Analysis
-
max time kernel
300s -
max time network
295s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 00:34
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
lumma
https://uncertaintyrestsju.shop/api
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Setup.exepid process 6004 Setup.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
Processes:
Setup.exedescription pid process target process PID 6004 set thread context of 6080 6004 Setup.exe BitLockerToGo.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
msedge.exechrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 2 IoCs
Processes:
msedge.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-2539840389-1261165778-1087677076-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 38 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exeAcroRd32.exechrome.exe7zFM.exepid process 1552 msedge.exe 1552 msedge.exe 4512 msedge.exe 4512 msedge.exe 3592 identity_helper.exe 3592 identity_helper.exe 6380 msedge.exe 6380 msedge.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6488 chrome.exe 6488 chrome.exe 2064 7zFM.exe 2064 7zFM.exe 2064 7zFM.exe 2064 7zFM.exe 2064 7zFM.exe 2064 7zFM.exe 2064 7zFM.exe 2064 7zFM.exe -
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
Processes:
OpenWith.exe7zFM.exe7zFM.exepid process 6472 OpenWith.exe 1688 7zFM.exe 2064 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
Processes:
msedge.exechrome.exepid process 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
7zFM.exe7zFM.exechrome.exedescription pid process Token: SeRestorePrivilege 1688 7zFM.exe Token: 35 1688 7zFM.exe Token: SeRestorePrivilege 2064 7zFM.exe Token: 35 2064 7zFM.exe Token: SeSecurityPrivilege 2064 7zFM.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeSecurityPrivilege 2064 7zFM.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeSecurityPrivilege 2064 7zFM.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe Token: SeCreatePagefilePrivilege 6488 chrome.exe Token: SeShutdownPrivilege 6488 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exepid process 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe -
Suspicious use of SendNotifyMessage 48 IoCs
Processes:
msedge.exechrome.exepid process 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 4512 msedge.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe 6488 chrome.exe -
Suspicious use of SetWindowsHookEx 33 IoCs
Processes:
OpenWith.exeAcroRd32.exepid process 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6472 OpenWith.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe 6584 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4512 wrote to memory of 4352 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 4352 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 2852 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1552 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1552 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe PID 4512 wrote to memory of 1180 4512 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/r648vj1lqagnv/Flash+Usdt1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd711f46f8,0x7ffd711f4708,0x7ffd711f47182⤵PID:4352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:22⤵PID:2852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵PID:1180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:4136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:82⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:2112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:3876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:12⤵PID:3488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:12⤵PID:5160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:12⤵PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:12⤵PID:5292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:12⤵PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:12⤵PID:5848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:12⤵PID:5920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:12⤵PID:5992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6244 /prefetch:82⤵PID:5244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:12⤵PID:5252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:12⤵PID:5716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:12⤵PID:6048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:12⤵PID:6052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:12⤵PID:5300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:12⤵PID:5452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:12⤵PID:5928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:12⤵PID:6236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,6894143232405562746,10075069426332350393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6380
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3004
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2576
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6472 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\SOFTWARE.7z"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6584 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵PID:6752
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B3705B987D6844B9FA04013A535A6137 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:6896
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AF15B69E3A7B7643BB4E1DD9C30C0422 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AF15B69E3A7B7643BB4E1DD9C30C0422 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:14⤵PID:6908
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=50E0E2F5FDDEFA8029DC1B71BFE12765 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:7112
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8A692B36CC329C476E4E35B33839282E --mojo-platform-channel-handle=1856 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:5916
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B6FA2190ACC4AAAC279870B5995BCEC9 --mojo-platform-channel-handle=2532 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:5692
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A0026657B1D97851F852D8162D5DDFD8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A0026657B1D97851F852D8162D5DDFD8 --renderer-client-id=8 --mojo-platform-channel-handle=2384 --allow-no-sandbox-job /prefetch:14⤵PID:5948
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:7088
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1688
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:548
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2064 -
C:\Users\Admin\AppData\Local\Temp\7zO018C0889\Setup.exe"C:\Users\Admin\AppData\Local\Temp\7zO018C0889\Setup.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:6004 -
C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exeC:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe3⤵PID:6080
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO0184667A\benchmark_10M.cmd" "2⤵PID:6208
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO0188F45A\benchmark_1M.cmd" "2⤵PID:5760
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:6488 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0x78,0x128,0x7ffd70c3ab58,0x7ffd70c3ab68,0x7ffd70c3ab782⤵PID:6492
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 --field-trial-handle=1976,i,4456238528859989746,23783110034579337,131072 /prefetch:22⤵PID:4052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1976,i,4456238528859989746,23783110034579337,131072 /prefetch:82⤵PID:3864
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2288 --field-trial-handle=1976,i,4456238528859989746,23783110034579337,131072 /prefetch:82⤵PID:4040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1976,i,4456238528859989746,23783110034579337,131072 /prefetch:12⤵PID:4820
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1976,i,4456238528859989746,23783110034579337,131072 /prefetch:12⤵PID:3328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4356 --field-trial-handle=1976,i,4456238528859989746,23783110034579337,131072 /prefetch:12⤵PID:7112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1976,i,4456238528859989746,23783110034579337,131072 /prefetch:82⤵PID:5300
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1976,i,4456238528859989746,23783110034579337,131072 /prefetch:82⤵PID:6120
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1976,i,4456238528859989746,23783110034579337,131072 /prefetch:82⤵PID:6428
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4296 --field-trial-handle=1976,i,4456238528859989746,23783110034579337,131072 /prefetch:82⤵PID:6760
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:5472
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5990249b54dbde77fcafd3ede441faed7
SHA1a20d3b8b93f411d93f4fec617b34fc67ba5a9728
SHA2567810bce833c7c3938c0d90aefbda7dce5fbee1914f5dcbdd5bbe62e6a415b6aa
SHA51228862000a83739250f8c61131b229450c15d0788c1f079576796dbd1829f100e0c06b339d5b6f71cd5d41a16a74d2a879c9c053cc0862891714e9c249da8a6bf
-
Filesize
1KB
MD5719817624e2acb0f1bb558165ee50431
SHA16991f449fd4e7ec6e39ff1a219b2b792f95dd6d3
SHA2566e9f92ee850d677ae7308794a8874e32c0c82e8271433a0c08106de5b9f0aeed
SHA5125486ae27fd5365719aba9a16dd63a9823262a6d092f6bcdac87106b59f1ec6906c58c2e9eda2b92fa5b3963d6b872723fe47d56c15e80a34077d889936d414f7
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5d4f908825b01eef271f5ccba5606857a
SHA1d2e1c4db872172b381ad49a2d86cf0c457e4ffa0
SHA256d19744d52a84a1551bd2925e24548f58d52ff5228c14e5edac64cbb4fe33228c
SHA51249eac07785b464b4c3d91320e9612acc5880bb33523617e9813b167f28717c01e91bd0d5b469886ab29f04417359fcc73309f4c252e06666ce1e58c9973d81b4
-
Filesize
6KB
MD594dd7ad182a5031c6376722543517e1a
SHA1255874d46716b61fdc293719cfd40d79966eea94
SHA256768c6ab178c4812e72d888b2343d1bccbe2e27b03844bd7770eb08cdaea2e39c
SHA51295581dbc758c3a9b5d460a256ab8ed756f98ecef2667b6d3372b5bccae7567c8ecdf46827869d6c8d4afc57d1ea659814ac330b55df661e522ccd4fca43be72d
-
Filesize
257KB
MD5e152a1d110699a84049f96acbb25f7b1
SHA13a65a56b140e2f61094783b4fe0327a2641632f0
SHA256fb29ed2b8d90fd7762a337d5f43b00b0be01c4274e995689673acdd3dad2f7e9
SHA51208324a7743b1a777a799a4af60599829e71aca20e724017465cc39da5e577a8a399100a37a69ae0ddd0149eca94d47b5f16568d6d483bf3cf2506c1488a02c46
-
Filesize
256KB
MD5d7d489100c59a8e11359e05e587def6a
SHA1e42de12737417290d3bd55285ad6be58d2fe4524
SHA2560e58367636f41139a3d2d988cfa0642f68ca531a2beb21fb6fb996ef1fd91c15
SHA51239b8712bb3bcfb7506fb3f56d12188b021fea8d7a0b78d40051d870cc12ec4c2818ba9acd5c2ba034d1474e36c694a49569c144d4766885721ee918018c988dd
-
Filesize
257KB
MD5e5366b2df99b13c2e2eabe50978ec141
SHA1cb60d7dd143ea3fa0f2ff8495bcbcab910d41099
SHA256e96d3d0e273eaf2ca6a04a8103be1dc497d03a5c8372b5e9b4754f3883ab8b80
SHA512a88feb149b8d2329cdc8a0a136cdaa4e9a168d9f5831e6fce1611d968c1a0f444dc1acd4cce01e0146d2fc553d3f672ad1141911baf6ff870d29aec0a716e541
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
64KB
MD5d84862513956cbe61aeb4ebbfdd3355a
SHA114ab269df17cb0333b1556ce120d587324479f6b
SHA256a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5
SHA512d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD534e555963a2216d0552f35c48d96dd73
SHA108f67f67e8fc1f54365e3f63d93b0e0213b578cb
SHA256acb785d9a879229276c9bc24e50298324157e07b3da57ebbb13f23fb240539bc
SHA5128362eb8548023d9984f5f35eced61b0f167fa24af932abc8daf477880db151cdec22e0fda1068b685b51cc7bf011f05890e2789bae7e93953346cb3f534613c5
-
Filesize
264KB
MD55ce6130c4fefd869964cfa99e5408e54
SHA13282f8f5f2bb56e0f6ed198bea1e0d6ac5ccdbd1
SHA256ce83bcd43cb5b121edd4b87d5a5475054b716152f2720759fc08f689f2ba36cb
SHA5120952b89c9a5bf44eb110d93b3299d91324adcb2645fd50804c6c64725eee3c79d378581c24c2845c0e4fa5dcec3c9d60b17bb0c975b6465331cc507bb317827d
-
Filesize
8KB
MD5b39e1ac4f3173984f28c864a90772234
SHA136c9b53ca161ddc141d077edfbb5292bc5e4f0fc
SHA2564d57a1866da841d98a865e7066c8449fcb9779b6febe3992305557a30ecde4e8
SHA5126ddf45d953349e40cd885b34110a0f2daf612c9cbda2a348c7b644c3e4335b5e2641ee20ed854fc3d82e7167b79213238d02c4f1ed5eaf694dce236410d84432
-
Filesize
9KB
MD5dd63f78319b109522edde4ebe6ba771a
SHA17395083bdcff565666ce017afc12ab2dde651796
SHA2562dc792f880541698b68f24d46bec0eb655fcf0ac18afb10f57d4c1d41798c9ae
SHA5126a20e180440122d4a34cbe603d61c5e8ad8b26c0b2fdbcdf10a355f826fdfeb4fd17e8070a6600c3e6add6678832fbcd2c2168610eae7292c129ae7634f7da65
-
Filesize
12KB
MD5d0ff39e56415ea4e2b8a112ac1a00be7
SHA13a115d025c2fd0872584239a254969fe220ed159
SHA256b27ebd9fe43d9af76e7c3db07c3c55ed57d80943b741b1eb05061bb0b599e6a9
SHA512ab086f7c57de92ec71e241452e878eb1b415957d4937ff66849bfc97d5457eb36b79041308bc955def12d67c2c321a8120b211f47bbddc31b297c1869ad7d93a
-
Filesize
11KB
MD560c96edf40709badee8b380fd98353fe
SHA10c5a66e8db86b048e7a02d7740475416258121da
SHA256ce68179cf390f5c47bd5c928451c01080aebea5d11ad8153c022bef7737071f3
SHA512fd9886e1fd6abc3532968ab71a9889f6d77a5a75c29cc0d9e48a39bf90d50ea6ee1444da9c0a17e9e5887c8f094a11457fbf1e76d849ab63206134d1aa2a67c9
-
Filesize
5KB
MD5baa80028bf7dbf74882f6284d6d3ebf6
SHA18c156f9c7963c14dc26ede090146caf09fad2067
SHA25665046863fd0230d664590ea1024aa1906348d60c09359e0ebd11a133e85e9310
SHA51295ba004ec6a70dee045129d3d33811465fb091cf649257e1a624346b7f7ff7d37da315d3baca36fce668ba8040921bdb0f8d04a1fafab10071527332abcc797f
-
Filesize
7KB
MD507715c7fc37a7070ac78f361b6b623a8
SHA17c8deffb73e1921d48f1110dd929f00d1b9030a1
SHA2568934248f9fa54ff1c6087cb226b06352fecc107472e1b84562786d0932c79d73
SHA512f47877f0a42b33dd4147d98fc2f6b4c131b49d7b72acd9857d5ec5452e69a63f5337a1733d5e0f0bf80ebb058816edf34a5d0855e813a673c892fd7715a4a7b5
-
Filesize
11KB
MD594eb3c49db6e35da9c54693d1bf4ee12
SHA16f7b0a737d5373880d29c05156753531eb7cadff
SHA25665223d63a246d2b4c1c112eaf9a98cffea6bf008d23a2dddb0fb502e8a612f2f
SHA512eed52ff9147cfe76cb1b5f3accd8bc860b57b147b7cf9229f2707c68b8d412829c5b3e027448e97ec3ad26855569721bab4427eb60ad38235980f57b97598b03
-
Filesize
11KB
MD5df6d2cca12d9369cfba7a1aa4587c8f0
SHA1b657a19b7d1b63760b0cd311f0b2f8ff74ba4e7e
SHA2564b3d99bfd8af8e0eb4f288f985aa70a39dbfffdeb3cd821e13bc9e8c3ca752d4
SHA5124f74916932091c0203256e0a6bbc2f247e083105b7f8ddb1c803e958d9d1e303d3b9b67c6a905793479b006e966b79fe1a1cb31fd7d7c3c9bd02da315b88be92
-
Filesize
2KB
MD52af5ada25fac1c4328999192907d578c
SHA19414b022797c0b27b421beaec78c13a02303bd0e
SHA256346f70dc9c13a1f1638fa9786daf84a68a439a393123434008f5191eb9877da0
SHA512f8ae7854006ce9ccbd28c5c8cf6244dbc408bcf3b851e06823f9e05f0c854bde8b551d82b6106efa3544697721bc4b65d322fca7dca36ed80aec3c039f114c00
-
Filesize
1KB
MD5a0dc2cc684dd82d8dbd98b444f881c66
SHA14644e08ad8b8e093e019d181384feef6554b60f9
SHA256e955602fe63ddcb68179dd93d2692450780a97e1f1d18846613ab7e0d15d2487
SHA5126284a3b82201e7cf98324697530edbd7aefa384db7732a79a0a53567e52e02595f93917546ed7f67e323564663055b50bad96bbd6842b9d02d8396fb305e8852
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5e716beeedf7c2ac1ce103c476234f9e1
SHA1a317cfd11d3c1f032cc3cfec3aa37bf786008596
SHA2563197d6915ffd366046f22b60e3f9e5a61f9306bd1c4d5f494aba5da412ab153c
SHA512dd7506981ca1f7a9cba79be7585b7c6b0e5c321d1c1c18d79fa7e4811341e7b0d3b3bf8d41ebc8439135d2951e8d6043b98eca2f1044ec5258dff58ac6dcb62c
-
Filesize
11KB
MD5b2a03ecb5b263e4806270ea6c3c268b6
SHA19173447d013d610648dd916d5c30fa33940625d9
SHA256db6ab02801a0f4cb6db881efd32a20170e82c49282ff0fb9644bc58c7d2958c2
SHA51295a2b0ca994ed19f4a5ce4c349accd30496b44aa918fa8742dbec6e7bcc5a705152e3c82dc254aa647314516c9d7553f1244602ba7a63af9ecba114e44804961
-
Filesize
11KB
MD55782d106c9db222a84cd42e6d985bd23
SHA16b50ffb91be017d16d63441cc4228571e433758d
SHA2560f1eca9775c20e8f5d108b106d4b55057930176c62dfb2b4c88c374ea89f7c97
SHA5125e55469efb74bb4c468b2b3d90e1c4fcd3d7b03432857e8cee115381df076f86da38dd94d3da2f237d066c2d94a6eb37799d3b578579cfdb5067f6703bf5931f
-
Filesize
63B
MD5c5a12b4e3115d0384686245d68400f96
SHA12313696284085d87d03d88d0f4806505e496279f
SHA25666eb93889ff4b7055e4e3a997727797a49a6155cc28fc0c71c0205b14b344bd4
SHA5122b1fcb27501ca5a89b145db1cb9290f36eb3091a6095e6f8d70419f30d602b88c69f82fc923a0ea399b6cd0094541c42627131479293809adcc202a3ca78eba1
-
Filesize
62B
MD51dbce3bcfb6e9414b3e21753f80f78cf
SHA1ae62d26bf936cb608c56368d46120a94d54fac1f
SHA25697dacfaa15f2ff3067258f76329d49a2d6d93746592444b523cd1ef01ed5fffa
SHA5127a26ff7f44cc9968729fe5b43ef203e110a200975982645099a514b3173c953d18ea0fffbf53f68e137a8f5da0e740f2f12308700af81d67120d05710dfd332a
-
Filesize
16.6MB
MD5da7cb7cdd516f1fade81bac3a3f4ead4
SHA1bde5fac38446988df09d35fd5edb25ace028a950
SHA2564402136bface6090c391e9718884524a3182126f4de3483fc04bc5188208bdfc
SHA5128beaf650ab19c1497944ff558ed8d594445ce1c55544160d24c012714c2ab4f306627f676b37402673a98023bf26f0425acaed2b68d4272f39b73b4967a5491f
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e