Analysis Overview
Threat Level: Known bad
The file https://tria.ge/240408-yqhtcsad26 was found to be: Known bad.
Malicious Activity Summary
Remcos
Suspicious use of NtCreateThreadExHideFromDebugger
Enumerates system info in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 20:17
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 20:17
Reported
2024-04-08 20:20
Platform
win10v2004-20240319-en
Max time kernel
153s
Max time network
158s
Command Line
Signatures
Remcos
Suspicious use of NtCreateThreadExHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Maryann 2023 Tax Organizer\Maryann 2023 Tax Organizer\Maryann TAX Organizer.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-817259280-2658881748-983986378-1000\{C684AAD2-96FC-43C5-B5AF-704AF4D8DBE7} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tria.ge/240408-yqhtcsad26
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4756 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5416 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5752 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5924 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4784 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3980 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6108 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5632 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6244 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5636 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=5264 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=6120 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=6080 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6828 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6636 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=7048 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7232 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7228 --field-trial-handle=2244,i,11986678581565715302,451159359636456336,262144 --variations-seed-version /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.129 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.92 --initial-client-data=0x238,0x23c,0x240,0x234,0x2a8,0x7ff899ca5fd8,0x7ff899ca5fe4,0x7ff899ca5ff0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2272 --field-trial-handle=2276,i,3953723225297659701,8487835554735741754,262144 --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3280 --field-trial-handle=2276,i,3953723225297659701,8487835554735741754,262144 --variations-seed-version /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3544 --field-trial-handle=2276,i,3953723225297659701,8487835554735741754,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4444 --field-trial-handle=2276,i,3953723225297659701,8487835554735741754,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4444 --field-trial-handle=2276,i,3953723225297659701,8487835554735741754,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4536 --field-trial-handle=2276,i,3953723225297659701,8487835554735741754,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4652 --field-trial-handle=2276,i,3953723225297659701,8487835554735741754,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3436 --field-trial-handle=2276,i,3953723225297659701,8487835554735741754,262144 --variations-seed-version /prefetch:8
C:\Users\Admin\Downloads\Maryann 2023 Tax Organizer\Maryann 2023 Tax Organizer\Maryann TAX Organizer.exe
"C:\Users\Admin\Downloads\Maryann 2023 Tax Organizer\Maryann 2023 Tax Organizer\Maryann TAX Organizer.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*Chrome" /t REG_SZ /d "rundll32.exe C:\Users\Admin\AppData\Roaming\VIVA_01.dll",EntryPoint /f & exit
C:\Users\Admin\Downloads\Maryann 2023 Tax Organizer\Maryann 2023 Tax Organizer\Maryann TAX Organizer.exe
"C:\Users\Admin\Downloads\Maryann 2023 Tax Organizer\Maryann 2023 Tax Organizer\Maryann TAX Organizer.exe"
C:\Windows\SysWOW64\reg.exe
reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*Chrome" /t REG_SZ /d "rundll32.exe C:\Users\Admin\AppData\Roaming\VIVA_01.dll",EntryPoint /f
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | tria.ge | udp |
| US | 8.8.8.8:53 | tria.ge | udp |
| US | 8.8.8.8:53 | tria.ge | udp |
| NL | 154.61.71.12:443 | tria.ge | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| NL | 154.61.71.12:443 | tria.ge | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.140.242.104:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 104.91.71.133:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| NL | 72.246.173.187:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | 12.71.61.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.1.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.242.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | telem-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | telem-edge.smartscreen.microsoft.com | tcp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 187.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 11.2.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 216.58.204.74:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | acrobat.adobe.com | udp |
| US | 8.8.8.8:53 | acrobat.adobe.com | udp |
| US | 8.8.8.8:53 | acrobat.adobe.com | udp |
| NL | 23.62.61.97:443 | acrobat.adobe.com | tcp |
| NL | 23.62.61.97:443 | acrobat.adobe.com | tcp |
| US | 8.8.8.8:53 | adobeid-na1.services.adobe.com | udp |
| US | 8.8.8.8:53 | adobeid-na1.services.adobe.com | udp |
| US | 8.8.8.8:53 | adobe.tt.omtrdc.net | udp |
| US | 8.8.8.8:53 | adobe.tt.omtrdc.net | udp |
| NL | 23.62.61.97:443 | acrobat.adobe.com | tcp |
| US | 8.8.8.8:53 | wwwimages2.adobe.com | udp |
| US | 8.8.8.8:53 | wwwimages2.adobe.com | udp |
| US | 104.18.32.195:443 | adobeid-na1.services.adobe.com | tcp |
| US | 8.8.8.8:53 | www.adobe.com | udp |
| US | 8.8.8.8:53 | www.adobe.com | udp |
| US | 8.8.8.8:53 | widget.uservoice.com | udp |
| US | 8.8.8.8:53 | widget.uservoice.com | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| IE | 66.235.152.156:443 | adobe.tt.omtrdc.net | tcp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 8.8.8.8:53 | use.typekit.net | udp |
| US | 8.8.8.8:53 | send-asr.acrobat.com | udp |
| US | 8.8.8.8:53 | send-asr.acrobat.com | udp |
| US | 8.8.8.8:53 | static.adobelogin.com | udp |
| US | 8.8.8.8:53 | static.adobelogin.com | udp |
| US | 8.8.8.8:53 | auth.services.adobe.com | udp |
| US | 8.8.8.8:53 | auth.services.adobe.com | udp |
| US | 8.8.8.8:53 | sstats.adobe.com | udp |
| US | 8.8.8.8:53 | sstats.adobe.com | udp |
| US | 8.8.8.8:53 | prod.adobeccstatic.com | udp |
| US | 8.8.8.8:53 | prod.adobeccstatic.com | udp |
| US | 8.8.8.8:53 | pdfnow.adobe.io | udp |
| US | 8.8.8.8:53 | pdfnow.adobe.io | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| US | 8.8.8.8:53 | p.typekit.net | udp |
| IE | 52.213.110.235:443 | send-asr.acrobat.com | tcp |
| US | 172.64.155.179:443 | auth.services.adobe.com | tcp |
| US | 8.8.8.8:53 | p13n.adobe.io | udp |
| US | 8.8.8.8:53 | p13n.adobe.io | udp |
| US | 8.8.8.8:53 | notify.adobe.io | udp |
| US | 8.8.8.8:53 | notify.adobe.io | udp |
| US | 8.8.8.8:53 | l.betrad.com | udp |
| US | 8.8.8.8:53 | l.betrad.com | udp |
| US | 8.8.8.8:53 | ims-na1.adobelogin.com | udp |
| US | 8.8.8.8:53 | ims-na1.adobelogin.com | udp |
| US | 8.8.8.8:53 | files-download2.acrocomcontent.com | udp |
| US | 8.8.8.8:53 | files-download2.acrocomcontent.com | udp |
| US | 8.8.8.8:53 | dc-api-v2.adobecontent.io | udp |
| US | 8.8.8.8:53 | dc-api-v2.adobecontent.io | udp |
| US | 8.8.8.8:53 | dc-api.adobecontent.io | udp |
| US | 8.8.8.8:53 | dc-api.adobecontent.io | udp |
| US | 8.8.8.8:53 | dc-api.adobe.io | udp |
| US | 8.8.8.8:53 | dc-api.adobe.io | udp |
| US | 8.8.8.8:53 | ccx-courier.adobe.io | udp |
| US | 8.8.8.8:53 | ccx-courier.adobe.io | udp |
| US | 8.8.8.8:53 | cc-api-data.adobe.io | udp |
| US | 8.8.8.8:53 | cc-api-data.adobe.io | udp |
| US | 8.8.8.8:53 | c.evidon.com | udp |
| US | 8.8.8.8:53 | c.evidon.com | udp |
| US | 8.8.8.8:53 | by2.uservoice.com | udp |
| US | 8.8.8.8:53 | by2.uservoice.com | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| US | 8.8.8.8:53 | api.echosign.com | udp |
| US | 8.8.8.8:53 | api.echosign.com | udp |
| US | 8.8.8.8:53 | ans.oobesaas.adobe.com | udp |
| US | 8.8.8.8:53 | ans.oobesaas.adobe.com | udp |
| US | 8.8.8.8:53 | cdn-sharing.adobecc.com | udp |
| US | 8.8.8.8:53 | cdn-sharing.adobecc.com | udp |
| US | 8.8.8.8:53 | files.acrobat.com | udp |
| US | 8.8.8.8:53 | files.acrobat.com | udp |
| US | 8.8.8.8:53 | adobesearch.adobe.io | udp |
| US | 8.8.8.8:53 | adobesearch.adobe.io | udp |
| NL | 23.63.101.163:443 | wwwimages2.adobe.com | tcp |
| GB | 104.91.71.78:443 | use.typekit.net | tcp |
| GB | 3.162.20.118:443 | static.adobelogin.com | tcp |
| IE | 66.235.152.225:443 | sstats.adobe.com | tcp |
| GB | 3.162.20.106:443 | prod.adobeccstatic.com | tcp |
| US | 44.198.154.229:443 | dc-api.adobecontent.io | tcp |
| GB | 104.91.71.80:443 | p.typekit.net | tcp |
| US | 34.237.241.83:443 | p13n.adobe.io | tcp |
| US | 3.233.129.217:443 | notify.adobe.io | tcp |
| IE | 34.250.85.196:443 | ims-na1.adobelogin.com | tcp |
| IE | 52.16.247.220:443 | dc-api-v2.adobecontent.io | tcp |
| US | 34.199.101.34:443 | dc-api.adobecontent.io | tcp |
| US | 3.230.130.186:443 | files.acrobat.com | tcp |
| IE | 52.48.126.58:443 | cc-api-data.adobe.io | tcp |
| GB | 23.37.1.19:443 | assets.adobedtm.com | tcp |
| US | 52.71.63.230:443 | api.echosign.com | tcp |
| US | 54.204.130.223:443 | ans.oobesaas.adobe.com | tcp |
| US | 151.101.1.138:443 | cdn-sharing.adobecc.com | tcp |
| US | 34.197.224.31:443 | files.acrobat.com | tcp |
| IE | 52.31.218.129:443 | adobesearch.adobe.io | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 104.18.32.195:443 | adobeid-na1.services.adobe.com | tcp |
| US | 3.230.130.186:443 | files.acrobat.com | tcp |
| US | 3.230.130.186:443 | files.acrobat.com | tcp |
| US | 3.230.130.186:443 | files.acrobat.com | tcp |
| US | 3.230.130.186:443 | files.acrobat.com | tcp |
| US | 3.230.130.186:443 | files.acrobat.com | tcp |
| US | 8.8.8.8:53 | 195.32.18.104.in-addr.arpa | udp |
| GB | 104.91.71.78:443 | use.typekit.net | tcp |
| GB | 3.162.20.106:443 | prod.adobeccstatic.com | tcp |
| GB | 3.162.20.106:443 | prod.adobeccstatic.com | tcp |
| BE | 23.14.90.89:443 | www.adobe.com | tcp |
| BE | 23.14.90.89:443 | www.adobe.com | tcp |
| US | 8.8.8.8:53 | 156.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.110.213.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.20.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.152.235.66.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.85.250.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.247.16.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.71.91.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.126.48.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.1.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.218.31.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.154.198.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.241.237.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.129.233.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.130.204.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 230.63.71.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.101.199.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.130.230.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.224.197.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geo2.adobe.com | udp |
| US | 8.8.8.8:53 | geo2.adobe.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| GB | 23.37.0.169:443 | geo2.adobe.com | tcp |
| GB | 23.37.1.19:443 | assets.adobedtm.com | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| GB | 104.91.71.80:443 | p.typekit.net | tcp |
| US | 8.8.8.8:53 | 89.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| IE | 52.214.218.223:443 | dpm.demdex.net | tcp |
| IE | 52.48.126.58:443 | cc-api-data.adobe.io | tcp |
| IE | 52.48.126.58:443 | cc-api-data.adobe.io | tcp |
| US | 8.8.8.8:53 | client.messaging.adobe.com | udp |
| US | 8.8.8.8:53 | client.messaging.adobe.com | udp |
| NL | 23.63.101.163:443 | wwwimages2.adobe.com | tcp |
| NL | 23.63.101.163:443 | wwwimages2.adobe.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.17.30.92:443 | by2.uservoice.com | tcp |
| US | 8.8.8.8:53 | adobemobiledev.demdex.net | udp |
| US | 8.8.8.8:53 | adobemobiledev.demdex.net | udp |
| US | 8.8.8.8:53 | adobemobiledev.demdex.net | udp |
| US | 8.8.8.8:53 | acrobat.adobe.com | udp |
| IE | 52.48.126.58:443 | cc-api-data.adobe.io | tcp |
| GB | 54.230.10.25:443 | client.messaging.adobe.com | tcp |
| GB | 54.230.10.25:443 | client.messaging.adobe.com | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| IE | 52.212.88.72:443 | adobemobiledev.demdex.net | tcp |
| US | 8.8.8.8:53 | cm.everesttech.net | udp |
| US | 8.8.8.8:53 | cm.everesttech.net | udp |
| IE | 66.235.152.225:443 | sstats.adobe.com | tcp |
| IE | 52.48.126.58:443 | cc-api-data.adobe.io | tcp |
| IE | 66.235.152.156:443 | sstats.adobe.com | tcp |
| IE | 52.19.209.129:443 | cm.everesttech.net | tcp |
| GB | 54.230.10.25:443 | client.messaging.adobe.com | tcp |
| US | 8.8.8.8:53 | 52.177.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.0.37.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 223.218.214.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | server.messaging.adobe.com | udp |
| US | 8.8.8.8:53 | server.messaging.adobe.com | udp |
| US | 34.233.40.195:443 | server.messaging.adobe.com | tcp |
| US | 104.19.177.52:443 | cdn.cookielaw.org | tcp |
| US | 34.233.40.195:443 | server.messaging.adobe.com | tcp |
| US | 8.8.8.8:53 | 92.30.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.88.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.209.19.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.40.233.34.in-addr.arpa | udp |
| IE | 52.213.110.235:443 | send-asr.acrobat.com | tcp |
| IE | 52.213.110.235:443 | send-asr.acrobat.com | tcp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| NL | 23.62.61.72:443 | c.evidon.com | udp |
| US | 8.8.8.8:53 | 249.197.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ogbatobanana.duckdns.org | udp |
| RS | 45.89.55.76:4047 | ogbatobanana.duckdns.org | tcp |
| US | 8.8.8.8:53 | 76.55.89.45.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6c31327026c1e9a2f5134f961be9e9e9 |
| SHA1 | 76231710cc5510da38fe2583626ea571bcab9543 |
| SHA256 | 4461f6b7fd5a45fa5e32e1c71df6a2b2f39ae653a37d6741a5c9ecc4b3fde334 |
| SHA512 | e6f747f926a242517152235662aec2f3601917a99216b1137320a395a1c2a5ad0fe6df70e9cf54def42b954fa008bec3397a5099d77f3a4cc6a5c3ba8bd919f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9b74dad242c26fe0ff5691e723d7c333 |
| SHA1 | 70f7157039eab1cf093c4c45ba579b8cc47e8943 |
| SHA256 | 4aef7d420f50b09116cafc7039898eeb90d0c9ffabffe7f1b2c140c0de4bedde |
| SHA512 | 2a38fc41a7e8ccb7e047171876a3baa9ed394dcd3e3f26a226262ca9f53d97ef8461ea7a19ff19d17e5eca5d6850c44c9a4000060ec1ab230454a2a6fe08f7ff |
\??\pipe\crashpad_4796_OLOWSTKZRPRFJQNW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6bf1d221eebe4717b03e5a5bd15f3061 |
| SHA1 | f71db0d5cdd960100cb5e6dbfc4f4aace09632c2 |
| SHA256 | f5450f6dc23e11923e7831ce9060a5e913fd2704ea7a340e30142da515167806 |
| SHA512 | 3d7c7207c5f10146518024a07af30de37eaa2f8b5fbe11eda5634724b16f4a187cf18615f4b98fd382bf877d0a6f4ee1c5bdffd38e93ddea296032e6413cf364 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cb5264a938a44d22b0b3c074e3de0241 |
| SHA1 | cb964315ae8473b7af5e5f6efa0d02217a090888 |
| SHA256 | 67de386354581f62d756f276c37798cc8e3d1fd9638ee9f0889b2bb0bcd32159 |
| SHA512 | 67f79c64e15f67ab2374146dae037c20903811ade3d83282fa93350b9e1d2c6a0e98ffba3167ffaa4c7b0d33dfbda4b69ada3414ba884184b9fb0b8bcdc8f1d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | c1b65effb924e96abb0f85b131458bcc |
| SHA1 | 9a9af7ee3332925079760702966de3b67318eea8 |
| SHA256 | cc13d6410b18cff6e99f14abb07ec5e8fdf386f811fc8c8aa7500f6862351c0e |
| SHA512 | 796cb45fa702cb19a5ab4bf96215e6283272ee7690258a62d53ad9569f358b2fa52004be773ea6b83d18eb59541ef7e9d7b2c9630740cd15d5e2378939d46a83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | df06198024b005032b2f891534985522 |
| SHA1 | 6ff096447eb7be6d4559d2795baeb58eea44701f |
| SHA256 | f34a4d2b7cb774ca69845adf225343a7135aac9eea7137cb169508bcb9789b00 |
| SHA512 | f1e44019e5f508b7a05c3852123b56d7510510a370f2c2ac93c7127d524817f6fa44c2cd83b5ffee4c675db77d149de87467be20b3e533420a6fd1382df189e7 |
memory/3900-134-0x0000000010000000-0x0000000012DB3000-memory.dmp
memory/3900-135-0x0000000010000000-0x0000000012DB3000-memory.dmp
memory/416-136-0x00000000001D0000-0x00000000001D1000-memory.dmp
memory/416-138-0x0000000000410000-0x0000000000492000-memory.dmp
memory/416-139-0x0000000000410000-0x0000000000492000-memory.dmp
memory/416-141-0x0000000000410000-0x0000000000492000-memory.dmp
memory/416-142-0x0000000000410000-0x0000000000492000-memory.dmp
memory/3900-143-0x0000000010000000-0x0000000012DB3000-memory.dmp
memory/416-144-0x0000000000410000-0x0000000000492000-memory.dmp
memory/416-145-0x0000000000410000-0x0000000000492000-memory.dmp