140aae861d89136d3961fe757945d7569629fa1ddc31e8969fe730f1adababd93c279d5ff93a9a676b1dac26cf
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize471B
MD55a1b7dc69422517f419c1d346f0e8ca7
SHA1176b927a09c0a65a73eef2250773ea6fe87ca092
SHA25654a22bcde4bb6d75f00df67ae39634046a30e9787a1c28b2c0d6363b85b27028
SHA5127e28633267fa355bb62660f354ca2cd9f5ab9bd56f952cf4d230121182f62dd5c3939dd92902b06609f1058f7ed7b050bff07355840df9433b3efff14814719c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize400B
MD5391edfcfdbb6569fbf97b31ac8298680
SHA1459a026ce8498474f4009e656befe65d4f8bab59
SHA256a2e755e883692c46d9c202440a8168e0936e5153cade909b615ee27d3f3531d0
SHA5120d65609e0f0695da99b7e8c27c62947fed5433a6663347ab5a233819fac4bef2c28b769db67e1dd2c9d2594edb1186eb2ba4b11358664f42c2d4eb8889162599
-
Filesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD52fb5f75a51af91020fab0268626c5f75
SHA1b9127cb9227521ce8f740354d3641c3f92401fd6
SHA25607226fca35c783ca0e68646e2530a65fe28367304ed494608868c711b582bca6
SHA512288f5fc8eb4bfbb3ca99f0062f2e38d3a6a7fdc50069a5cc4d9d447bd9022290eace84ba6906ae9ab464b24ca006f8d03fa8714782f858516152a024a466edb3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD56a56b810cc47c032717375b1d5cc8f67
SHA1e5e3c0b1e101f3ac70156de9e638b85d480936ac
SHA256bb7500f6751cc6d5eb6d7f397cc9079f8fe68329f7c5c7173b505ddca71da298
SHA5122b5d39af8922938fa09a434d4d1a9b97e17f9ceafa80848627f5cfb13900e2f51bac78f8730a102654b90018fc609b1a70f37e1e82da3078d3c6fa2abc529e0c
-
Filesize
1KB
MD5d131bc0e159c2642fd9cf73847983142
SHA125fa006f93d88d8c4a1406c28e02f122f45f9baa
SHA2562e69ca556d00db3c2eaa66faeae26dc9c7884bda739188f6740e4cfc4e4ebaa1
SHA512d49809f64e787e32fce7a2e3bc2065c8c555c928b4e7dc55e058bb5d60b7a823bfeee3021c698c0c1c5fad2c8cead3d3e21f68f04108aeb8bf2a110b6df15dcd
-
Filesize
5KB
MD5559b267bee2fef0b0bf0066bb9d697fd
SHA1a1e81f182ae8e37a5c1220d61055ea5776f820e6
SHA2566265a3ad05dea06ad654373e7215d578665a0582de73223137dd70dfef022010
SHA51244cd0a5083a347899695b21827b00706ead90ef8ee5aa7119f5368c0b4e627795fd987b36cd9cc136e275accdd026e09cff8602b8932c8f6516b4fc14aec3f74
-
Filesize
7KB
MD5689cdfafbddcd0ed71c8757744801ea1
SHA1394c533fca79cdb068a0ece01bea63ba177725c4
SHA25603e1f27af366d7734276942112c02a5163e0c9ed1d93a63b20453355908ba120
SHA512e45a2431b79c831908edc66943ba6b455e9c475b07cc6264b6bf8c094aacb9634c730e1271331ac9afcc84f6450ffcaa9a47309f7715a4f57e20674b5c09288a
-
Filesize
6KB
MD5008014a83ce0c0e446c9f550e0d5a9f2
SHA1c3859a4e663dbe38c823315d0ee91324942eff6e
SHA256b144e93e41c378651fa1ccca764eca34d7425e9b508afe29e8f1453ceaa3b6f3
SHA51292c8dc7394dd54579c80fc15342121188049b04f4fd443cbea06744c2f5f815f607a0c75f5960e9eec31e1e31da94b603fd1dc9d7e7a1c7d64e159cc772b1dd5
-
Filesize
7KB
MD5dca5c6cb9f7de56ffd8136132db9f240
SHA1bfc02741d4c976b6a6ccfae88590e6b98d9bb20d
SHA2564c7d924a5a4daa41a222acf3f88d5bb30f069ef8af78f421bdb272c4456a7b5d
SHA5121dd6413d334cd6a91ad67401bee330a29412194fe20f0e230217ec565428c27d112289b26df32a126b56d79c0b8f564e33296b97be303b59de8072a033d001be
-
Filesize
1KB
MD57aa03fe20b91958e07ca6b864be7f622
SHA1723e38863f34c141c0074e04ac9a241a7ac12689
SHA25604bc8e3da62d2f83d50f7160f8d019994d70c1a25b7113022378478e92ec73b3
SHA5127855b7de779b2e188d004d2e9659a72cc89c6466cbbcc08edc3f9f907d0599783de75b67e71e997475b6407404fd25ce43ab57155277f1ac9a90116fb0a3fd0d
-
Filesize
873B
MD52e20827309b5038c06361e6c8f7d505d
SHA1f305d67543d3648c9b3bd9867d780e330745dc04
SHA2566fabc945da958b1496d8b3eebd9c89b0e69953978cd609b41a05d6a8c712e61b
SHA512a5a00106b719dc0dca751837d6039dbbc8afb5644607759828e4cada0ee6288a26c1e79334e2f389e9806c9d380c6c46cce012f18b97d3e9fd89e6a78f9512c3
-
Filesize
706B
MD52a6ce7553f60d649e92a792fb6f95794
SHA1db200cb68acbf41798bf0afaf3658548fb925c61
SHA256332d7d8fccbbc5777cc5e79de4aa5ff39d547f1da6c80f287c9fe49393d971c4
SHA5123d918d7a4b0cb84dccad463aec8f7c049754efde6b4050440524fc6813835d9809cd6473a037653ace89cd562f19b22b4947301409261c6c68312125c52e782b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD56d8382ee05f4021679d31325fcf23438
SHA14952f244b041296a1ad4117184d9350af19864cc
SHA2567c2b617a3cc2796b95855f07097f8c3abef35cce2465c47323843ae6240eeb7e
SHA51273d67c07733dab167dfb13be0ffc381ef2e26cb57cc5d1f5adef4778d9f3d941a41e39e0e6ed0d49812762273ae675a2544df3db588f43267fb4b6bdb4b0b2d5