hxxps://filecr[.]com/windows/adobe-premiere-pro-0039/?id=705659327000

Analysis

max time kernel
1200s
max time network
1208s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://filecr.com/windows/adobe-premiere-pro-0039/?id=705659327000

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3836	msedge.exe
3836	msedge.exe
4048	msedge.exe
4048	msedge.exe
1564	identity_helper.exe
1564	identity_helper.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe
3776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe
4048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4048 wrote to memory of 2660	4048	msedge.exe	84
PID 4048 wrote to memory of 2660	4048	msedge.exe	84
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 336	4048	msedge.exe	85
PID 4048 wrote to memory of 3836	4048	msedge.exe	86
PID 4048 wrote to memory of 3836	4048	msedge.exe	86
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87
PID 4048 wrote to memory of 4340	4048	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filecr.com/windows/adobe-premiere-pro-0039/?id=705659327000
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae6b746f8,0x7ffae6b74708,0x7ffae6b74718
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3208 /prefetch:8
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4644 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,457789921296909720,12824281933005754832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:4112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1680

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x2ec
1⤵
PID:5624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
64KB

MD5
d84862513956cbe61aeb4ebbfdd3355a

SHA1
14ab269df17cb0333b1556ce120d587324479f6b

SHA256
a18b26912ab9e034923cc64fbfdb59d682500f2c556456930e480b6bd69e33b5

SHA512
d04ca96d72595f1e291a6ce96f092c1707064800103cde733512a186c1b22e089b63690a0c53965c97248dd782731b22fa2d27b8ee3ae112647382f1c06d1a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5d59ef37285d0bd93ed3b7c4a1235aa1

SHA1
152b4b1343223a0fb0c234133b27801b1b8472cd

SHA256
82e99a7081a739d794862265838a341534473c36465d0746705cb10ed2aab5c5

SHA512
d7790a832c288b745b35d3e490c734f21aabfeb95fb9cbaf1698736c7226bc55b2b36ddfdbfb259f89c166353c584865e1d0a5ab25153ddee647522d99fcaeef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
13e1734f5ea374eaa4f1e0ac99297969

SHA1
5749321f9fae3b81cc72196ce69fa1ca04690367

SHA256
39569d86881da1e8f2e3f7562fdd14e5302a3a046690a000794a7583400884f1

SHA512
431125d8c488cee2a8bdc03c91c1fdcc0bdc905050ac11369b4c9efdbf4cf861f97c821e0d41a3419267611957e84466e28d9063f334c3e782ca2a49d088f944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7c4e091d9a9db06d6a39827c109ed6b3

SHA1
3207ccc56bdeb73d3910cb58436761c26a5d405b

SHA256
921760dcb3a9b4a68435bf231377d880d50a99ff0c757aafb946ca28b4a3112c

SHA512
51c9222cef1ab15d8a1ffbae38b7992a8b38720a4eb4699a172a79f630951a91cb9e7eb856e53c9077bc58cfd9a925413a141963e725e35821780dd95301b39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eff9034c31f5e9b18ecc8567666c0fd3

SHA1
c41d529960d2b7fb47df6b62ffda2c2b269f0cd8

SHA256
10cd1e0380dcebca885e2298f3a7aaf65d93d0d45390769997c49e36c4d78875

SHA512
d837b7d6559abdba0c6e97438f9e34756496f223e4ba82f7a05fd825e2902f8a0ade99cb346919bf54a15249cd953b696c6a98d8ee3e194661599448bb19867c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b0063c1842ca42b95639843bd1fa39c0

SHA1
2558d84762cf1f4b3ce6775c8654b381d7dc5dc3

SHA256
10567cb3ff79b08853fa34295ae7511478a0811056695891e95a368dec8e4dce

SHA512
9b95e35af0d9a73592a31a3be45d2972d2ffd46679c0c72441cbb3bedf52a1b1f575f65d79bbd544eac28c55f4c7529f98d7388a2712061b730b94b2c459abfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4f09256137e4db31ea97c9d73d79accd

SHA1
17cd2f44bd695b03d3a84435a0081e1a4dcb6505

SHA256
dc56b7384977a236f33582d4af82f021deb6c9fd814bf1eb5b787523fca6080f

SHA512
f0b20112f6354589e28885c65f1ec3f266ab2cf244867b0c0c10abda728a0da472ff043fa319ad15b034563a28748b9692ccd2c10a3eb1f62618eeb36037d152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1b9231b66d51d45e056b47f8787863fd

SHA1
2dae9268f61e8a97ecb1c65e45ebfbd14715fac3

SHA256
8e623791bfdbb9a06284eb6b65d64fc5c1a0dfb1c127b6a87c58b1f3bcd990f2

SHA512
c938064e3e73435edf97bbf05fec9ded2ac5965df3e79a0a15c167c60ea4f1389c3fcee58cf82ece874ade6d6758b57590816406a65e86baffd152d57fcd0492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6895e9f4b45d86af56d2da2f738cdcab

SHA1
2893b31667b5933fecd09b4572d1dd3bc82d1ec5

SHA256
600d8bf69c13616260df99be6196acc9cbb3429eb83f009fff6f4a5ab5d12727

SHA512
0225ffcac13e375ae7073347331f62673003c963354b91d4e155d33e6cf109618902ac3ae92b5370b329bc09db1c1761cafddea2ab8b654de83bb5d5f45b32e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8ae1af78b27d46830f05d89c764c55a1

SHA1
c6486baa19a668d1ebe34185d6313925d258f232

SHA256
e4f4fa401ed690f81fb4cbb28c96dceee3a49e5383e14abaf99db389064a161e

SHA512
7323aba1922e1b5d33eec4fff579b4556cf061cdf28e04bbca9354e5724566fadf001560e13e08d23f8717591dadc8afca69e9fc135bc06027e55afd5f2679b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b8ec26431fbd5daa10f64264339da338

SHA1
612fe45304d53d9337107cf076bece1056499961

SHA256
c7a34043df6359db72cfadf5950ea3f8c41c8b9f72c22c455da99e0921c5420f

SHA512
323f5aea4ce65500b146cc88bb7946f40352bafe2b70fe3dd6e410640beb36fd482b4c7613486ecf3453219df1beaf53ad3ac758b02b37c13ac2d2093433c5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
03499d2333e847b70f7f7458fdb68429

SHA1
7dec34c5742a66000ba80b37f0b988905f14c134

SHA256
2e61102b33e724b29096845657f724934718791ba4d4925beff6c94b9e0524ed

SHA512
800f9d67fa1308733eb3949965f28bcbcf32c618f87eb6ca41efa307288026f981c4708d89ab65a11e6b7574a3bcc4131a0520b8c275a7f2c03020fc462e4e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
770a7c9b2c2259db93930494285c51bf

SHA1
64a221ebedb09e2058432c9f81386a2984d4656d

SHA256
ce709744e82317afd848d4a38f3eb3c96b72cd70d78f29e0c9acbd605127be11

SHA512
781f116bdeca1f6d0c22dce65e80c55813c0a1fe929ddf0e2f4839136f7206d0d12719018f323607144e0ff146f5a2dabe18aacd19288fc86e3564b3ccfcf5fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2d131627e2ddc523b2dc1ffbe93f5819

SHA1
c9cfb44657185ebb16195bbc35d47901c23c55f2

SHA256
9755b9e06a7416660f766401ce8a82a8d3f32cdf4561358f06a5add7a0d8a64b

SHA512
2bbc0d5000cba9e67616e7153ac478e50453a90d3594ca38e868c7a36b0bcf5a866a72e885bf9fe1329d8b1bbce8f0be7cc550fb88dd3c4378c140d85edd9d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0b45b0331b59bf05063026fe5c29820c

SHA1
fb7775c6d43d3881d8103cc045cccea3d8bc6b8f

SHA256
207e59df0f20f11ebbc2e65c6bde21913303df9eb4fa8c2fa46c4790b5441b45

SHA512
850154958bbc5a63604f84f4f023a55e4e46645c6f61e2943416672295e71e6f0ac7937c4b03538da8b998a47240e4ce916fe3dd9819639a0e196241a1492364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
11491cbe2c9280fec5fe6c00f6ec59ce

SHA1
ddaf6f079ceb587254ddac6f160075d8a46a3639

SHA256
ed1453343a62850801688dc0491b12bbb2dee88187d0b284a36cd6fff2ca7b15

SHA512
c3c3c37466c1262fca18e01011500302c70f4dc8523653b69fdf29a78764c34e4d2674009c9be06d0be0656ed2da6c1917c29cf0580981f582ef6488a99d9fe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f9829ba6ff1d9b15890a868b9e2c9cd7

SHA1
dc843ae839c5056331c69225100e0c7f61327c48

SHA256
f7828960bfc44fd1cea9357d38735239c1faf47a3cd7df4f739c5f45c25e3f8d

SHA512
33758c28abe0e03d7d80cadf02c0e2c986102ca91a09dda120fdc12372402b5cb348a19ea8237f20c66b17d810218145f3f19e22b9ef3d9d12282ce15a2a733a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6412052c72b23df1258efebd63f19c87

SHA1
37765de617da5a48f2cafa6a63d02957e2717707

SHA256
291318561cd51349353c57488cb677c96d4e39d0be0975e854751631c12eb588

SHA512
0130368cc1909c8845ce69a0d243905b8ad572987beb5e56664e2dcb4a76973a0615b27ef152fb18eb0971e7da921f3ef42611c839bd88f116f58fdc375bd44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd6c545673a825d5511b25bb88fe344d

SHA1
c59ff8c6a0b9471f7802d086dd581bd54fde354e

SHA256
29755b09a8999fed3e4378e3d300a7412a7ff59343c4fbeaf813768e7956be27

SHA512
bff6428b93fc73953c28566a432b013b45025fe1059751f61235f135987cdddae12121b368c4fa8227d925a016d2bc430c3bdbff8388bf1d59d7883dcf4df47f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12736dade97d9638e2e5219bc0ce9550

SHA1
1832c0ddd920cf225f8ae52f2dbe4612457ff0a7

SHA256
ead469dee0dd82765da5ea61b0f92c118ece3d1147e1043c02e38905ea706cc2

SHA512
136a9da31f0c0dc49df86ce4b9cdb5e1bf602ec628eef7afaf5b7da3ef87e1c4cfd70931b9b6d8973c16cefe073afe5b55bef3312fe591e043e83b751e7758d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a040758602215ffc736f0cf0d39f503

SHA1
a657d69ae87ed355df8ec3bcad44b7ab90ad3177

SHA256
c1c34b56cfa736c72bd4f756cbe0f873ced64cbd52af10d716a293418945de6c

SHA512
6922b67a9a806c265c47d862a24d42b6aa31b069c319b14716efc2b936734057c3784191706c3c80bf3a5acc591c6eb0c56caca6965d1c7ea7abc8782d4d4890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
254b5b463da724779c32702ad4c82d06

SHA1
5593533c7572cb1286ba67cc889b9e2001984c0f

SHA256
9315f99d3a66286d0efb6ecf520ab147c0d0aa11be63c2253dcc04a1a21054a7

SHA512
610a003d97bccf31bd349d14ddf27f0238a524b74e54c4d6c8dbb1f2fd1447573d17226837a6bc1c000a4e4f74b5a635f07589c16c9868853d59fe75015aa847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d6d4eb2e5bf1ba81d24961aa24980988

SHA1
67332d771eb3ff4e618a24d10370a9bebe8c65e8

SHA256
2cc4498e3d163c69269524354b86a65cd62eb15e7fd79a254c674d8de6f0aa5d

SHA512
f4de4111b27074ec8ee33a0b207e3cd48977dd19c20c2ec73101403ae9f68cc16354e7e9b0a53e7bd321c3a7c31ffe9084112075d9c5e0bff9db21a83d034fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
6e4471f872198f654de8321778ddc861

SHA1
d010813e7f86daadf8c8e0c365ff80fec58370af

SHA256
b215826fdb9429c1a7014b4389882b0b0ab6dd683ae01d10533f1c3e79d5bffb

SHA512
56cfc81e74b69ed7e20c512187c04cccefc961f91efb0517df723b518367c6acb7f83dd542b87c4901ed84d97b5bb9f51660481dc83c6488a5995410303c7ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c8de.TMP

Filesize
370B

MD5
81ebf0fdc3b8f1b574ab785123770591

SHA1
a183fa9116f38e0d79c6391e1d7fe625f1aff441

SHA256
6ae0c3f757a23710bd55a98f7c507ceeab8f21b26aefd0e9ac3198d8a87ff31d

SHA512
8066af1e61344f9adb2f4f1a57ef476d63fca151d768dbdf479d659bf393d057a8ab6411d7302247d0a60046252b763b1ba3749da58b99038097f6f1aeebfc7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f17ea534f35552e429f78a92f93c6eef

SHA1
0ec9f710e32a6f829408ba84fd53081f754dd821

SHA256
eb5f63134acacf4ea8e0ae7ffc4fd273ca3c72e1ebd011f02f7dd301eeb157d3

SHA512
a43d88d796a628e35d0ceef9fa7f7a374e58bcf89adb2bc3e5508ab73de1ad47619e7653fe96b81b086d092041a401b5b7aa531da36d7d24fcd2dd50c60aff65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
12269675ba723b9628c741dcb9cfaa6a

SHA1
335888b4754bbcd2c9a09ba87024e88d857019b6

SHA256
56f6f92a091dccd595d244e44be620b199ca14ddb919bbffe67d12a816d9f99f

SHA512
3a17eb88775d3bdeab0e71f3d4346cc87e0b47d2b96472bd96490bdfb2810b7318f66f3d9170fbbccd124e4d86cb61b6b7245607e5471413fe8cb90c227d9330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9b9e2c885adaf5d687878fe2877dda22

SHA1
f1d3a1390ae3c9ea5e4ebad62f4d1e0a0bc2fdef

SHA256
832eda74178c8f7195ba601e752f6ed70b653d7acc738fa676a2fd7993cd746f

SHA512
6ca459c26b509b26112a09d4576cf99650eb18d34cb7a7a52be17ea0d876c116a1038857a9e0f6da4fc5819811fd125580b7570ce26c152944b0226294931402

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 10023.crdownload

Filesize
10.1MB

MD5
69f6b1e44f6be5c2bc58211a16a8ac56

SHA1
40491be82cf0771f6e73d3a66f7800c60520c436

SHA256
63c12420b11eca90d0f05906f4d498299182b073b460637e21b4e11ff803c93a

SHA512
96fbb1796c6c1d0497992fb19f863df0435bfe224895f2a412fc8eeb2265db7741e1a8037779b724f461cf29bd5472139728c48c48129df719ca8a639dbeaf6c

Download Submit