hxxps://getintopc[.]com/softwares/graphic-design/adobe-after-effects-2021-free-download-1218220/

Analysis

max time kernel
357s
max time network
358s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://getintopc.com/softwares/graphic-design/adobe-after-effects-2021-free-download-1218220/

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	mspaint.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3316	3616	WerFault.exe	124

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Service	msedge.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000003	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\HardwareID	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "11001"	Set-up.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 604247.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4632	msedge.exe
4632	msedge.exe
2312	msedge.exe
2312	msedge.exe
1796	identity_helper.exe
1796	identity_helper.exe
4732	msedge.exe
4732	msedge.exe
4732	msedge.exe
4732	msedge.exe
4800	msedge.exe
4800	msedge.exe
4600	mspaint.exe
4600	mspaint.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	1908	7zG.exe
Token: 35	1908	7zG.exe
Token: SeSecurityPrivilege	1908	7zG.exe
Token: SeSecurityPrivilege	1908	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe
2312	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3616	Set-up.exe
3616	Set-up.exe
4600	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 4268	2312	msedge.exe	82
PID 2312 wrote to memory of 4268	2312	msedge.exe	82
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 1096	2312	msedge.exe	83
PID 2312 wrote to memory of 4632	2312	msedge.exe	84
PID 2312 wrote to memory of 4632	2312	msedge.exe	84
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85
PID 2312 wrote to memory of 3044	2312	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://getintopc.com/softwares/graphic-design/adobe-after-effects-2021-free-download-1218220/
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7ea446f8,0x7ffe7ea44708,0x7ffe7ea44718
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,12260040366434095425,10768397795035519069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:812

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:760

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\_Getintopc.com_Adobe_After_Effects_2021_18.4.1.4\" -ad -an -ai#7zMap1928:158:7zEvent31296
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1908

\??\E:\Set-up.exe
"E:\Set-up.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3616
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 2472
  2⤵
  - Program crash
  PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3616 -ip 3616
1⤵
PID:1320

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "E:\resources\content\images\appIcon.png" /ForceBootstrapPaint3D
1⤵
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
3dc4413834d82c96b3d5c447dd925a41

SHA1
6328bfa23153e053dd254c36ee28f4715368254a

SHA256
9ecb4c0ca8c9566ab590450a0fabf4d9618bb814b9036d7d04d26c6bc8feb38d

SHA512
a73385c7f05fc87444667e977d438daca8c6b59b4d6d85ca5717d243ece6a0ca0c4ef6ca368d49311fbe97e1d462c4fe7771064531ea10ae7580a78ab88aaa1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3a01084a8026ee44b7e592cfc08356c1

SHA1
c4327eab68d202e8fedbe29df6eab9412b93a97e

SHA256
d4f918e4a7c77fb3afe10ff80989cfd78d284262a6982a5b0f4144116a7845be

SHA512
7ea56f018dfdbf9d9e6b7065af4f62cbc7deea18ca1267c529de1c618fcedcf0365f320f69cffa924d1e553529f517c9b0b4ab4565792c3ca88d005bb737ed3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d5206b9050e9f25a3c1ea948cc10af88

SHA1
6951c982224f48d6222d59334ee8a49b70a72266

SHA256
5d69354ee402c22b038fab6b71d0696c4a980c3cf2d84f6ccd320d0202ce8f11

SHA512
b655d85ebd46f7bbce42330f6e6c9d12e9b8708ed6ea80270f6833ee29fe23ad15d6d689e04b3d12a86d6f0770cded2189aca93d20fdfc1fde43017550683ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
904e92a33ca971eec97d1c8d3d96e96e

SHA1
bb6f3d3cab67338f0c8c5d343f2710626b171004

SHA256
0ead7c448b0c7f32a31d75e1d39d3e0f5a3ed2a2e9da7ce626e56bce3f12d59c

SHA512
3b1c73a3692452a00c6e69d342dfb01a2b853071d6e2961ace2f4098909e69cacd7a66012ea848a92d56515fe69ed1a1991316b9ff85fa01f15fb64d30598dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2bab535c9d30cd2f2b06fe6fcad76025

SHA1
267ebf470364bc91c75ef2193025d14cb6556985

SHA256
4f7086ba9173d0726dcadba0bbaf633c30c3e606412a4eac2b5c199ab921e888

SHA512
e349976bac2e4a6220bf358a346ec9f9efb10e38cc745f18d1821bcd9f7b1f4ac58f46bf07c1be66a07e582e9c8ea6bbc63bc447aae36751792000a6fd6f4512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
81504f9b03cdd2b590550d2d693757c0

SHA1
b6ffef52d0a53b7fb858eb99583fb5ec11d23c05

SHA256
28f4d22a28d59d66376dda8d691560f308d96fe45234dc631396c3eaa11a48cf

SHA512
9ce7401665bd5e9f9f2d56414c4420099c3d1da710fa99762cf12cc764fe9c613615065507ffd21d618498a77177bbbe80d2e403b7ab0e2d123acc8dbd746003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c173147e8882fccfc407c49e3e7dedb4

SHA1
32c3116c63ab034fda98a6418818722404d3b69e

SHA256
6228a546594e331542f36643b4a89926198d492a1a93ec300b875ab6fc365520

SHA512
18c7470306a9296b98a0214ad8639cd381de0d4d08315ca6ec4fba105f7b294fbc946caf0b30abb3d8a8f20bf72cc6b3899d417bb952fa8974a1aef5c71df66c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
747672362550a93a138dba803f698bb6

SHA1
f3295cc4aa40b86278c8b2b8bb7ca19d2e5728ec

SHA256
061840f848cd9104a23732a1036c244d6d09bbd6ee20efdeaf9f33814f9dd879

SHA512
877819cc7918edab2d40d6d1bddc40a569c66601d7da61e4f95d2290dd4bf6b85a8ae27d97736722925b803a8b41b05cfd05659537f3faff12a05db5128838c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2daf6eccae1dfe8716e1ecc656998bbf

SHA1
ad8e2875e3a7dc69f89737cd402efdd0949c58ce

SHA256
f3224cf2d56fc693c8957afafffc267aba0682844379ec26fcaf1d26b2c37942

SHA512
0a2e944ffe53193f13fb3b777e3923630dd2878540a4528881f2349d56ea3fbc41dd5eff9e159e4d80c004fb1fb2a32b5a856c80fb57148b225d0f8269d127b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b248.TMP

Filesize
1KB

MD5
6b3dcad58963718a799ca1fb1a2d9ea4

SHA1
1998a81c0d097ad42eaded7d69f3788efad73ef1

SHA256
c7921687bbb72f3e60aa461999c414f1b6aa5ff79f2ce262ee1b09c2fcf1fcc8

SHA512
a8cd166133efb57dac2bf8a2a64f86ee5844dcbbac8ce6df4b6ec5a0f0a40aae80bb00fd02e3a403909a554f3e063a8f6f276826f93093c916c254a3144abe25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b58b480cd3ee56e378774cfd61c478e3

SHA1
fe9dc39ce369f9c8efb272dfeb375e36cd3b4f21

SHA256
796e400dec7c654d22a41de7106bcf0d8440f74d81b09b9d2164f29cbc80e0a8

SHA512
38888b6686df7ba183dd60904b5036ee8524607c4b6b4a3bfaa68a3971c25af954ab4d85bd2a2f9e29f26bd5ec6091d1a327eb3ef442ced58a75e045326cb3de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e54660b33091e9def0c7b4ba70a55232

SHA1
cd0bca7840fbbe334e032bc2e47c475233be1c8a

SHA256
92a5a7109990fa0fe38f52bbd94749a6da4211cba52817212cd833e1dcdf8f3c

SHA512
849726829c9e42de2544ecc480caa356099ae7c6f8f49ff06aa6308c486dce2a070c724209985bdedc76cd59bb752d4e36a32dcaa65a0e6938c6154d6a9943f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DA4B2A14-4BF5-4455-ACE3-198035CE78F6}\common.js

Filesize
2KB

MD5
d98f70ffd105672292755a37f173c2ec

SHA1
c0154add295ac052f234a0282a62b704cdd01998

SHA256
257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3

SHA512
1909cc7e4da0949a469852240be2205209968b18b99f7d967bc0231de33d03c7cbaa9578972e30e95e6d7017aebf9cd70a55ba22cdc9d5774d2a237d3eb0971b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DA4B2A14-4BF5-4455-ACE3-198035CE78F6}\images\productIcon.png

Filesize
1KB

MD5
3f64a3ca874844f34f9c453dc93f6015

SHA1
110d915aa2d8b7dec32f4878a45e7f73a4e1c8ab

SHA256
e6650fd88880140cd30b8881574390a4873e33d02f6a5f78a6d181a0d3afd0cc

SHA512
9f8d93524e81e3556f2b88d90d285f6f1eadaf5ff5313f8a431b350d89f65fec3525a8cfd2ca4935916f593d11c6873f21f2e81acf9e2bac52fdd39c0279cd55

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DA4B2A14-4BF5-4455-ACE3-198035CE78F6}\images\productIcon2x.png

Filesize
3KB

MD5
ad561c76018a19b444a057498c69f62d

SHA1
c1960644cada63062124db24b9d230bd15b03a12

SHA256
db563de668beb2dd2002d4107ba8a24273dbaef8c484ca67f673517386b0e392

SHA512
abed95166c13850d497651f0c67e5c081c390ab63c5f187938d3d72862c08509c9295344a21730919b07c17d0882cc27fbf2473297b69b83554e30a972f737ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DA4B2A14-4BF5-4455-ACE3-198035CE78F6}\lib\jquery.custom-scrollbar.min.js

Filesize
14KB

MD5
ab3adf4aff09a1c562a29db05795c8ab

SHA1
f6c3f470aea0678945cb889f518a0e9a5ce44342

SHA256
d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b

SHA512
44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DA4B2A14-4BF5-4455-ACE3-198035CE78F6}\lib\jquery.min.js

Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DA4B2A14-4BF5-4455-ACE3-198035CE78F6}\lib\jquery.placeholder.min.js

Filesize
3KB

MD5
e13f16e89fff39422bbb2cb08a015d30

SHA1
e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9

SHA256
24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe

SHA512
aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DA4B2A14-4BF5-4455-ACE3-198035CE78F6}\main.html

Filesize
8KB

MD5
f4b7942d6563727bd614f10da0f38445

SHA1
84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9

SHA256
e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc

SHA512
f79b24ac78863a4ed87d41f37b2a5bc27017ebc5317f0a305d676090a16aee8a61384b476e7e9a68a024aa8da4784c1bd4f118766caf4450ec97af430e7074af

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DA4B2A14-4BF5-4455-ACE3-198035CE78F6}\main.js

Filesize
58KB

MD5
a8f9eb478c7512c98ca1ad46dbcc298a

SHA1
454226dc42b911caafc9a1e56d8ad0000bbb7643

SHA256
1df6cbdc80c1df47d93d6e7516a2d7017362413a6b9d93634e143856695c3645

SHA512
ae3198cc6ae739f3009359988f5c090664e5fe8422ad1cf739fe316e66f344c10385d1f841c7b0e3ca9f7997c79d95fa0559386b6dec10641ceb8c290b14f5b3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 604247.crdownload

Filesize
1731.3MB

MD5
898a54a05e29a2b9c19c07bd1f27b954

SHA1
e78210e0994946305eae755caf6cbcb4c09c42fa

SHA256
29f4fdaa766baf4b7d17cc1732365cde5041e3171849477ec6c0ff22bf832de8

SHA512
da85e019fe4130d0c523ac69282149d2ae2bf4507d866f39e056a20d2c369325c8b44ebb57d330e208a684ea8c54919892af08d6d1395f5c2e5d4f9fd8efe23e

Download Submit
C:\Users\Admin\Downloads\_Getintopc.com_Adobe_After_Effects_2021_18.4.1.4.iso

Filesize
429.2MB

MD5
2b1504ab38a35d7a1f659be2601288b0

SHA1
2c99a51a202a12d8864ae20de47ce472124694bb

SHA256
ac3f1b2842971de94b57c3ca0e2b07cf47abbe231e3c4ccbe367737ffc977b8c

SHA512
9684079dc26eedc988e29a1bb064ff7513a4a87df087653a593a3485f7dcfd80eac9d31ade91289e0395943391fdf5a00ca59b696934db74ed0af0c0ce326c7a

Download Submit