hxxps://acrobat[.]adobe[.]com/id/urn[:]aaid[:]sc[:]VA6C2[:]a96e38f5-ac61-4f07-8c26-ac36a9fdff86

Analysis

max time kernel
200s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:a96e38f5-ac61-4f07-8c26-ac36a9fdff86

Score

10^/10

adobe phishing

Malware Config

Signatures

Detected adobe phishing page
phishing adobe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{B1DB604D-40A3-4541-9544-F1E4C2C7FF31}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
2012	msedge.exe
2012	msedge.exe
1508	msedge.exe
1508	msedge.exe
5060	identity_helper.exe
5060	identity_helper.exe
5116	msedge.exe
5116	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe
4144	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exe

pid	process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1508 wrote to memory of 2196	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 2196	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4960	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 2012	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 2012	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4264	1508	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:a96e38f5-ac61-4f07-8c26-ac36a9fdff86
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc643246f8,0x7ffc64324708,0x7ffc64324718
2⤵
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
2⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
2⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
2⤵
PID:1128

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
2⤵
PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
2⤵
PID:2292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
2⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
2⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
2⤵
PID:388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5996 /prefetch:8
2⤵
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4724 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
2⤵
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
2⤵
PID:1240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
2⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
2⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
2⤵
PID:2300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
2⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
2⤵
PID:1312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
2⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
2⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
2⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11752645820810787937,12471689874119551543,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2164

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\44bbe1b5-026f-4128-aa12-e98f22f3ac6f.tmp
Filesize
2KB

MD5
6d93975c8257ac3808f9a87bd7a37be3

SHA1
c3bcbc549828d33eb17101e353f646ee0725e798

SHA256
7e5be94b57eb2b60235e832765e1840a769b83224600e96cbc8b94dabdfb0da1

SHA512
5f4e2d92f6cc0fc61cbc732b2797a4cd78156e1989ecc5502d6dc17a9327d1c2688e7ceb376536eff31ddd0feabc1184ce0826603904091465e2648664e3937f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
27KB

MD5
a397504614991d416479c829bc14ac09

SHA1
9be9a5379325c31a4097f0e0fde168a1148ee695

SHA256
23268d0894d0a2e0ae69d120ae43f07fbea74979eb3e0839dfefb6468ce3da5e

SHA512
85ff4c5fb29eca41c9fdc935b0fc34242ca39976a274bdc4cb82198d4bfa3eded6a35f95f4b638e85a689ab31ccd85cdb9815a824df4738d50a4db9e15e209c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
8KB

MD5
afdbaea65cb14a4e929eb84dd2ec2614

SHA1
e981d71214ec25e1d16dacbbf98935255a8adbb3

SHA256
b95c0176f37a743004d9045d298497df9d7e4ed7c7b64227555cb5bac94c5e85

SHA512
7d58df686a81e9b6b948e784afb9465be3b701b076abdaf107e3828fd1a757cd864a6ea93b45fbb11c5333a385b2d1307fb0d8d20800c238cf3678eaa8e804eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
96B

MD5
63884ff611a224a97911704457349388

SHA1
0f2d709ecf52ba59051459f2ae386168a6896dd6

SHA256
557616b22c3114ab4d225224c858bac5006ade7e9c7bb947641ca5c72924d154

SHA512
526ba39799635958acf2b5442188c93a31f9eb868d60151ca9f010ee2365a08daf6b310acc264d934bc0b9822c3a1f202b4f07d11f589771ace24b818d4934e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_acrobat.adobe.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
a819e868c24bdc9064cf16bbe7a2e496

SHA1
f7212289524beba2c1b6372b121da708f9ea3165

SHA256
87a5c06220638742b4cb327fa272c6398d507f9f29c6b4de8d421484b9d5b46a

SHA512
860749627b4ac7039d41d3b252d746c6e7a6a267a28a53de130d22c0227e30368e6e786c69461d15056482a0594fcfa5bf5dc50758a443a7cc18a0e9c04177f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
10e62271cbc9520990264057ccb6aa6f

SHA1
b633b65985dd480972db6fa581a78975415f939a

SHA256
0a65e4e0e4687d31a628b9087c29ce5492802b47fd4fc1ebd0ffbe78537a0ebd

SHA512
53ade0c0f6b7e6fc04b01f22cde355acff9863fdb37aad36b3664e456fb3b80ca519fdca4e48dc0f963401cc9943fae27a27a2459bb385246b90ddcc52ebcac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
344a84313e2c85a02c8df68b6c414e31

SHA1
e060ec66da1a71d28eb0f706350394825edf7b28

SHA256
e40ed90eb69feabf63b419e2ec5884c81c1095a03143ce9c0c90a159adeccb8e

SHA512
aced74d6cd13a7952d3170543807e196093b9cd7523a7ed33aa05d3e3996a94556cebb6d8ee74e2394d995532e99ccba7a6abc86b616d4d8f11cde5aa8227f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
cd6bde661983251f5b69250234594eb4

SHA1
44bc37b4265e49809491a8e420c412d99f33efa7

SHA256
0891789c26f48c4de02c198b2f2de927f5be41edbdc7a69428bed839cecac73b

SHA512
c564a5b8c40f54d63b151584727cf1599fa5119b55f0a71a38fd907d6777928e67f2443672d91e839dc74b9d4645392d8442189c47f1fb7b610db342038ed2af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
479c56dca7c1e4cb33050823b8c63f1d

SHA1
a6bcd8e3f6e6c7e951c850aa35531319f9d589fd

SHA256
5c6b58b610aef3b30cc3a86d071f0380e688ddf14eb149e5ea187c17bc4a529a

SHA512
914c1ab2cdb3deebc8bffa0e873f5ac85b628d1a5ecaf243945b3c0141080143a48cfb89b6736682e1ae9e017915a11f7c01bed27910697f34cce952daf0d4b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f41bf0f901500baee658e067f74f4083

SHA1
d63fd7b702a967e9f1a1a10a037aa69da6aca678

SHA256
62aa5e36ae2c62de0f644f234f67dd657b992fcdb56e1330f384e436ad9e841e

SHA512
0e1d22bcdc815ae6b65df8f6f09f19f1106ff1a3e27b94cf1c44e9f39f0ae796dbff835bc04d841984020e3554cabc7a174c59cd5d1370b9e023db08e6721153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
217709f5d5ed1ad32885a2eeeef1d75e

SHA1
ce2f914f367f7d6100412ee94e24c674f345f1ca

SHA256
0b238baa64a8538fa407ea4788fabeb6111e13aa59aa07cc534b29d8301aaec0

SHA512
e620a8be0651f0a6536d8c5181181d85bb4dfc625e883b4872daf022198adc11fea8775112f788c2db5223f66af85b7f0ff03f01e4f3b0dddcf89052aed6bdca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
7ba914bcb9adc4089e2c6a8add671e0e

SHA1
9f2a9af30c4589aaf7b72053d521d38dc3f81d72

SHA256
780ac6f21d402c1b8d0a987ec653fae2d6e3e4e112118fd559093a9642fa1501

SHA512
07e6714c5b733e507d44248e4e0b9508d48c35ea4d4a0b7e1ca84deebf68a1d0a5772684d6c4cd0b547d580bf97911e3051c4339e0a5ab1607e11f9e2d585315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\16c56d79-e15d-4b9e-a318-37d3808fcb16\index-dir\temp-index
Filesize
72B

MD5
e31bc719a945fde1d181df1652f12748

SHA1
e61e7e06d9ac359dc8439a5a704ef1cd560c0e6b

SHA256
4be366d10064afb1941b5de48f3d4f09eccedec1b9fabbc5152c976f46a940d1

SHA512
e2185e45d96d06dcf7a33420e212be56a4b4d17cb571bfc74303b7da3a28c85f58c50b0ef3b2bffc3a96a90a07697d7d093770ca490eed268ec761071004f725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\16c56d79-e15d-4b9e-a318-37d3808fcb16\index-dir\the-real-index~RFe5791b1.TMP
Filesize
48B

MD5
6f5f345d85f6492979d813bf3ce47e34

SHA1
3af4e290a153d2d33e1bb8dcffe3b2516f05e980

SHA256
8c6b60267fbe2fbb0d044fb38366b313d5add8e7ba16c5fd2e5db047c2c272d5

SHA512
71a467dab7b9573bfb92a40e8b7394c99877fbf38bc3cf8acd9b5631e0bf66f2b309df4eb3a700d6059df4fb17f9aefc66873e00cf37aefceadd15e6941e71b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt
Filesize
129B

MD5
d09b24c0fb927414ebefe7567ad0c5b6

SHA1
e32b76b7684aeb3b1081b5b2b49fa2354644a598

SHA256
9c4e2e2ba17060eba35d86beb6eda000ea15b8bee5b08eb0f1101421bec21a84

SHA512
148595d39adefdd104a8920c80e86f0295fc8d5a287131198d9609a2abceccfaab5c30dfb7902b8902c95dd811a5117c0a09baab1ed6eff698271fb00417262a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\7b539bde8ca0807396a791d6ee4db1189d0e5380\index.txt
Filesize
123B

MD5
03ef8030b027c239c9c09be0c5a6002c

SHA1
90254a8c323502496ad44d3d87ff10107b95aa91

SHA256
8bb8609b03a1cf4b1173b81af78b1c236b3a8d5f6f24001cbc51fcdfbc828d2d

SHA512
3b2ec063c2ec3ebac792d88d6d986e397b86966485a2dea4615b971b7a09ac77bdc769e69fdbfba743d586c921a88900269a2742d598ecbd9630998e56a7c5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
48B

MD5
47d8036b6373bc2689f9408544ee5802

SHA1
cef01ac0f9f1614625b6d66158b5c6fd61c3ac7f

SHA256
b611b64613dd8e431170ba698d3ee8766d66cf74439ca5f00cb6ea3560fb5115

SHA512
73cbf69d5e6ee145c51c4636917af9ab5097e141880b30940a55803c0c69c26a48a415ff0c33b6469ac27192d9421886e2d20179c044cd77b3fcbfe37c163480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
a7c8ce59b16ffb9ed9830f85bf128db0

SHA1
aca5c386dd96db7f17ad99f3c6d6d79531e367a0

SHA256
8b91846a5fc091bb3e33182b3c3b90ddf2deb33148b1d9f9fdc10f7e65b970f6

SHA512
c096af3f90e804087dd984d1877a142f4cea58a3cb2cb1efbbba9dad2e35e92b230044d969ebc2e404ddb4e6c41b0d33ed1a831493067a801fdb9797d83f50f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
683ef96717dde22d3f9814017d045111

SHA1
390d8d63089103e52617d87e8bc93f910d8a4438

SHA256
bfeb7cdad494289ac0c1326a8403d2f5c8f4b6febf9ceadec8c33074e2b95c9d

SHA512
3d07d2860b2a3e1da7829a15e67fd218d9d59c3b098e659d48420853cc9100b4f3f85776493b41263f4939ae70bca4cfdc5bf6fbd3066e665a810dd5f46992fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
fdbbc62ef320501df6f88c9e5509a7d7

SHA1
9fe63b60805dd349a88bd341046ae0eaf572ce9e

SHA256
4cdcf867471c02e5f2ff7b98c78cbdb4d450605c31f83d955649ebce5c6be4b3

SHA512
eace7aea221534fa7a6f828096bc38fd9f912de87a5aaef34c44c0879b61abf5b4b8f9a9e553d5f1a8d972b1b172b4a8d23ee24aa9148c4a168939ec1a89a33b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
25e2e2f5157c5245e5c887efee5158a7

SHA1
70ff4324395d50e770f5876672f9ac3a8bc46989

SHA256
7ec7cf9cad56db9ab04d09be82a4d9a012ba8242abb7f189f2f2b8819b4eb8e6

SHA512
14edd909e1818f15a0004fca11fa778afd2290588c93681cb44d09b1d1bf91ce3582447dbac022b19a80461bcb404f898587d55a731b002e1505eeb8e02aae87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
afddd6968ffb8396eb684c698753e762

SHA1
c3b804379cd895061f921dc7bbd5ec909f6c88a0

SHA256
70374930809630cf2ffa7607c8de3e7a34b8ac1e10c57e6d6689f7d5c1eb1013

SHA512
08abe896ec5d8b42adf32b87b3ea05a4f2bb62f45ee9910024327a83369a0ab7009f8e675393bd5c9cee70287334d0d13a237d49a40a0cd6643871604ecd056d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57802c.TMP
Filesize
2KB

MD5
a4c256772ad2a2ac875cefa63c207500

SHA1
ed61296084f419bda7a10eaa59c38cbf8a1aaa4d

SHA256
345204d88acbf90fc69bee63d82fb6ea3fbd556532b34daf41c0197ccdd80056

SHA512
28dd0f61b3eafc766da6b0b1d0ccfa31207f982ecc752fb9ace80e17967c49b4ee624d901f04de1f7201f0abe49e8950edfb35ffe95ffb7d154b9b0a42071aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ad8cd235fea4047e20ec115aec3b79c9

SHA1
bcc86bc888790813ccdf9c821dc5b3e5bb6a6e81

SHA256
f6951eabf8093887e2ba12b6545c107c304c5fcf2e909aadd998d9c02da3dfff

SHA512
4c78b5c1905648e62deb837d76e5c3ca4c0b08f4a907ed30f61e208aae8d045a7f07e2e770ad66c643004a073a5071628761ea3e819b865dc4906c9a8221cb69

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1508_GFFPUEHKNOOHHRDV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit