Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 15:04
Behavioral task
behavioral1
Sample
# personal loan.pdf
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
# personal loan.pdf
Resource
win10v2004-20240426-en
General
-
Target
# personal loan.pdf
-
Size
83KB
-
MD5
dccac01ec23f57cedd298e586bea8082
-
SHA1
13382aba7f9fbc2ae5f80d7e02ffa954af003c83
-
SHA256
6747896b68dfc7d88e687c14969df38294f141e91dd21254dbe0669c256ebd97
-
SHA512
e9300ae85014fb0643d78b31a6dfcbc72e8354216a6413881cf2e983b129632a1cacdba26bb26c7dfdbd1613c8d08c0abf765395ff64a04857d6710c25a9ba52
-
SSDEEP
1536:0tb5whuIEgOZoJrwUactLlzthM4YuZmONmflpNDGx6R7azTzsqPKelBLDx7RyaEo:0tb5+4gMoJrwcJndYuofl760R7/qPJTt
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 30 IoCs
Processes:
AcroRd32.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 3184 msedge.exe 3184 msedge.exe 5416 msedge.exe 5416 msedge.exe 2044 identity_helper.exe 2044 identity_helper.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe 3876 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
AcroRd32.exemsedge.exepid process 2736 AcroRd32.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe 5416 msedge.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe 2736 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 2736 wrote to memory of 3456 2736 AcroRd32.exe RdrCEF.exe PID 2736 wrote to memory of 3456 2736 AcroRd32.exe RdrCEF.exe PID 2736 wrote to memory of 3456 2736 AcroRd32.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 4772 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe PID 3456 wrote to memory of 5824 3456 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\# personal loan.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D6CADB11F7B65FBE535836DC4FAA2AD7 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FA5645FF933826F7BD26F9D93E7097AE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FA5645FF933826F7BD26F9D93E7097AE --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4F0EC68D21DDE218CFAB9FD0A9C32400 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BCE90EE31969F6626637D6BBB69EA845 --mojo-platform-channel-handle=1928 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E14903623A591F919FB5202E3E14C764 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E14903623A591F919FB5202E3E14C764 --renderer-client-id=6 --mojo-platform-channel-handle=2108 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2E8704168BBCE5020278BAD78D80BDC7 --mojo-platform-channel-handle=2668 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://supraoracle.top/97044613/69700485/2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa594046f8,0x7ffa59404708,0x7ffa594047183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12597376004076996885,8934963515540945525,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,12597376004076996885,8934963515540945525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,12597376004076996885,8934963515540945525,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12597376004076996885,8934963515540945525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12597376004076996885,8934963515540945525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12597376004076996885,8934963515540945525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,12597376004076996885,8934963515540945525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,12597376004076996885,8934963515540945525,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12597376004076996885,8934963515540945525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12597376004076996885,8934963515540945525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12597376004076996885,8934963515540945525,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,12597376004076996885,8934963515540945525,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12597376004076996885,8934963515540945525,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5596 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD568d572db8bd2e75155a321f380875a28
SHA1861b8ec3c4e787297da6bc3ca5ae45c50bf0025b
SHA256b69d16fed0a1e362ba9dcaea08f6eb83c4edca760b2e30d25d019de0fe00fec2
SHA5128498c59d1e355d1ffc51b632972b7523495aed3761cd622f1f268459df768b3b7f0eb21d0ab9cd2bbabe9efa249b83c81ac26550b1554937bb1f7f1f3cb3f792
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009Filesize
262KB
MD540e11acc99c1b33d7503eb2787124afa
SHA1f9107e52a5860c70c7da6bc749bdfd5472bbd015
SHA25671dd24e19543efa354c9c5a457d954c77737f382eee80c8c36cd5137afbe7034
SHA512161d675ad0b2c8c2a6d7787ee1e160329731d62e2a7df6e2027e7251ddffae52d965725b085f199932ab257af1fa2b56ebb5199c5c8ffe281d8af8917c0161f3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
552B
MD56b6323c2de0732f3cbd58b6d3e36a71e
SHA1ad927045c46cf40b69b3a75a83fe333ef8d848ee
SHA2566a714519a6cd4be6c7a69cd35185c394f7d46d88d4eabffc1e1282ef45b928cc
SHA512b0f04e5d2c6e75622eb067810a6f5fb59d2fd7628425bf18517258f0baf2587642186d50339dc51460ef28fa02b61226909702f5a01cbe203f975a9e02f70ab8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
552B
MD5471ec6d8cae02c626d8b211e25485b78
SHA18d33dffc5c8097a6efa7698d3e63d74897c2fd56
SHA256ed3098dda5dee59f4fdc8ce898f4a0906d9fbd5622010cb0afc5c65e28fec034
SHA512b4a11c22f2a80d44d7424976555702fec1ac4165313fcfed836bbe54009d8337240496866520197a34fd8d2d78d660b6f982dedae80008633bff1f4e845a62a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5c4950f6102b7f61fbad95752c8bed3a3
SHA17d25c061efd44049c5a7e4d1b84b843002c3af7d
SHA2565da5408969c8333a118879b3b912ffdfa8af92a608378ff3fd34ce8f7130dd47
SHA512f19214139d47bf6d2d7e29b3d79a30b9faf41515fa3bbe1010c039a36593d649f203ce67a7da95dd74aafe34ce905fbc90cc2e8cbea73f7b187a04e71edc45c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD521886d69e9d72909f412173efe027517
SHA1467e2708eebf7eb7862a29f188b89fb9d7b03ce0
SHA25685a7623b39e62eda3ff1997e97aca582cfe911fd40b86c902ad6e315acae2b99
SHA512533344e23998e50370bacabb1e9afca4a058de84386dc856a145dc908694bfa659b31ac5857b06ed39b04ad6c8c9f5809530c4423ab4e3131dcec8d1d8133e72
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b825230a15808deefef532597ae64b49
SHA1e1941c9ce97269b127fd63391e0d350f4c1f5feb
SHA256df5d7a744c72c3e9b658a7f482391589739e1a51d63da7efc6896226130e34ee
SHA512b76e61425adbf95f94bc50a670c6cf01fe66dad74141a9035b023a13a710a721a3c5a6fc94179908a52c9336c24677c81d0ee9b6eeabcebd72ea05b6a8d9fce6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5edd89a0c4b74472d17535697f653d532
SHA19801b2c7c2bf1e1c082bbe9604f000cac2c6c0b0
SHA256d8f48f773bd2b8f90b65c7a60fca5e5d5bf95e384622d179e2a14b92f242ad3b
SHA512f26fd86672bb3aa824efe3875434745b7ecc60f6a99f181306010f2953c01dbd8d419c49b35321f315555f9fe47929c6aff9a714a72d6ffa5b22797ec77bbc5e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5046de50c03e3a5c42b0c87219fe2fd7e
SHA1ac503adf55ba8f8ae95193d5e34266990f15f62e
SHA256f6ab4987c6cb8ca227fcce383808c2520a0fde787adfe0636a1685691980b0e2
SHA5122fbd8179c8f17eee8469692e02e31f81782ea13a61886e4d6e6848e5e62127907d26be203d7ab00203cd8d0e05241f8ca26eb5318e6c58c16ed4ca0b20fea99a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD578dc311c8b0453d3bff213ea9e0d375d
SHA17f1d961276aea132fdf59b4a3685ed5922238664
SHA256d6ce963e7949bdfbd187f89d51bc85332f7113b729f36c1686a761a4ca63ce3b
SHA51208a787b0e33dd37fa962490314ced94195992d7c3d2b220252f25d336b64dd30760cd9b1e2bec7b0d67bb101930bdd166bd178c83f9c1c45443ac315702c0d51
-
\??\pipe\LOCAL\crashpad_5416_WQEICTVCZAMJJBJFMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e