hxxps://acrobat[.]adobe[.]com/id/urn[:]aaid[:]sc[:]va6c2[:]b1c9ad77-e430-4dae-a42a-9b5ea620012d

Resubmissions

29-04-2024 15:11

240429-skx37sdf34 4

29-04-2024 15:07

240429-shjg2adh6t 10

Analysis

max time kernel
207s
max time network
208s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
29-04-2024 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://acrobat.adobe.com/id/urn:aaid:sc:va6c2:b1c9ad77-e430-4dae-a42a-9b5ea620012d

Score

10^/10

adobe phishing

Malware Config

Signatures

Detected adobe phishing page
phishing adobe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3062789476-783164490-2318012559-1000\{5C1FDA29-C0A9-423A-9248-EC909D529CE1}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3062789476-783164490-2318012559-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
2276	msedge.exe
2276	msedge.exe
4684	msedge.exe
4684	msedge.exe
2552	msedge.exe
2552	msedge.exe
4776	identity_helper.exe
4776	identity_helper.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
4312	msedge.exe
1808	msedge.exe
2204	msedge.exe
2204	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe
4684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4684 wrote to memory of 2356	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 2356	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 924	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 2276	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 2276	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe
PID 4684 wrote to memory of 1596	4684	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:va6c2:b1c9ad77-e430-4dae-a42a-9b5ea620012d
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb954f3cb8,0x7ffb954f3cc8,0x7ffb954f3cd8
2⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2
2⤵
PID:924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
2⤵
PID:1596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:3808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
2⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
2⤵
PID:912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
2⤵
PID:3884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3956 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
2⤵
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
2⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
2⤵
PID:984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3352 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
2⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5804 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6248 /prefetch:8
2⤵
PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6284 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,7517647013666562175,276827945955487594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
2⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:412

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
de47c3995ae35661b0c60c1f1d30f0ab

SHA1
6634569b803dc681dc068de3a3794053fa68c0ca

SHA256
4d063bb78bd4fa86cee3d393dd31a08cab05e3539d31ca9f0a294df754cd00c7

SHA512
852a9580564fd4c53a9982ddf36a5679dbdce55d445b979001b4d97d60a9a688e532821403322c88acc42f6b7fa9cc5e964a79cbe142a96cbe0f5612fe1d61cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
704d4cabea796e63d81497ab24b05379

SHA1
b4d01216a6985559bd4b6d193ed1ec0f93b15ff8

SHA256
3db2f8ac0fb3889fcf383209199e35ac8380cf1b78714fc5900df247ba324d26

SHA512
0f4803b7b7396a29d43d40f971701fd1af12d82f559dcfd25e0ca9cc8868a182acba7b28987142c1f003efd7dd22e474ac4c8f01fe73725b3618a7bf3e77801d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1008B

MD5
db591c2a1766a152d82f4e75108bff8f

SHA1
270e5372d9f9fce1b10bb44c4460ae8ffa702aa4

SHA256
1c483bf20b5d8288afa23752a370daba56c6c7768bd23b2bbe365c26130bddeb

SHA512
77d6eb32c7ac5bc329c62e8cdf8eb8ed231f75481602fde6cc3484b9ab6e40435f9b881eab2a12879c7ff52417b48ce89421fe4b9c1d53211121104d0332a607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
ca93f7bb5123962e0db6af49b2c8bbd6

SHA1
0770d31fced90a9f87eacbb5f4a0b402929d71ac

SHA256
be080f311969e981b6973e552b546c5c8c751ca5910e52b479ffa66a3b1682d3

SHA512
0db7e66c7521353256151e0da3d67c4703321f5df571d037aadf384f4cbc60b4a191c17cc05823fb42f582db216a794ec9ae2cd61cedfc243b41904a2fa78969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
117186ad6f41c462039462443f4baf29

SHA1
06e3ee8dce1a23865281ec58afaee7209e62f91b

SHA256
22420df7d06228dde1fef2e6e40c52b6d967c0764e14587d1198f3abed913f50

SHA512
d232b3e668dc0482f8387372f9ba5806024d6dedf8cfd527a8ca9042a1fd24eec97e2490709e0600c303137a4f5c5d93ca53f64f4b19c7165f17490d7c6c5de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
a3a1b8409b466c0b9ddcdda4c6bc2300

SHA1
a86340bc808f5f80f7ee9e254ee93a113d4a2e6b

SHA256
6d829a653756f168e0b47202c7b45259397a183cb61782f20eee9faa0395b9c9

SHA512
579d392799d51c66f9f5489e6c0d9ab872bfe6788ecedf00fbf8cb40e4c5e54f323df3394dddb5c688a3855eb0b2e8855391ae48c0fbc38903926bab7bd6ffff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
4b938376e6366081fb10a99bf316080b

SHA1
7e4b89c28e36848d81ff6c4de6f1075e67c605da

SHA256
d00e98e84f476ae808ffa36b37f83156de07ec4944301aecfd8728228df20816

SHA512
538b08d31fb537afe82a77bdf7fc5c5f11f858acd27d9f3943d8cc2bb9a56eb07d35934e204b45d7786ced75c33d0b5b36afe11155c201d46a5bfa97aca082ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9c3383ab4c766da078576704391807f0

SHA1
0749cf06d45e4d18d093d1782f967dbf922edb00

SHA256
72f75efe9e32b2b17dd3f9de59af377b220305ecec9819a67e47da1516a588bb

SHA512
6f1333e290a0c451d81146b1ab4b2b5df848dc6d33966eefe3a134799095b11cb2b68244099ad7881eadca8d137ff70865f2a764f7fd0bbe2ed92a40e0d21e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\bb016c19-dca8-46ee-94c0-27de9b4f9a90\index-dir\the-real-index
Filesize
72B

MD5
33d3b484dcc251f1c31d2ead85a2d68a

SHA1
bf060908c1cb6fec6e8bd64460f5a0ec39921697

SHA256
3919d77156bbae776fb0c8f50f77bc22abba9a59dda0a58fa1137eadcf87c671

SHA512
775ed4e0abee3514ca490593c5a1da6d0c915f98dcc5b4d533bfd62df197b7ee539f564a4b24e6441d94576e629e23f63599412d888f9e94de679c922142de63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\bb016c19-dca8-46ee-94c0-27de9b4f9a90\index-dir\the-real-index~RFe57abff.TMP
Filesize
48B

MD5
b6b96534b26fcfed69d00bf140e40c8f

SHA1
6e31beff26a685c0caf33d5c38029b328598cdf9

SHA256
5a09b8958e1e99dfac8da11894503d70b133b08ff5a935781b3fa44321d6ccc3

SHA512
716e4287c1df0c2c45287ae5d5ef2a51503c221670e7571275a702b5b227611f9bc030167aa63a7a94efd5ee3f56390d367cfb2a2c4b7ade7877169dec424b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt
Filesize
129B

MD5
27360f2397f9e79c66ddfc5250291662

SHA1
e9787315ea4f38fa6b199b32d1d4ee1e6eac112c

SHA256
4a4b53f4e8182585f79e8fab079d99128ce2d1998d1e752470d9c7ba27e841e4

SHA512
e8211d3bc75afaa14c1c31826a9519d2731e883b7ce8d73bc9f73cad1e9af83a27b34349936d45cb7da927b352db141d48a9c217818e3778cb50705ebeaaad03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt
Filesize
123B

MD5
f6b82b892a15f1aa6ff59b0aeab0c768

SHA1
f593169c59ea55c83ddb30d515dda5733ae5301f

SHA256
9a848b33158f4412c383cb34cd0a87672faaaa336bf6b40fc9a8631640b4e311

SHA512
295ad44da6ed082b15b9add88f5efd45583ea5135976f5839cdf4e0567e8dc5fc9cb733221d156bd45f5a26241d8fa038eb9712541d8d7e6addd122012f555f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
830946dc78c3c7b2ec67d888cde351dd

SHA1
218e3d416d9b4464bb83ac2e2ee444fdd4f5b44b

SHA256
d7057c7717ae904028da9b339df73e550f12c4d2d58fc76705547c553e70aeca

SHA512
76285285e90599a3bec9cc7d727d055ebb0c474b39cd1e58f5c162295b3e21f0f2865327b7b29bc4cb08cf99f0e17f890461c16e21acb5c6a578cd55ce48d13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a9cd.TMP
Filesize
48B

MD5
30f7b0429b54810956f536865f05c4c3

SHA1
417ee5abbfe498db641fa6a431afae89fb76b6dd

SHA256
c8559e66e977ecd767b002de87a08de560e1c3a56ff35925c40a24da1ea3f89f

SHA512
7d1930727925fd8eb2b27e90794cc9609c4318601529dc21a92acf8e785d8507736081da941cc1bc585551cbc62c8626bc77efc2bc4e2bc77ea3e02b381c01cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
7397d698d023ba85cc46c42ea7c0d7bb

SHA1
8a749c813f6a4a43108d3fe49e0f29c3ba3e1481

SHA256
0e6ebf25099037efffb9cda548964d7f94e94fbc317ff83ab619f9f693352263

SHA512
5981d7352c1a7d5e7e2583581e4ae0d25c72f561359e66353651fa287636fa3bafc74def44ca5c8e4e02d8ffbcd12dbc454f670586179eb0e9f7d90747453927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
4c74d02f327d2a5c4c15f5b49910979a

SHA1
3e7458e7925b6af2b20103d2a6610d439b911142

SHA256
874fb8a89caf55cc98c7cd91a9943bdc4f003c44d04ba36ef38e53f42aa4cda5

SHA512
ca355b58ef0a9cf418d37a7abc1833b6c146a0b723ba214ccff852e35bf10b39db25d135acdf09e5eb01134dd8e5ffaddad06532025cdad3f71571d4000bda8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
fba9a92f1d49283552b55b614d81c7b8

SHA1
3457e42798c874989912323f394d35ffe3ac0a0d

SHA256
0959acd8720282661a0f328b09c66cc6c71823400b206161e072b50181d0dc49

SHA512
42e6c859f21d1838a5e301d7db4b39b06804e1b5d9064e4e17fe527034efaca3a90cda56f824e36a3e6721672cd9cfa46bf53a5452f0ae884b7d3b3bed30bf35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
8ec838476510de0f76235338790460dc

SHA1
1cb3a3ce4e5300d2e78bd8f1597a6f4629cd012e

SHA256
39532131cd01543cb9dbfed6329e3fdb615883b5cd17855a15e12636fdbc9a61

SHA512
e1d6da9bbf828d5cb2528ef5c73f12a3f1ea66111ba912c9f4f433a2e67d8b0d5b3b665f82ea07c8b74ebb6a7b82630832ad54c04886c8e18b33908e23c8eea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
f98be5a0fb2990ea3f4c1e013a31b81a

SHA1
1ba4340b35ec027d378cf489f36634438f0c1e6b

SHA256
c55d308f9d01286cedeacbdc58edfce2dfa71b8ce39eccb748a406c9d0ca1a60

SHA512
2a8ef6916c92f1aa683bd23daab126eb15dc7dac98af4e4db3979fc70730903168396b734188ed829eeaf0c36c64216b16d8f91a537fd13d90b00b791d6e0afa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
846652bc77c22aa2e44a7f01d05c1f87

SHA1
e0a5b43e0f4e6f6b77b7e4d86a26f86276725434

SHA256
910f1ecda3dbd488384f9204ab8322d1152f8dd05c65a321e69eaf3e247baa2b

SHA512
93b1a3ecd587ea913f306d4b65f05c5a95ac2b96ee1284796fc5c98806e11927a377b22094c3ae0b2acbeaf0577058a17a60d2e0ac9c9d6a4485e8e74df4582c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
66ef699540dac76875261dfbe3306e02

SHA1
7c202efaaf0bc76a9efa5f1cfaebcb1344889a75

SHA256
6f6b66fb6e1293e537f8747a4cbc63070d057d8091cfef3a636b8c22ea0cfa8c

SHA512
7f30ece56206b99e1f9ccb04ba2aac2c4ed3a98c3fe2aa8bfa002ee567d8685f9786cf4c6067a39d91d3d473e7cf6f174a51c9c32c4799ec59af29da29d91ca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c5f0.TMP
Filesize
1KB

MD5
bbbcb1f88351c7bda1a49574ece0eda2

SHA1
0235276a69ddd34ec7a1e751984fdc20e8f656a2

SHA256
5c41b61e3c9b218fc5b6b21a926e29a6a67258ab272dd8c08128add94f2464ed

SHA512
ebe87a505cbb998355118efe77fe297181ffb37494bcaa4fdb7184b626f575755624f979f66d22c743a94948a2fea7473a0fd9411c90cc846e95efcc899dc0b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
dc389c8cef23684fdc3fcfe59084ce58

SHA1
218c075207758b2548ba1856ecdaeaecef7af5c2

SHA256
5364bdf7073a8c69415a67ab85ed5c3a3beed8fc1b27725b2dcb80c3c93eb648

SHA512
13f4155fe393638bc74b3817ab986a9a07adb1133230648658770b849117e1272cc3e7b996512a20d31002cd4aa2b84530595fde6eec6ced1a97c60a05aceb1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
437af8b430aa57b5ad21b8e057a7656c

SHA1
ec3671ffea1c9c3a78fa40f2e14b9e4908f1d0ab

SHA256
70e2d45718914a4c504d478fd0c357e3ecd66605365510043164a94db7195e8c

SHA512
f18895cd381d7fd34459f896e6c89ef0f3701853e6b4dfa2e085d7cdc41418730dd0af5ae0c661e2cf9e2ec6e00310a413c2649e458109fa814976250632d72b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_4684_ILJRJWPRRGWHCNSC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit