hxxps://crack[.]desktop[.]ac/adobe-premiere-pro/

Analysis

max time kernel
900s
max time network
936s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://crack.desktop.ac/adobe-premiere-pro/

Score

8^/10

agilenet

Malware Config

Signatures

Downloads MZ/PE file
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

Аdоbе Рrеmiеrе Рrо 2024.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation Аdоbе Рrеmiеrе Рrо 2024.exe
Executes dropped EXE 4 IoCs

Processes:

Аdоbе Рrеmiеrе Рrо 2024.exeАdоbе Рrеmiеrе Рrо 2024.exeАdоbе Рrеmiеrе Рrо 2024.exeАdоbе Рrеmiеrе Рrо 2024.exe

pid process

4120 Аdоbе Рrеmiеrе Рrо 2024.exe
3024 Аdоbе Рrеmiеrе Рrо 2024.exe
536 Аdоbе Рrеmiеrе Рrо 2024.exe
2428 Аdоbе Рrеmiеrе Рrо 2024.exe
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
agilenet

Processes:

resource yara_rule

behavioral1/memory/4120-184-0x0000000000D60000-0x0000000001D60000-memory.dmp agile_net
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1352 4120 WerFault.exe Аdоbе Рrеmiеrе Рrо 2024.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\International\Geo\Nation	Аdоbе Рrеmiеrе Рrо 2024.exe

pid	process
4120	Аdоbе Рrеmiеrе Рrо 2024.exe
3024	Аdоbе Рrеmiеrе Рrо 2024.exe
536	Аdоbе Рrеmiеrе Рrо 2024.exe
2428	Аdоbе Рrеmiеrе Рrо 2024.exe

resource	yara_rule
behavioral1/memory/4120-184-0x0000000000D60000-0x0000000001D60000-memory.dmp	agile_net

pid	pid_target	process	target process
1352	4120	WerFault.exe	Аdоbе Рrеmiеrе Рrо 2024.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 288608.crdownload:SmartScreen msedge.exe
Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid process

4220 msedge.exe
4220 msedge.exe
4516 msedge.exe
4516 msedge.exe
2140 identity_helper.exe
2140 identity_helper.exe
4980 msedge.exe
4980 msedge.exe
4980 msedge.exe
4980 msedge.exe
4708 msedge.exe
4708 msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 288608.crdownload:SmartScreen	msedge.exe

pid	process
4220	msedge.exe
4220	msedge.exe
4516	msedge.exe
4516	msedge.exe
2140	identity_helper.exe
2140	identity_helper.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exe

pid	process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

Аdоbе Рrеmiеrе Рrо 2024.exeАdоbе Рrеmiеrе Рrо 2024.exeАdоbе Рrеmiеrе Рrо 2024.exeАdоbе Рrеmiеrе Рrо 2024.exe

description	pid	process
Token: SeDebugPrivilege	4120	Аdоbе Рrеmiеrе Рrо 2024.exe
Token: SeDebugPrivilege	3024	Аdоbе Рrеmiеrе Рrо 2024.exe
Token: SeDebugPrivilege	536	Аdоbе Рrеmiеrе Рrо 2024.exe
Token: SeDebugPrivilege	2428	Аdоbе Рrеmiеrе Рrо 2024.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

msedge.exe

pid	process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4516 wrote to memory of 1652	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 1652	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4412	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4220	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4220	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe
PID 4516 wrote to memory of 4356	4516	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://crack.desktop.ac/adobe-premiere-pro/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa719d46f8,0x7ffa719d4708,0x7ffa719d4718
2⤵
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
2⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
2⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
2⤵
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
2⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
2⤵
PID:612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
2⤵
PID:4760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
2⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3416 /prefetch:8
2⤵
PID:3180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6200 /prefetch:8
2⤵
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
2⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5744 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4708

C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe
"C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 2284
3⤵
- Program crash
PID:1352

C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe
"C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3024

C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe
"C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:536

C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe
"C:\Users\Admin\Downloads\Аdоbе Рrеmiеrе Рrо 2024.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
2⤵
PID:1724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
2⤵
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
2⤵
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
2⤵
PID:1132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
2⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
2⤵
PID:2956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
2⤵
PID:4100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
2⤵
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,14295903028988167559,16498732674307372786,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3220 /prefetch:8
2⤵
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4120 -ip 4120
1⤵
PID:3700

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Аdоbе Рrеmiеrе Рrо 2024.exe.log
Filesize
608B

MD5
0d10b788f0201c832c3e92d5c1efc3f2

SHA1
e5c647c48e14818d8cc6884ca64c63da30d3d2b6

SHA256
e92e8f171280a9481123ac3f0d424feeaed503969a241f69019eaa6c5ac55c43

SHA512
217b4fbce5c1a840f7fd918194ccf5c078b46c29196bf3fac327f826ef86d0f4dcfce8df5b522255f4cd8a39980c6b3c1347006bbd09749f0ecc7562f76c0e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a27d8876d0de41d0d8ddfdc4f6fd4b15

SHA1
11f126f8b8bb7b63217f3525c20080f9e969eff3

SHA256
d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe

SHA512
8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f060e9a30a0dde4f5e3e80ae94cc7e8e

SHA1
3c0cc8c3a62c00d7210bb2c8f3748aec89009d17

SHA256
c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79

SHA512
af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
fea5a3353d0383c53f6b23d140463856

SHA1
d66dde218c01ce521e7fe33cff69bd2612b4960f

SHA256
e4847b9ef25d8a38c0f8ce5088c152006188b5fa6aca2e054d7ee8fe3be29249

SHA512
3ffce1198ca2a71447ca7730e596aba9ebdfefbd2721dd246816accaa3e2a357788579c8760652d42718833f8f0635fcbfeeccaea3e0362e762f08d76d02a9c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
72B

MD5
dee387aed91e0a193b9e984832c93b00

SHA1
36aaa35d47e6da7a49d91a24e1673e7d1a9dc43a

SHA256
cacc8616d7ae2c6ebc599806957bce4debb111bbf44e9f188bedbe28181fd43f

SHA512
fe2be7559724c5b600311bca2b0546b3a2772c08adec4fda951c92a68b12468b1ee3f1cf3b31a0bdead9c106de2ba370663d069bd6033f05303a2070dceb693c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
184B

MD5
0dba1514a4e2e9056d991bfe811c7dbc

SHA1
2113cacbb530d5dbd561aedeb27352ff264ffa25

SHA256
67de5ab0f572bbc1ace7f8af0f303548889bab1080484be548051f7c57229506

SHA512
941fabc7214b54e3b83c693b11b4f1d3b3060f679b29c694c83d5063778e3b0aaa791776be566d87739fddf4295ce43c5b62eb505b0266cfe92c0f271a6fa234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
184B

MD5
665949ca3b07f56fd6f74679c1ca2c76

SHA1
99af0a4222776d2147d8d8b42b53d65972caa3f9

SHA256
7f38665926648a57b62d0b1b01a20cca51ba33c0f240017f5d0b81fc4761f1dc

SHA512
b3fc6df8b8ea180169d1ec966ee24aedaaf803e21d8feb9082dd7df7fbbba74536ab0e0985f5c7b839454ccde3b81116b0085e01551da9e39ed3f0d6eb5f129b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
b296e7a29d0308bc49e8af3eaef4b81d

SHA1
c252b247b2566087f9e7ca29b646755d1305f82e

SHA256
02debf3324cc7480e24dfacd0068c474c985e84c15b777a3da02732e23402498

SHA512
ce6b1804d0962f21e6976c8f638cc2236e87221f9432af96524f4e9f6de1a5ea1ed6055ca7040e5b32c275b73003c0063bf0ee8971bac76728c69fc470c73303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
801d184f0c52de79e50984323039bf2b

SHA1
a6e65166970f1a56c6835b8e10deb3bda4c7ba32

SHA256
a39e561baeaf983681d6afd66e9a0b787660d88d4822f853af610733fe502cc3

SHA512
936bb1fe427e8ebebc9c5570788addc32d30ae727d2aae49528e3df910d4eb3c9f35dea5f2089971e2b78121300d357cac5ca76cfca06572e3c00a495d0f3c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
a8ecc06ed6e4e51168435cc26fed7df5

SHA1
b2ec50ff53382bc77af4d6e619930b29432de03f

SHA256
149536f6a21912a3228f7d5702a1de2ae94613c19354b2096aa4e7765c7948cd

SHA512
f6441893b495f2349cb48bfde0541024afa27619bae34a502cfe8d996099264b1bb0128e6bbb27bb10259b8ed009da418c14794e195f16df4229cabd5d746453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e5b1bb52b408aa798e53f29b3b352e2f

SHA1
e5bd6002f0127aaea730063082142f0b62bc6309

SHA256
f9f73118bdea9b3727d6322b7a439324f12febe3d6aa29cfd5539589f7e95bb4

SHA512
a8174d13c4fd35a700d2f623b10c364af15ff2e2727fc6b808cfecdbe153749f99164b3031858b75012a369e69e54f3676ffe813bd610b295f10a1f4eb585fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
f421a4cc7efdc9d03038428cd87200a5

SHA1
25bfc2daaedcf282702b59ec82c5a39621d3b1e8

SHA256
d964d9b463e9f14536de6fff766cf4a61964b94c2264f097012ad3482b414b41

SHA512
663250450a981706fd36d5841cd6aa2720f4ec383b03bf717ce4ba8727a664b3de6bf50da83beb8bebc6376c9e3b4c9ac8ba4f0888aa0cc368b2260214c85107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
6a3c5be46fae95c31c103be82672e424

SHA1
b6dfee7e7b3ffc66fa4f65e22c30a0dbbb087762

SHA256
962daf4e820051685bb73f1e8e58e59e1b5dcfdbd1bdb6f4299f290eed1752e4

SHA512
831eb85538baa4bc94c566ddcb72eb63bcb283b0ff89851758a308f9a784e3220b23def751ba1b14b0b54b4b605699cb30f13dc5cd2f306a62335ffd0cb76938

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5beec1.TMP
Filesize
48B

MD5
b24ce0452794d3c86113b7b8248819ef

SHA1
4452ac076d2fc3b78d91bded4e35fe6d019f8651

SHA256
2d02c12f4f0d7ba903912f3d44a1fccd01a144cd2ca11d9caea4cd53f852a207

SHA512
2c2a84c4a16e75f2c6314a9343e01289bca9c03ea139a170da85474879a225028fd390aa8f2eb0666cffff8168eeafa26c8456f3515c79ba848d5451ec4d6682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
99b6e74ab05d35ed1a3fcae8bef40977

SHA1
f661d87d8653fdf98b9f5624c7889f7af462ef18

SHA256
6d4987f1354e47499149497476952ee85f9b8da3c5db7b5aec9a35f7d7ccfaee

SHA512
410dbe9b45948754673993abb332d231f1e045037d56c9fb83162c1ce38cbef396f5aa137f787b3c29ac468dcb372581610e0b0a4f181e1bcbfdf44e279193d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b79c515c0218e1e628da2cb7b3160bc2

SHA1
bcfdefa7259bc5ccb9fc86e07140067773fb8c5b

SHA256
0141e0895d1074879846c4429beb3ed3ba049dead2705b311b1fc354e1539cc5

SHA512
3158e43293d785a6397f5f1dda88dd0be97e46521360458e825b2ce0351c1ee7c772e74f21e2ff8cfff39efe1d1dc3acc1a16a0dfd34c28dedad131b5a6e5297

Download Submit
\??\pipe\LOCAL\crashpad_4516_YUPHZCKNULKTRCQH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4120-197-0x0000000013710000-0x0000000013786000-memory.dmp

Filesize
472KB

Download
memory/4120-184-0x0000000000D60000-0x0000000001D60000-memory.dmp

Filesize
16.0MB

Download
memory/4120-185-0x000000000BFA0000-0x000000000C006000-memory.dmp

Filesize
408KB

Download
memory/4120-202-0x0000000013930000-0x000000001394E000-memory.dmp

Filesize
120KB

Download
memory/4120-201-0x000000000BF90000-0x000000000BF9A000-memory.dmp

Filesize
40KB

Download
memory/4120-196-0x0000000009970000-0x0000000009996000-memory.dmp

Filesize
152KB

Download
memory/4120-195-0x00000000320C0000-0x00000000330C0000-memory.dmp

Filesize
16.0MB

Download