hxxps://www[.]mediafire[.]com/file/rsdbnfi38eex4xv/Adobe_GenP_3[.]4[.]13_Beta_4[.]zip/file

Analysis

max time kernel
91s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/rsdbnfi38eex4xv/Adobe_GenP_3.4.13_Beta_4.zip/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2428	msedge.exe
2428	msedge.exe
5056	msedge.exe
5056	msedge.exe
2220	identity_helper.exe
2220	identity_helper.exe
5284	msedge.exe
5284	msedge.exe
5692	NSudoLG.exe
5692	NSudoLG.exe
3196	NSudoLG.exe
3196	NSudoLG.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5692	NSudoLG.exe
Token: SeDebugPrivilege	3196	NSudoLG.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe
5056	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 1504	5056	msedge.exe	82
PID 5056 wrote to memory of 1504	5056	msedge.exe	82
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2864	5056	msedge.exe	83
PID 5056 wrote to memory of 2428	5056	msedge.exe	84
PID 5056 wrote to memory of 2428	5056	msedge.exe	84
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85
PID 5056 wrote to memory of 2936	5056	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/rsdbnfi38eex4xv/Adobe_GenP_3.4.13_Beta_4.zip/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a1dd46f8,0x7ff9a1dd4708,0x7ff9a1dd4718
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7932 /prefetch:8
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6480457126078242093,13780067405192216614,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:5376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3104

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1800

C:\Users\Admin\Downloads\Adobe GenP 3.4.13 Beta 4\AdobeGenP-3.4.13.4.exe
"C:\Users\Admin\Downloads\Adobe GenP 3.4.13 Beta 4\AdobeGenP-3.4.13.4.exe"
1⤵
PID:4692
- C:\Users\Admin\Downloads\Adobe GenP 3.4.13 Beta 4\NSudoLG.exe
  "C:\Users\Admin\Downloads\Adobe GenP 3.4.13 Beta 4\NSudoLG.exe" -U:T -P:E -M:S "C:\Users\Admin\Downloads\Adobe GenP 3.4.13 Beta 4\AdobeGenP-3.4.13.4.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5692

C:\Users\Admin\Downloads\Adobe GenP 3.4.13 Beta 4\AdobeGenP-3.4.13.4.exe
"C:\Users\Admin\Downloads\Adobe GenP 3.4.13 Beta 4\AdobeGenP-3.4.13.4.exe"
1⤵
PID:5968
- C:\Users\Admin\Downloads\Adobe GenP 3.4.13 Beta 4\NSudoLG.exe
  "C:\Users\Admin\Downloads\Adobe GenP 3.4.13 Beta 4\NSudoLG.exe" -U:T -P:E -M:S "C:\Users\Admin\Downloads\Adobe GenP 3.4.13 Beta 4\AdobeGenP-3.4.13.4.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
65KB

MD5
f3dc36eb8d102c5b65b1a457ea739ef0

SHA1
b18742e75723d4379811ec5cd6a714d5841878e1

SHA256
7b8db0f76ae02660aeb9294c337153d4365ea193c2e9c0ddd4ca2a54fe7457c2

SHA512
db56010e8d7b5f831d64c4daa8ccdeb21deba6ce5b4594f065eb942d551c56c6174a306ee17b3359cb7260f512dfdd645ce0b62bff992bf0d2a96e9771bdbce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
23388367ee46e53697d7f7c4ca1e2f1a

SHA1
3314e20302dfee867fc28c61a9578b8470428a66

SHA256
e7386849f7fda9dc809257d00c6a7ecf752847bb15c48cdc3b9f993f699e4dba

SHA512
99272b345eed65a6304a09a6af2c3b2870ec0c91b53afd571b7b3abb36c836b5dde51f748916f4325f8bc966ddc5956c807a9535600b9b50f21faa0c93c548da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4b1e2e56be9e3c0fb1ab5c508fb36568

SHA1
2305e13020485bbaa55165acb370efbe693c7654

SHA256
3f6077df37908b4e99900f6c28db5179b7753c8cb17e8573ada9a552bc2ee789

SHA512
338177010de46f26d45404fe61b2b652074ea0ad4ec6eb98eb449becddf76339f46b2dd7ea272b983b882ae29443bc27f81e19407eafe1ec3d4cf927ddfa4441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
361c93b378139060ab3f4545e21b730b

SHA1
cbb046209d216292e911532efe20370389b1e2dd

SHA256
235f9040b16c515a71f853444aa12cd93bbb131bdd3702cd8d79221a43f017e3

SHA512
5807a2f1af3e9bcf890ab12792772eda753a2f146f7848a2dfebfcc388f9c1387d6c23d6855b5fc871711ad63fca3301058fd4ea3cdd1ffd9f1d3c8cc1953bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc80b175123e518b1d2af62a5d996ab3

SHA1
380b9daf6a22b2d39b088f4d6609a10db6950921

SHA256
b560dbe3becb2e63c3a374e9248002eec24d2eda408fb8a1690f16eb58a9d1af

SHA512
bd5cde26b9481c25f445070f51638cebbacde418d880a0d140bb3bfcd41909efe8c704609e71070d0c6640de53909bc3b271afcf5c9be45e29c81c8fd1d034b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
f0ee31cb5c3de0e8c1bd0a3aacaf9912

SHA1
cf5ac9b8ec6ce995450f99cd5b4d6353d2af25a8

SHA256
fc0896f2b8a5d33fcfaefe2ef13fabf247d1f1da91497bbe4a0574ba8aa6e887

SHA512
b8e6100311f747f9c598d237b8796d8dfa61f19e5b8cbb8e042eb6acace9a6d9466fcb17ce337ee3c30e6b5e2eb971886920bedd9e56ab8dd3e62bcbf9c2a803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
7c81a256a918bde64dd22f3b8075a878

SHA1
ebc0c26ee175f145bd45b53d5775d1cd2018e46f

SHA256
f1b9040715f7d7e5ac8b170025899599e5a6386a96cf984e9c3f36f3ddd7ed1e

SHA512
636d00c593199ca9380fffe5bf138c4bdb6367691aec9260feff10e57029512366d9c88ce707aa09881e09646e4c4c65c991346244d9698b469a80432fd7687b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
6cf7ec5bcbb72dc71290475f34879e19

SHA1
c8c33468addaeb8a726f1647500bfde6d6204d54

SHA256
924f84634b0424e75d77c5c1a3478c7fd9b759521536e21084bdf8baa43b456c

SHA512
1fdf77918cd456dc3e50e0453fd72c0b7dec07e76bff07052eaa9ecded1bdb81c5651ddc50a22c241420b7e5f75580d48a9eadb1218544adc84d2fbe387efc3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fa47fc62bf1d79a12564628cda6eac36

SHA1
6dd136a8b3bd94ab43ee0e96224d150104d65c76

SHA256
201360db6b5f2926a3949150f3ed583ebad91476b78181a42e5aaea64fcfcb8e

SHA512
7415bc39f00f97669c295aa237b3c05ec8ccf36a86c60de8edaf6cefdded895cff783232c0753c8e3fcb2c151f5689f3e87abce034d5d51132e1be7344078b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
58d960dc5e1ad82e3d7d9af0d5a4c01b

SHA1
fce426111f0dc20cf2631bc7468073c027fc5bb8

SHA256
3759e96e9f7f00b0d9e609fe6ca85af33fb2f914952f25215eae0d672bf677da

SHA512
7bbcc7b8c57c6fde10c853502f7f586a2bd8eb97c465de223e9dbb1cae9a24037e831815f03debf28bac8c93561958af0088c8df3cca2e5e96e448de9f42b7b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c017c354f687dfe2c0eeedfd97f7efee

SHA1
505939af7d4b400f9594f38a6f93408b522f2d85

SHA256
e0a9b088a5aa07ecfa993da0b56ee404c05aa185be79aec099363cbdfa7bfe10

SHA512
081a3f3052a9c7e2ec4774f7d315e456e82f6b20e5518d897f9922cca00a9c19b3112f75295fb0d7849fbf0be76994054137ce3dcd24d1eabe9fa6fc9287e1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5786d3.TMP

Filesize
2KB

MD5
3d6d256c50744a6b8e270a5758c7a682

SHA1
abdc592d5c994197f68bac83d8cfb77461465d00

SHA256
2691fec1477051482646f5d5ffbe8345f7411daf2bf26ccb070e92cc6f3e8cfe

SHA512
81e5d31706451643391c7786feb67eb9bf2a4758ee6be37df45e82df53f28341ac2ffa368a3684bd76ff9e6ca3472d5eba1d65e91f55274fed86bec49cd8c042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e59fb29715fb311eccbf830e22df6bc4

SHA1
ee0ccde59fd5c7bbb8c78ce8d92b986e40d40e8f

SHA256
a472f579571b1c6b67dcdb86d9fa3f5693a3672e5116553eab445f92218782c7

SHA512
b6cb057a0d9de299cea1f8ac30c8e19271a04a0fd998687f315631b7e0721b10afa687cae6990b9a3f80bd84371c1293d2330e1d8817b6d009417335b7a58c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c1915a8dd9c78e7781225ab138c0d0ac

SHA1
9593c64f26d7dddd3a525203f742d2a7ee6e56df

SHA256
2d7cb40cfa9cba14e965605b9bd1da8d753368c8fe996f94aeb424cdd3145500

SHA512
da8fdd6d87638d0ab30f74c11c9c20434eea96c81838731e6e56b846dd829f2d10ec9d63e112e6975a88139dcbf981cb3323f44af8771463c28100aa82859461

Download Submit