Analysis
-
max time kernel
900s -
max time network
936s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
05-07-2024 06:08
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://crack.desktop.ac/adobe-premiere-pro/
Resource
win10v2004-20240704-en
General
-
Target
https://crack.desktop.ac/adobe-premiere-pro/
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Аdоbе Рrеmiеrе Рrо 2024.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation Аdоbе Рrеmiеrе Рrо 2024.exe -
Executes dropped EXE 4 IoCs
Processes:
Аdоbе Рrеmiеrе Рrо 2024.exeАdоbе Рrеmiеrе Рrо 2024.exeАdоbе Рrеmiеrе Рrо 2024.exeАdоbе Рrеmiеrе Рrо 2024.exepid process 4120 Аdоbе Рrеmiеrе Рrо 2024.exe 3024 Аdоbе Рrеmiеrе Рrо 2024.exe 536 Аdоbе Рrеmiеrе Рrо 2024.exe 2428 Аdоbе Рrеmiеrе Рrо 2024.exe -
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral1/memory/4120-184-0x0000000000D60000-0x0000000001D60000-memory.dmp agile_net -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1352 4120 WerFault.exe Аdоbе Рrеmiеrе Рrо 2024.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 288608.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 4220 msedge.exe 4220 msedge.exe 4516 msedge.exe 4516 msedge.exe 2140 identity_helper.exe 2140 identity_helper.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4980 msedge.exe 4708 msedge.exe 4708 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
Processes:
msedge.exepid process 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
Аdоbе Рrеmiеrе Рrо 2024.exeАdоbе Рrеmiеrе Рrо 2024.exeАdоbе Рrеmiеrе Рrо 2024.exeАdоbе Рrеmiеrе Рrо 2024.exedescription pid process Token: SeDebugPrivilege 4120 Аdоbе Рrеmiеrе Рrо 2024.exe Token: SeDebugPrivilege 3024 Аdоbе Рrеmiеrе Рrо 2024.exe Token: SeDebugPrivilege 536 Аdоbе Рrеmiеrе Рrо 2024.exe Token: SeDebugPrivilege 2428 Аdоbе Рrеmiеrе Рrо 2024.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exepid process 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe -
Suspicious use of SendNotifyMessage 28 IoCs
Processes:
msedge.exepid process 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4516 wrote to memory of 1652 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 1652 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4412 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4220 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4220 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4356 4516 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://crack.desktop.ac/adobe-premiere-pro/1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa719d46f8,0x7ffa719d4708,0x7ffa719d47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3416 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6200 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5744 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe"C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 22843⤵
- Program crash
-
C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe"C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe"C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe"C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3220 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4120 -ip 41201⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Аdоbе Рrеmiеrе Рrо 2024.exe.logFilesize
608B
MD50d10b788f0201c832c3e92d5c1efc3f2
SHA1e5c647c48e14818d8cc6884ca64c63da30d3d2b6
SHA256e92e8f171280a9481123ac3f0d424feeaed503969a241f69019eaa6c5ac55c43
SHA512217b4fbce5c1a840f7fd918194ccf5c078b46c29196bf3fac327f826ef86d0f4dcfce8df5b522255f4cd8a39980c6b3c1347006bbd09749f0ecc7562f76c0e98
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a27d8876d0de41d0d8ddfdc4f6fd4b15
SHA111f126f8b8bb7b63217f3525c20080f9e969eff3
SHA256d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe
SHA5128298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f060e9a30a0dde4f5e3e80ae94cc7e8e
SHA13c0cc8c3a62c00d7210bb2c8f3748aec89009d17
SHA256c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79
SHA512af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000dFilesize
211KB
MD5151fb811968eaf8efb840908b89dc9d4
SHA17ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA51283aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5fea5a3353d0383c53f6b23d140463856
SHA1d66dde218c01ce521e7fe33cff69bd2612b4960f
SHA256e4847b9ef25d8a38c0f8ce5088c152006188b5fa6aca2e054d7ee8fe3be29249
SHA5123ffce1198ca2a71447ca7730e596aba9ebdfefbd2721dd246816accaa3e2a357788579c8760652d42718833f8f0635fcbfeeccaea3e0362e762f08d76d02a9c9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5dee387aed91e0a193b9e984832c93b00
SHA136aaa35d47e6da7a49d91a24e1673e7d1a9dc43a
SHA256cacc8616d7ae2c6ebc599806957bce4debb111bbf44e9f188bedbe28181fd43f
SHA512fe2be7559724c5b600311bca2b0546b3a2772c08adec4fda951c92a68b12468b1ee3f1cf3b31a0bdead9c106de2ba370663d069bd6033f05303a2070dceb693c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
184B
MD50dba1514a4e2e9056d991bfe811c7dbc
SHA12113cacbb530d5dbd561aedeb27352ff264ffa25
SHA25667de5ab0f572bbc1ace7f8af0f303548889bab1080484be548051f7c57229506
SHA512941fabc7214b54e3b83c693b11b4f1d3b3060f679b29c694c83d5063778e3b0aaa791776be566d87739fddf4295ce43c5b62eb505b0266cfe92c0f271a6fa234
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
184B
MD5665949ca3b07f56fd6f74679c1ca2c76
SHA199af0a4222776d2147d8d8b42b53d65972caa3f9
SHA2567f38665926648a57b62d0b1b01a20cca51ba33c0f240017f5d0b81fc4761f1dc
SHA512b3fc6df8b8ea180169d1ec966ee24aedaaf803e21d8feb9082dd7df7fbbba74536ab0e0985f5c7b839454ccde3b81116b0085e01551da9e39ed3f0d6eb5f129b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5b296e7a29d0308bc49e8af3eaef4b81d
SHA1c252b247b2566087f9e7ca29b646755d1305f82e
SHA25602debf3324cc7480e24dfacd0068c474c985e84c15b777a3da02732e23402498
SHA512ce6b1804d0962f21e6976c8f638cc2236e87221f9432af96524f4e9f6de1a5ea1ed6055ca7040e5b32c275b73003c0063bf0ee8971bac76728c69fc470c73303
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5801d184f0c52de79e50984323039bf2b
SHA1a6e65166970f1a56c6835b8e10deb3bda4c7ba32
SHA256a39e561baeaf983681d6afd66e9a0b787660d88d4822f853af610733fe502cc3
SHA512936bb1fe427e8ebebc9c5570788addc32d30ae727d2aae49528e3df910d4eb3c9f35dea5f2089971e2b78121300d357cac5ca76cfca06572e3c00a495d0f3c16
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5a8ecc06ed6e4e51168435cc26fed7df5
SHA1b2ec50ff53382bc77af4d6e619930b29432de03f
SHA256149536f6a21912a3228f7d5702a1de2ae94613c19354b2096aa4e7765c7948cd
SHA512f6441893b495f2349cb48bfde0541024afa27619bae34a502cfe8d996099264b1bb0128e6bbb27bb10259b8ed009da418c14794e195f16df4229cabd5d746453
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5e5b1bb52b408aa798e53f29b3b352e2f
SHA1e5bd6002f0127aaea730063082142f0b62bc6309
SHA256f9f73118bdea9b3727d6322b7a439324f12febe3d6aa29cfd5539589f7e95bb4
SHA512a8174d13c4fd35a700d2f623b10c364af15ff2e2727fc6b808cfecdbe153749f99164b3031858b75012a369e69e54f3676ffe813bd610b295f10a1f4eb585fdc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5f421a4cc7efdc9d03038428cd87200a5
SHA125bfc2daaedcf282702b59ec82c5a39621d3b1e8
SHA256d964d9b463e9f14536de6fff766cf4a61964b94c2264f097012ad3482b414b41
SHA512663250450a981706fd36d5841cd6aa2720f4ec383b03bf717ce4ba8727a664b3de6bf50da83beb8bebc6376c9e3b4c9ac8ba4f0888aa0cc368b2260214c85107
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD56a3c5be46fae95c31c103be82672e424
SHA1b6dfee7e7b3ffc66fa4f65e22c30a0dbbb087762
SHA256962daf4e820051685bb73f1e8e58e59e1b5dcfdbd1bdb6f4299f290eed1752e4
SHA512831eb85538baa4bc94c566ddcb72eb63bcb283b0ff89851758a308f9a784e3220b23def751ba1b14b0b54b4b605699cb30f13dc5cd2f306a62335ffd0cb76938
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5beec1.TMPFilesize
48B
MD5b24ce0452794d3c86113b7b8248819ef
SHA14452ac076d2fc3b78d91bded4e35fe6d019f8651
SHA2562d02c12f4f0d7ba903912f3d44a1fccd01a144cd2ca11d9caea4cd53f852a207
SHA5122c2a84c4a16e75f2c6314a9343e01289bca9c03ea139a170da85474879a225028fd390aa8f2eb0666cffff8168eeafa26c8456f3515c79ba848d5451ec4d6682
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD599b6e74ab05d35ed1a3fcae8bef40977
SHA1f661d87d8653fdf98b9f5624c7889f7af462ef18
SHA2566d4987f1354e47499149497476952ee85f9b8da3c5db7b5aec9a35f7d7ccfaee
SHA512410dbe9b45948754673993abb332d231f1e045037d56c9fb83162c1ce38cbef396f5aa137f787b3c29ac468dcb372581610e0b0a4f181e1bcbfdf44e279193d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5b79c515c0218e1e628da2cb7b3160bc2
SHA1bcfdefa7259bc5ccb9fc86e07140067773fb8c5b
SHA2560141e0895d1074879846c4429beb3ed3ba049dead2705b311b1fc354e1539cc5
SHA5123158e43293d785a6397f5f1dda88dd0be97e46521360458e825b2ce0351c1ee7c772e74f21e2ff8cfff39efe1d1dc3acc1a16a0dfd34c28dedad131b5a6e5297
-
\??\pipe\LOCAL\crashpad_4516_YUPHZCKNULKTRCQHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/4120-197-0x0000000013710000-0x0000000013786000-memory.dmpFilesize
472KB
-
memory/4120-184-0x0000000000D60000-0x0000000001D60000-memory.dmpFilesize
16.0MB
-
memory/4120-185-0x000000000BFA0000-0x000000000C006000-memory.dmpFilesize
408KB
-
memory/4120-202-0x0000000013930000-0x000000001394E000-memory.dmpFilesize
120KB
-
memory/4120-201-0x000000000BF90000-0x000000000BF9A000-memory.dmpFilesize
40KB
-
memory/4120-196-0x0000000009970000-0x0000000009996000-memory.dmpFilesize
152KB
-
memory/4120-195-0x00000000320C0000-0x00000000330C0000-memory.dmpFilesize
16.0MB