hxxps://crack[.]desktop[.]ac/adobe-premiere-pro/

Analysis

max time kernel
54s
max time network
62s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
29-05-2024 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://crack.desktop.ac/adobe-premiere-pro/

Score

8^/10

agilenet

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

Аdоbе Рrеmiеrе Рrо 2024.exe

pid process

1536 Аdоbе Рrеmiеrе Рrо 2024.exe

pid	process
1536	Аdоbе Рrеmiеrе Рrо 2024.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/1536-125-0x00000000001B0000-0x00000000011B0000-memory.dmp	agile_net

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4804 1536 WerFault.exe Аdоbе Рrеmiеrе Рrо 2024.exe

pid	pid_target	process	target process
4804	1536	WerFault.exe	Аdоbе Рrеmiеrе Рrо 2024.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 309353.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4664	msedge.exe
4664	msedge.exe
3484	msedge.exe
3484	msedge.exe
5104	identity_helper.exe
5104	identity_helper.exe
4460	msedge.exe
4460	msedge.exe
2736	msedge.exe
2736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3484 msedge.exe
3484 msedge.exe
3484 msedge.exe
3484 msedge.exe
3484 msedge.exe
3484 msedge.exe
3484 msedge.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Аdоbе Рrеmiеrе Рrо 2024.exe

description pid process

Token: SeDebugPrivilege 1536 Аdоbе Рrеmiеrе Рrо 2024.exe

description	pid	process
Token: SeDebugPrivilege	1536	Аdоbе Рrеmiеrе Рrо 2024.exe

Suspicious use of FindShellTrayWindow 51 IoCs

Processes:

msedge.exe

pid	process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe
3484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3484 wrote to memory of 832	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 832	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4396	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4664	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4664	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe
PID 3484 wrote to memory of 4120	3484	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://crack.desktop.ac/adobe-premiere-pro/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff876593cb8,0x7ff876593cc8,0x7ff876593cd8
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1668,11079422207057467903,6259751947629451125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2736
- C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe
  "C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:1536
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 2276
    3⤵
    - Program crash
    PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1536 -ip 1536
1⤵
PID:4744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
265243227b80b7e9f2e0ccbfd3de0959

SHA1
661c21fd1349c3f6960fae1a3dff607547ef8228

SHA256
6aeed8fdc1c131bf6056e22a58140392dce13566e07b856f6b2ffeb5cc514a19

SHA512
b1040533638157c6e32cd523c963fd5b6093ccfd047997e93fb00ed5667f2a3f60f69901da6b38def1f34e5ade423010e76afd2f574d40124531480c8ad24f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
67f21ebecf799419dbde3eb584a37f62

SHA1
f1c81d2f96e5b0bc2d82517243d79370870c9378

SHA256
964a707ad7d24d97be68891c156dc2c337425d323a17d80e5772d1240c098510

SHA512
fd53bc12e245c9d0c7b455f26d4bc6b9452620d5d6ea6aa481e83b8b7465e4dda06ebdfed9ed38180db02a98f0219a771a9dafd671fa513c07768ae6d9baf4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0bb70a0b62e31a0221efb530cd81484d

SHA1
0a140ac83658257765f892f7f0311a44a315bb82

SHA256
d758d1f419f58e032cf14fe525ed47fcb7c76c018ad88624701d2f8220a9bbad

SHA512
afc9e58c914f21bf4f97c7c5b38c948b919f543e1addde5c29cee82f3d677de2ef0ac0ece87db93b6647af0c604b580910abbe05f9f3e79c1c0e533a603a45ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0f1a81efd41a147aa2edb273cb8042a0

SHA1
ad938f5fc7480de37b68a5c3a9b081861ba8d374

SHA256
94c602ed3a34756db997611eb235269924daf93f4048da6e33a8c2732c9930f5

SHA512
e7503e73c4d4b7da0a9b4a29f323df1c634cbd2bb8a378eb8029032ca0ae205ca6602e0467a37185f0f9eea138cc2eeac6b7180cfaac7d6f91aa6e5df786dc08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b169bfdb39ec0b9756931d1976179ed

SHA1
2db8752e2242cde378bb249644b4e105428b6291

SHA256
726ea27a7c6fba5dca774ae6f7c1e128748cfc528ff8e78307a87e73e97bf0dd

SHA512
dd612c1fdb2521aab98309c094702d7311b506e519729d16f55ebf0732d4f6df7369744442824249eabd95c41679fdd2db2fbfaeae96f7227252e5f7e4ac76f0

Download Submit
C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\LOCAL\crashpad_3484_IGXSPYEEJLQYJCPJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1536-125-0x00000000001B0000-0x00000000011B0000-memory.dmp

Filesize
16.0MB

Download
memory/1536-126-0x000000000B3B0000-0x000000000B416000-memory.dmp

Filesize
408KB

Download
memory/1536-127-0x000000002FF40000-0x0000000030F40000-memory.dmp

Filesize
16.0MB

Download
memory/1536-128-0x000000000AEB0000-0x000000000AED6000-memory.dmp

Filesize
152KB

Download
memory/1536-129-0x0000000012B50000-0x0000000012BC6000-memory.dmp

Filesize
472KB

Download
memory/1536-130-0x000000000B390000-0x000000000B39A000-memory.dmp

Filesize
40KB

Download
memory/1536-131-0x000000000C2D0000-0x000000000C2EE000-memory.dmp

Filesize
120KB

Download