hxxps://dl[.]malwarewatch[.]org/software/useful/adobe/Adobe%20After%20Effects%202022[.]iso

Analysis

max time kernel
1760s
max time network
1712s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dl.malwarewatch.org/software/useful/adobe/Adobe%20After%20Effects%202022.iso

Score

8^/10

discovery evasion persistence trojan

Malware Config

Signatures

Blocklisted process makes network request 5 IoCs

flow	pid	Process
268	3728	msiexec.exe
270	3728	msiexec.exe
272	3728	msiexec.exe
274	3728	msiexec.exe
276	3728	msiexec.exe

Executes dropped EXE 14 IoCs

pid	Process
3716	AdobeIPCBrokerCustomHook.exe
3720	RuntimeCustomHook.exe
608	vcredist_x86.exe
2068	vcredist_x86.exe
2352	vcredist_x64.exe
2336	vcredist_x64.exe
4020	AdobeIPCBrokerCustomhook.exe
2480	ADSCustomHook.exe
4860	HDCoreCustomHook.exe
3812	TokenResolverx64.exe
4392	RuntimeCustomHook.exe
4084	node.exe
1540	InstallMsi.exe
4532	Cinema 4D Manual Installer R25.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	node.exe

Loads dropped DLL 41 IoCs

pid	Process
2068	vcredist_x86.exe
4448	vcredist_x86.exe
2336	vcredist_x64.exe
3588	vcredist_x64.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4560	MsiExec.exe
4532	Cinema 4D Manual Installer R25.exe
4532	Cinema 4D Manual Installer R25.exe
4532	Cinema 4D Manual Installer R25.exe
4532	Cinema 4D Manual Installer R25.exe
4532	Cinema 4D Manual Installer R25.exe
4532	Cinema 4D Manual Installer R25.exe
4532	Cinema 4D Manual Installer R25.exe
4532	Cinema 4D Manual Installer R25.exe
4532	Cinema 4D Manual Installer R25.exe
4532	Cinema 4D Manual Installer R25.exe
4532	Cinema 4D Manual Installer R25.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3556	icacls.exe

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7} = "\"C:\\ProgramData\\Package Cache\\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\\vcredist_x64.exe\" /burn.runonce"	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe CCXProcess = "C:\\Program Files (x86)\\Adobe\\Adobe Creative Cloud Experience\\CCXProcess.exe"	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	vcredist_x86.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece} = "\"C:\\ProgramData\\Package Cache\\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\\vcredist_x86.exe\" /burn.runonce"	vcredist_x86.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	vcredist_x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Cinema 4D Manual Installer R25.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\desktop.ini	Set-up.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	setup.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\E:	autoplay.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\mfc120ita.dll	msiexec.exe
File created	C:\Windows\system32\msvcp120.dll	msiexec.exe
File created	C:\Windows\system32\mfc120enu.dll	msiexec.exe
File created	C:\Windows\system32\mfc120ita.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcr120.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vccorlib120.dll	msiexec.exe
File created	C:\Windows\system32\mfc120rus.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcomp120.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcp120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120cht.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfcm120u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\vccorlib120.dll	msiexec.exe
File created	C:\Windows\system32\vcomp120.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc120deu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120deu.dll	msiexec.exe
File opened for modification	C:\Windows\system32\msvcr120.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm120u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc120jpn.dll	msiexec.exe
File created	C:\Windows\system32\mfc120chs.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vccorlib120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm120.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120u.dll	msiexec.exe
File created	C:\Windows\system32\msvcr120.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc120.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc120esn.dll	msiexec.exe
File created	C:\Windows\system32\mfc120jpn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120kor.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfcm120.dll	msiexec.exe
File created	C:\Windows\system32\mfc120.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcomp120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120rus.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120cht.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120ita.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120jpn.dll	msiexec.exe
File created	C:\Windows\system32\mfc120u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120esn.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120jpn.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfcm120.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc120ita.dll	msiexec.exe
File created	C:\Windows\system32\mfc120deu.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\msvcp120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\vcamp120.dll	msiexec.exe
File created	C:\Windows\SysWOW64\vcamp120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120deu.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120.dll	msiexec.exe
File created	C:\Windows\system32\mfc120esn.dll	msiexec.exe
File created	C:\Windows\system32\mfcm120u.dll	msiexec.exe
File created	C:\Windows\SysWOW64\msvcr120.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfcm120u.dll	msiexec.exe
File opened for modification	C:\Windows\SysWOW64\mfc120fra.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120rus.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc120fra.dll	msiexec.exe
File created	C:\Windows\system32\mfc120cht.dll	msiexec.exe
File created	C:\Windows\system32\mfc120fra.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc120u.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc120chs.dll	msiexec.exe
File opened for modification	C:\Windows\system32\mfc120kor.dll	msiexec.exe
File created	C:\Windows\system32\mfcm120.dll	msiexec.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	Set-up.exe
File created	C:\Windows\SysWOW64\mfc120esn.dll	msiexec.exe
File created	C:\Windows\SysWOW64\mfc120fra.dll	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\sky\cities.csv	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\resource\Dictionary\fr_CA\	Set-up.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\materials\net.maxon.material.ceramic\asset.info	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\utilities\wood_615e681e_cb8f_445c_8fc6_0937815e0779\1\net.maxon.node.bases.meta	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\dwgobjects\description\CBnurbs.res	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\library\assets\utilities\net.maxon.asset.math.tobarycentric\1\hash	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\build.txt	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\licensing.module\html\id-dev\assets\css\libs\fontawesome\font\fontawesome-all.css	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\bitmapfilter\dialogs\dlg_levels.res	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\c4dplugin\description\olayer.res	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\c4dplugin\dialogs\p_painttool_fillbitmap.res	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\expressiontag\description\gvspline.h	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\interop\description\obodycapture.h	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files (x86)\Common Files\Intel\Shared Libraries\redist\intel64\compiler\svml_dispmd.dll	msiexec.exe
File created	C:\Program Files\Maxon Cinema 4D R25\library\assets\neutron\net.maxon.neutron.asset.effector.wind\1\net.maxon.node.bases.meta	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\c4dplugin\description\bplayerbmp.res	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\newman\description\mt_clip.h	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\c4dplugin\menus_bench\c4d_m_editor.res	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\objects\description\oinstance.h	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\materials\net.maxon.material.carpaint\1\net.maxon.asset.previewimageurl.meta.jpg	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\utilities\net.maxon.asset.math.frombarycentric\1\asset.c4dnodes	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\asset.module\repository\net.maxon.neutron.context.matrix\1\net.maxon.node.category.meta	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\advanced_render\description\vpgisetup.h	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\Exchange Plugins\maya\Win\maya 2019\to_scripts\usersetup.mel	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\library\assets\neutron\net.maxon.neutron.asset.geo.randomselection\1\net.maxon.node.category.meta	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\objects\description\ofriction.h	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\browser\icons\folder_search.tif	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\library\assets\neutron\net.maxon.neutron.asset.effector.plain\1\net.maxon.asset.colorcategory.meta	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\browser\icons\folder_open_locked.tif	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\bitmapfilter\strings_en-US\dialogs\dlg_unsharp.str	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\library\assets\basics\net.maxon.asset.colorcategory.structures\1\asset	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\mograph\description\flpolygonobject.res	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\model\description\xbeveltool.h	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\ca\description\ocastep.res	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\materials\net.maxon.material.metal\1\net.maxon.asset.dependencies.2.meta	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\basics\smartsearch_32791c126a7340848eb75940e0c5abf4\1\strings_en-US.meta	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\c4dplugin\description\bplayerfilterbrco.h	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\library\assets\neutron\net.maxon.neutron.asset.geo.geometryaxis\asset.info	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\neutron\net.maxon.neutron.category.geometry\asset.info	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\utilities\net.maxon.neutron.asset.math.dmstoangles\1\net.maxon.node.category.meta	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\utilities\net.maxon.neutron.asset.math.geopositionstocircledistance\1\net.maxon.asset.dependencies.2.meta	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\library\assets\neutron\net.maxon.neutron.asset.geo.uvtomesh\1\net.maxon.node.bases.meta	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\utilities\net.maxon.asset.utility.color\1\net.maxon.node.category.meta	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\library\assets\basics\subtype_net.maxon.asset.subtype.mediaimage\asset.info	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\c4dplugin\dialogs\p_painttool_magicwand.res	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\browser\description\prefsbrowser.res	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\neutron\net.maxon.neutron.asset.field.radial\1\hash	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Installers\HDPIMSession\_metadata	Set-up.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\neutron\net.maxon.neutron.asset.geo.jitter\1\net.maxon.description.data.info.hidden.meta	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\archigrass\description\tarchigrass.res	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\library\assets\neutron\net.maxon.neutron.asset.geo.smoothpoints\1\strings_en-US.meta	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\c4dplugin\dialogs\p_painttool_burn.res	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\c4dplugin\dialogs\r_createmarker.res	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\asset.module\repository\preset_net.maxon.preset.mediasession.export.asf\1\asset.json	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\sculpt\description\tsculptlinktag.h	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\python\description\gvpython.h	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\neutron\net.maxon.neutron.asset.geo.newlycreated\1\hash	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\asset.module\repository\net.maxon.neutron.context.bbox\1\net.maxon.asset.timestamp.version	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\ca\description\dprojobjs.h	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\mocca\description\toolcharacterdef.h	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\resource\modules\expressiontag\description\gvcross.res	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\resource\modules\c4dplugin\description\mbase.h	Cinema 4D Manual Installer R25.exe
File opened for modification	C:\Program Files\Maxon Cinema 4D R25\library\assets\neutron\net.maxon.neutron.asset.geo.randomselection\1\net.maxon.asset.timestamp.version	Cinema 4D Manual Installer R25.exe
File created	C:\Program Files\Maxon Cinema 4D R25\library\assets\utilities\transform_677a4ca8_f5c5_4aba_b194_cfa18ac96f88\1\net.maxon.asset.versiontag.version	Cinema 4D Manual Installer R25.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e61e530.msi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120_x64	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120kor_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfcm120_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\e61e530.msi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120rus_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\CE6380BC270BD863282B3D74B09F7570\12.0.40660\F_CENTRAL_msvcp120_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9470.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120deu_x64	msiexec.exe
File created	C:\Windows\Installer\e61e527.msi	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\CE6380BC270BD863282B3D74B09F7570\12.0.40660\F_CENTRAL_msvcr120_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120cht_x64	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120esn_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\e61e51f.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_vcomp120_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\CE6380BC270BD863282B3D74B09F7570\12.0.40660\F_CENTRAL_vccorlib120_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8DD8.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfcm120_x64	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\CacheSize.txt	msiexec.exe
File created	C:\Windows\Installer\SourceHash{D401961D-3A20-3AC7-943B-6139D5BD490A}	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120esn_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120rus_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDE9A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1FD9.tmp	msiexec.exe
File created	C:\Windows\Installer\e61e51f.msi	msiexec.exe
File created	C:\Windows\Installer\e61e55b.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120cht_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfcm120_x86	msiexec.exe
File created	C:\Windows\Installer\e61e541.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120kor_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\CE6380BC270BD863282B3D74B09F7570\CacheSize.txt	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_vccorlib120_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\CacheSize.txt	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120rus_x64	msiexec.exe
File created	C:\Windows\Installer\e61e575.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\SourceHash{53CF6934-A98D-3D84-9146-FC4EDF3D5641}	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120ita_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI7183.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfcm120u_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\CE6380BC270BD863282B3D74B09F7570\12.0.40660\F_CENTRAL_vcomp120_x64	msiexec.exe
File created	C:\Windows\Installer\SourceHash{010792BA-551A-3AC0-A7EF-0FAB4156C382}	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfcm120u_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3F36.tmp	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_vcamp120_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\CE6380BC270BD863282B3D74B09F7570\12.0.40660\F_CENTRAL_vcomp120_x64	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_msvcp120_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120chs_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\CE6380BC270BD863282B3D74B09F7570\12.0.40660\F_CENTRAL_msvcr120_x64	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI1FC9.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\12B8D03ED28D112328CCF0A0D541598E\12.0.40660\F_CENTRAL_msvcp120_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120fra_x86	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120jpn_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120kor_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfcm120u_x86	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\CacheSize.txt	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120enu_x64	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\44DB0475D85BA123FA0CD6D35465DDC6\12.0.40660\F_CENTRAL_mfc120jpn_x64	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8122DAB1-ED4D-3676-BB0A-CA368196543E}	msiexec.exe
File created	C:\Windows\Installer\SourceHash{F70BCE36-25F2-4475-A918-6209B3D85BF3}	msiexec.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\8520DAD7C5154DD39846DB1714990E7F\12.0.40660\F_CENTRAL_mfc120_x86	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000dcccb42f1bc641320000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000dcccb42f0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff000000000700010000680900dcccb42f000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000dcccb42f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000dcccb42f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000003	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\HardwareID	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Service	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Cinema 4D Manual Installer R25.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Cinema 4D Manual Installer R25.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Cinema 4D Manual Installer R25.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2612	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "11001"	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe

Modifies data under HKEY_USERS 21 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\20	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1F	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\20	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\21	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\21	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.aex\ = "Adobe.AfterEffects.Plugin.22"	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.Project.22\shell	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.Project.22\shell\open\command\ = "\"C:\\Program Files\\Adobe\\Adobe After Effects 2022\\Support Files\\AfterFX.exe\" \"%1\""	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\63ECB07F2F5257449A8126903B8DB53F\Redistributable	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\auphd\shell\open\command\ = "\"C:\\Program Files (x86)\\Common Files\\Adobe\\Adobe Desktop Common\\HDBox\\Adobe Update Helper.exe\" \"%1\""	HDCoreCustomHook.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v12	vcredist_x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{61087a79-ac85-455c-934d-1fa22cc64f36}	vcredist_x86.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\INSTALLER\DEPENDENCIES\MICROSOFT.VS.VC_RUNTIMEMINIMUMVSU_AMD64,V12\DEPENDENTS\{EF6B00EC-13E1-4C25-9064-B2F383CB8412}	vcredist_x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.Preset.22	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.RenderSettings.22\DefaultIcon\ = "\"C:\\Program Files\\Adobe\\Adobe After Effects 2022\\Support Files\\AfterFX.exe\",-1007"	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.pct.22	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D169104D02A37CA349B316935DDB94A0	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D169104D02A37CA349B316935DDB94A0\Assignment = "1"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\63ECB07F2F5257449A8126903B8DB53F\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AfterEffects.Project.22\protocol\StdFileEditing	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A5C44959597D2DA458016835770864D3\63ECB07F2F5257449A8126903B8DB53F	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.ProjectTemplate.22\shell\	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\63ECB07F2F5257449A8126903B8DB53F\PackageCode = "5945BCC491DF14C499846B99372877EC"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\PackageCode = "82C7CC9682E1077408579187FC5DC13E"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pict	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB297010A1550CA37AFEF0BA14653C28	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB297010A1550CA37AFEF0BA14653C28\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB297010A1550CA37AFEF0BA14653C28\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.jsx\ = "Adobe.AfterEffects.jsx.22"	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D169104D02A37CA349B316935DDB94A0\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{D401961D-3A20-3AC7-943B-6139D5BD490A}v12.0.40664\\packages\\vcRuntimeAdditional_x86\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4396FC35D89A48D31964CFE4FDD36514\Version = "201367256"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\C05586832351A613E9FF58906A9EF297	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.psd.22\DefaultIcon\ = "\"C:\\Program Files\\Adobe\\Adobe After Effects 2022\\Support Files\\AfterFX.exe\",-1012"	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.pict.22	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.mgjson.22\DefaultIcon	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\1BAD2218D4DE6763BBA0AC63186945E3\Servicing_Key	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_amd64,v12\DisplayName = "Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\AB297010A1550CA37AFEF0BA14653C28\Provider	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pct	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.json.22\ = "Adobe After Effects JSON"	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.Preset.22\shell\open	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.ProjectTemplate.22\shell\open\ = "Open with Adobe After Effects 2022"	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.Project.22\shell\open\	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{8122DAB1-ED4D-3676-BB0A-CA368196543E}v12.0.40664\\packages\\vcRuntimeMinimum_x86\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D169104D02A37CA349B316935DDB94A0\PackageCode = "5704824E603FB684C9F25BF1545FBCE7"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB297010A1550CA37AFEF0BA14653C28\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.pct.22\ = "Adobe After Effects PICT"	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\4396FC35D89A48D31964CFE4FDD36514	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4396FC35D89A48D31964CFE4FDD36514\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}v12.0.40664\\packages\\vcRuntimeMinimum_amd64\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\auphd\DefaultIcon	HDCoreCustomHook.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.Project.22\DefaultIcon	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.aetx\ = "Adobe.AfterEffects.XMLProjectTemplate.22"	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.Preset.22\shell	Set-up.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AfterEffects.ProjectTemplate.22\protocol\StdFileEditing\server\ = "C:\\Program Files\\Adobe\\Adobe After Effects 2022\\Support Files\\AfterFX.exe"	Set-up.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\63ECB07F2F5257449A8126903B8DB53F\DeploymentFlags = "3"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4396FC35D89A48D31964CFE4FDD36514\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB297010A1550CA37AFEF0BA14653C28\Version = "201367256"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\63ECB07F2F5257449A8126903B8DB53F\SourceList\Media\DiskPrompt = "Disk [1]"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.jsx.22\DefaultIcon	Set-up.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\4396FC35D89A48D31964CFE4FDD36514\PackageCode = "1553588F03D4A6D43BA639FEDAE4EE30"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.mgjson.22	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mogrt	Set-up.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\auphd\shell\open	HDCoreCustomHook.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.psd	Set-up.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\AB297010A1550CA37AFEF0BA14653C28\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Adobe.AfterEffects.AEGraphic.22\shell\open\command	Set-up.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1BAD2218D4DE6763BBA0AC63186945E3\InstanceType = "0"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1792	chrome.exe
1792	chrome.exe
2696	chrome.exe
2696	chrome.exe
4748	chrome.exe
4748	chrome.exe
1340	chrome.exe
1340	chrome.exe
2732	chrome.exe
2732	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
2256	chrome.exe
1820	chrome.exe
1820	chrome.exe
820	chrome.exe
820	chrome.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
3716	AdobeIPCBrokerCustomHook.exe
3716	AdobeIPCBrokerCustomHook.exe
3716	AdobeIPCBrokerCustomHook.exe
3716	AdobeIPCBrokerCustomHook.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
4980	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
3920	Set-up.exe
4572	msiexec.exe
4572	msiexec.exe
4572	msiexec.exe
4572	msiexec.exe
4572	msiexec.exe
4572	msiexec.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3920	Set-up.exe
Token: SeIncreaseQuotaPrivilege	3920	Set-up.exe
Token: SeIncreaseQuotaPrivilege	3920	Set-up.exe
Token: SeIncreaseQuotaPrivilege	3920	Set-up.exe
Token: SeIncreaseQuotaPrivilege	3920	Set-up.exe
Token: SeIncreaseQuotaPrivilege	3920	Set-up.exe
Token: SeIncreaseQuotaPrivilege	3920	Set-up.exe
Token: SeIncreaseQuotaPrivilege	3920	Set-up.exe
Token: SeIncreaseQuotaPrivilege	3920	Set-up.exe
Token: SeIncreaseQuotaPrivilege	3920	Set-up.exe
Token: SeIncreaseQuotaPrivilege	3920	Set-up.exe
Token: SeIncreaseQuotaPrivilege	3920	Set-up.exe
Token: SeShutdownPrivilege	3920	Set-up.exe
Token: SeCreatePagefilePrivilege	3920	Set-up.exe
Token: 33	2024	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2024	AUDIODG.EXE
Token: SeBackupPrivilege	4172	vssvc.exe
Token: SeRestorePrivilege	4172	vssvc.exe
Token: SeAuditPrivilege	4172	vssvc.exe
Token: SeShutdownPrivilege	3920	Set-up.exe
Token: SeCreatePagefilePrivilege	3920	Set-up.exe
Token: SeShutdownPrivilege	3920	Set-up.exe
Token: SeCreatePagefilePrivilege	3920	Set-up.exe
Token: SeShutdownPrivilege	3920	Set-up.exe
Token: SeCreatePagefilePrivilege	3920	Set-up.exe
Token: SeShutdownPrivilege	3920	Set-up.exe
Token: SeCreatePagefilePrivilege	3920	Set-up.exe
Token: SeShutdownPrivilege	3920	Set-up.exe
Token: SeCreatePagefilePrivilege	3920	Set-up.exe
Token: SeShutdownPrivilege	3920	Set-up.exe
Token: SeCreatePagefilePrivilege	3920	Set-up.exe
Token: SeShutdownPrivilege	608	vcredist_x86.exe
Token: SeIncreaseQuotaPrivilege	608	vcredist_x86.exe
Token: SeSecurityPrivilege	4572	msiexec.exe
Token: SeCreateTokenPrivilege	608	vcredist_x86.exe
Token: SeAssignPrimaryTokenPrivilege	608	vcredist_x86.exe
Token: SeLockMemoryPrivilege	608	vcredist_x86.exe
Token: SeIncreaseQuotaPrivilege	608	vcredist_x86.exe
Token: SeMachineAccountPrivilege	608	vcredist_x86.exe
Token: SeTcbPrivilege	608	vcredist_x86.exe
Token: SeSecurityPrivilege	608	vcredist_x86.exe
Token: SeTakeOwnershipPrivilege	608	vcredist_x86.exe
Token: SeLoadDriverPrivilege	608	vcredist_x86.exe
Token: SeSystemProfilePrivilege	608	vcredist_x86.exe
Token: SeSystemtimePrivilege	608	vcredist_x86.exe
Token: SeProfSingleProcessPrivilege	608	vcredist_x86.exe
Token: SeIncBasePriorityPrivilege	608	vcredist_x86.exe
Token: SeCreatePagefilePrivilege	608	vcredist_x86.exe
Token: SeCreatePermanentPrivilege	608	vcredist_x86.exe
Token: SeBackupPrivilege	608	vcredist_x86.exe
Token: SeRestorePrivilege	608	vcredist_x86.exe
Token: SeShutdownPrivilege	608	vcredist_x86.exe
Token: SeDebugPrivilege	608	vcredist_x86.exe
Token: SeAuditPrivilege	608	vcredist_x86.exe
Token: SeSystemEnvironmentPrivilege	608	vcredist_x86.exe
Token: SeChangeNotifyPrivilege	608	vcredist_x86.exe
Token: SeRemoteShutdownPrivilege	608	vcredist_x86.exe
Token: SeUndockPrivilege	608	vcredist_x86.exe
Token: SeSyncAgentPrivilege	608	vcredist_x86.exe
Token: SeEnableDelegationPrivilege	608	vcredist_x86.exe
Token: SeManageVolumePrivilege	608	vcredist_x86.exe
Token: SeImpersonatePrivilege	608	vcredist_x86.exe
Token: SeCreateGlobalPrivilege	608	vcredist_x86.exe
Token: SeShutdownPrivilege	3920	Set-up.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe
2696	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3920	Set-up.exe
3920	Set-up.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 3952	2696	chrome.exe	80
PID 2696 wrote to memory of 3952	2696	chrome.exe	80
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1944	2696	chrome.exe	86
PID 2696 wrote to memory of 1792	2696	chrome.exe	87
PID 2696 wrote to memory of 1792	2696	chrome.exe	87
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88
PID 2696 wrote to memory of 4572	2696	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" https://dl.malwarewatch.org/software/useful/adobe/Adobe%20After%20Effects%202022.iso
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc678b4f50,0x7ffc678b4f60,0x7ffc678b4f70
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1696 /prefetch:2
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2308 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4360 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=980 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2340 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2316 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1544 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1616,5396984625193876320,13930560874591177801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4716

\??\E:\autoplay.exe
"E:\autoplay.exe"
1⤵
- Enumerates connected drives
PID:4944
- \??\E:\Adobe 2022\packages\setup.exe
  "E:\Adobe 2022\packages\setup.exe"
  2⤵
  PID:4032
- - \??\E:\Adobe 2022\packages\setup.exe
    "E:\Adobe 2022\packages\setup.exe" -sfxwaitall:0 "E:\Adobe 2022\packages\..\Set-up.exe"
    3⤵
    - Enumerates connected drives
    PID:4144
  - - \??\E:\Adobe 2022\Set-up.exe
      "E:\Adobe 2022\Set-up.exe"
      4⤵
      Modifies Internet Explorer settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:3920
    - - \??\E:\Adobe 2022\Set-up.exe
        
        "E:\Adobe 2022\Set-up.exe" --pipename={4E353664-EAFC-4753-991F-7667B8203295}
        5⤵
        Loads dropped DLL
        Adds Run key to start application
        Drops desktop.ini file(s)
        Drops file in System32 directory
        Drops file in Program Files directory
        Modifies Internet Explorer settings
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:4980
      - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\customhook\AdobeIPCBrokerCustomHook.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\customhook\AdobeIPCBrokerCustomHook.exe" -uninstall
        6⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3716
      - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\RuntimeCustomHook.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\RuntimeCustomHook.exe" --VC10_win32=1 --VC10_win64=1 --VC11_win32=1 --VC11_win64=1 --VC12_win32=1 --VC12_win64=1 --VC14_win32=1 --VC14_win64=1 --VC14.1_win32=1 --VC14.1_win64=1
        6⤵
        Executes dropped EXE
        
        PID:3720
        
        C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\32bit\vcredist_x86.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\32bit\vcredist_x86.exe" /q /norestart
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:608
        
        C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\32bit\vcredist_x86.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\32bit\vcredist_x86.exe" /q /norestart -burn.unelevated BurnPipe.{682ADF17-3028-4A3B-8491-CE33345F1D26} {50CB5B8B-311A-4138-98F3-895878FC5EC8} 608
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2068
        
        C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
        
        "C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={9dff3540-fc85-4ed5-ac84-9e3c7fd8bece} -burn.embedded BurnPipe.{06A37476-5802-4A66-A11C-4C8CBD721571} {3A3CF106-C615-495D-B030-07C5AAC99A6D} 608
        8⤵
        Modifies registry class
        
        PID:1840
        
        C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
        
        "C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={9dff3540-fc85-4ed5-ac84-9e3c7fd8bece} -burn.embedded BurnPipe.{06A37476-5802-4A66-A11C-4C8CBD721571} {3A3CF106-C615-495D-B030-07C5AAC99A6D} 608 -burn.unelevated BurnPipe.{36D499D7-9825-4D3F-9C4F-67AF7278D51E} {C748232B-13F6-4D21-8903-8A896AA6B04D} 1840
        9⤵
        Loads dropped DLL
        
        PID:4448
        
        C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\64bit\vcredist_x64.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\64bit\vcredist_x64.exe" /q /norestart
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2352
        
        C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\64bit\vcredist_x64.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\64bit\vcredist_x64.exe" /q /norestart -burn.unelevated BurnPipe.{4A96DF45-A46D-471F-91AE-3163C6492F6E} {805C8AFB-F0FD-4556-B201-EB81DFCB2761} 2352
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2336
        
        C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
        
        "C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={042d26ef-3dbe-4c25-95d3-4c1b11b235a7} -burn.embedded BurnPipe.{45FDF34D-3D3B-4337-B131-C8E21A7EB068} {F5C889A0-5565-4790-94DB-340F0E6A7C04} 2352
        8⤵
        Modifies registry class
        
        PID:3492
        
        C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
        
        "C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={042d26ef-3dbe-4c25-95d3-4c1b11b235a7} -burn.embedded BurnPipe.{45FDF34D-3D3B-4337-B131-C8E21A7EB068} {F5C889A0-5565-4790-94DB-340F0E6A7C04} 2352 -burn.unelevated BurnPipe.{C97F9D61-AF52-476F-89F5-7A6B191929D0} {43D93A25-9267-4E8E-BE99-FD5B5D98988C} 3492
        9⤵
        Loads dropped DLL
        
        PID:3588
      - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\customhook\AdobeIPCBrokerCustomhook.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\customhook\AdobeIPCBrokerCustomhook.exe" -install
        6⤵
        Executes dropped EXE
        
        PID:4020
        
        C:\Windows\SysWOW64\icacls.exe
        
        C:\Windows\system32\icacls.exe "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe" /setintegritylevel medium
        7⤵
        Modifies file permissions
        
        PID:3556
      - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\customhook\ADSCustomHook.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\customhook\ADSCustomHook.exe" --install=1
        6⤵
        Executes dropped EXE
        
        PID:2480
      - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HDBox\customhook\HDCoreCustomHook.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HDBox\customhook\HDCoreCustomHook.exe" --install=1
        6⤵
        Executes dropped EXE
        Modifies registry class
        
        PID:4860
      - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HDBox\TokenResolverx64.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HDBox\TokenResolverx64.exe" C:\Users\Admin\AppData\Local\Temp\{A8094E74-F78C-4998-8AF5-BDE3489016DC}
        6⤵
        Executes dropped EXE
        
        PID:3812
      - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\RuntimeCustomHook.exe
        
        "C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\RuntimeCustomHook.exe" --VC10_win32=1 --VC11_win32=1 --VC12_win32=1 --VC14_win32=1 --VC14.1_win32=1 --VC10_win64=1 --VC11_win64=1 --VC12_win64=1 --VC14_win64=1 --VC14.1_win64=1
        6⤵
        Executes dropped EXE
        
        PID:4392
      - C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
        
        "C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe" "C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\js\customhook.js" install
        6⤵
        Executes dropped EXE
        Checks computer location settings
        
        PID:4084
      - C:\adobeTemp\ETR365.tmp\1\support\keyfiles\CustomHook\win\InstallMsi.exe
        
        C:\adobeTemp\ETR365.tmp\1\support\keyfiles\CustomHook\win\InstallMsi.exe -msi_path C:\adobeTemp\ETR365.tmp\1\support\keyfiles\CustomHook\win\w_ccompxe_redist_intel64.msi -log_path C:\Users\Admin\AppData\Local\Temp\AE_InstallMsi_22.2.1.log
        6⤵
        Executes dropped EXE
        
        PID:1540
        
        C:\Windows\SysWOW64\msiexec.exe
        
        C:\Windows\system32\msiexec /i "C:\adobeTemp\ETR365.tmp\1\support\keyfiles\CustomHook\win\w_ccompxe_redist_intel64.msi" /quiet /qn /log "C:\Users\Admin\AppData\Local\Temp\AE_InstallMsi_22.2.1.log"
        7⤵
        
        PID:2964
      - C:\Program Files\Common Files\Adobe\Keyfiles\AfterEffects\22\CustomHook\win\Cinema 4D Manual Installer R25.exe
        
        "C:\Program Files\Common Files\Adobe\Keyfiles\AfterEffects\22\CustomHook\win\Cinema 4D Manual Installer R25.exe" --no_redist 1 --mode unattended --unattendedmodeui none --install_python 1
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        Drops file in Program Files directory
        Checks processor information in registry
        
        PID:4532
        
        C:\Windows\SYSTEM32\taskkill.exe
        
        C:\Windows\SYSTEM32\taskkill.exe /f /im RGContentService.exe
        7⤵
        Kills process with taskkill
        
        PID:2612

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2024

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4172

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
PID:3240

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4572

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
PID:3728
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 2EEEA6EBC09CF5F044D32D0BA3D37685
  2⤵
  - Loads dropped DLL
  PID:4560

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe

Filesize
4.6MB

MD5
25d5826c1136dde91cb8ed3b9319c50d

SHA1
627b989677c7d3d7431ca2d1c591fee095197a1e

SHA256
098467cdf594b08bd6643592f24745f6f37132ab794da2d0263919d5d131bc81

SHA512
73bf5a1b8371bd70df4fb40ed1c08e2ad0db72722634de0167c8bcca7423b0f7fec9fa20bea66521aa051d842442432c623d440873d448af07b85914dbdf532e

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\customhook\AdobeIPCBrokerCustomHook.exe

Filesize
216KB

MD5
5ebb2ee28a6f96cf10e15bfb42360b87

SHA1
472dce740b048c5e4167b94221fb9fee4fcd5bca

SHA256
224317afa7c228c7e381b5cb6705581b04daee95a4c744e95e13e9f4809cfd6b

SHA512
140f2732a68b511e073383e4c28bd262f33e32d9bfc35382126f113646c04079da0f9079ec6fe43b5dc2ad86ddde336e87e25ec29052efc2eb71f9bfa78bbd21

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\customhook\AdobeIPCBrokerCustomhook.exe

Filesize
216KB

MD5
5ebb2ee28a6f96cf10e15bfb42360b87

SHA1
472dce740b048c5e4167b94221fb9fee4fcd5bca

SHA256
224317afa7c228c7e381b5cb6705581b04daee95a4c744e95e13e9f4809cfd6b

SHA512
140f2732a68b511e073383e4c28bd262f33e32d9bfc35382126f113646c04079da0f9079ec6fe43b5dc2ad86ddde336e87e25ec29052efc2eb71f9bfa78bbd21

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\RuntimeCustomHook.exe

Filesize
372KB

MD5
b238a5ef1fe8adca2afc0f55262436dd

SHA1
5bc81f23270ba77d6451dbb22516a065c51eaa71

SHA256
5b941258f18778be0d3356d80053c3c3d7b839205137c0a4da3564db2c74d4e1

SHA512
6e87923fd7ab8e8713093e54ae33af9a6134a118039966a7ad561e6f054ad792ca5f951067da36a250fb2d5ed5cfbbfce4d04a07759e30789d505dec1d56fb14

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\RuntimeCustomHook.exe

Filesize
372KB

MD5
b238a5ef1fe8adca2afc0f55262436dd

SHA1
5bc81f23270ba77d6451dbb22516a065c51eaa71

SHA256
5b941258f18778be0d3356d80053c3c3d7b839205137c0a4da3564db2c74d4e1

SHA512
6e87923fd7ab8e8713093e54ae33af9a6134a118039966a7ad561e6f054ad792ca5f951067da36a250fb2d5ed5cfbbfce4d04a07759e30789d505dec1d56fb14

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\32bit\vcredist_x86.exe

Filesize
6.2MB

MD5
6ef2f8cd8c369b52f0ac5a686e69cbdd

SHA1
6eca75ab25c35d37a08f6f40eea3c6af37659af4

SHA256
52e6dd7ef6198a3b2f68b461a4516542186938ceddfb919e929f4eba711f8a57

SHA512
2ce2d4a86ebab0ce3a5c69345771bfee942fe9718cb491d8c48fdb7a9cfa51c537bd086d5acef05bc0983539b2d6f330e59a1edc8612bea7b1a148edceda3e50

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\32bit\vcredist_x86.exe

Filesize
6.2MB

MD5
6ef2f8cd8c369b52f0ac5a686e69cbdd

SHA1
6eca75ab25c35d37a08f6f40eea3c6af37659af4

SHA256
52e6dd7ef6198a3b2f68b461a4516542186938ceddfb919e929f4eba711f8a57

SHA512
2ce2d4a86ebab0ce3a5c69345771bfee942fe9718cb491d8c48fdb7a9cfa51c537bd086d5acef05bc0983539b2d6f330e59a1edc8612bea7b1a148edceda3e50

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\32bit\vcredist_x86.exe

Filesize
6.2MB

MD5
6ef2f8cd8c369b52f0ac5a686e69cbdd

SHA1
6eca75ab25c35d37a08f6f40eea3c6af37659af4

SHA256
52e6dd7ef6198a3b2f68b461a4516542186938ceddfb919e929f4eba711f8a57

SHA512
2ce2d4a86ebab0ce3a5c69345771bfee942fe9718cb491d8c48fdb7a9cfa51c537bd086d5acef05bc0983539b2d6f330e59a1edc8612bea7b1a148edceda3e50

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\64bit\vcredist_x64.exe

Filesize
6.9MB

MD5
3442ac791166cfcf8453ef6a0ba8f596

SHA1
39bfc2f3f5102f0c222abb265e83abd3bcb5ff45

SHA256
1412263263f44aba40d090b68cf916370bd3e83dd7d4e82bf44d5933f1fc8968

SHA512
1378cb6f06b44a8d2f358ed0d82f507a5945e134b54f7c6a9790d291707b7808f1c3f5eee7f33ceb97e72cf3da9165bd7c7a16c16a3cade079b71eff3049d22c

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\64bit\vcredist_x64.exe

Filesize
6.9MB

MD5
3442ac791166cfcf8453ef6a0ba8f596

SHA1
39bfc2f3f5102f0c222abb265e83abd3bcb5ff45

SHA256
1412263263f44aba40d090b68cf916370bd3e83dd7d4e82bf44d5933f1fc8968

SHA512
1378cb6f06b44a8d2f358ed0d82f507a5945e134b54f7c6a9790d291707b7808f1c3f5eee7f33ceb97e72cf3da9165bd7c7a16c16a3cade079b71eff3049d22c

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\Runtime\customhook\vc13\64bit\vcredist_x64.exe

Filesize
6.9MB

MD5
3442ac791166cfcf8453ef6a0ba8f596

SHA1
39bfc2f3f5102f0c222abb265e83abd3bcb5ff45

SHA256
1412263263f44aba40d090b68cf916370bd3e83dd7d4e82bf44d5933f1fc8968

SHA512
1378cb6f06b44a8d2f358ed0d82f507a5945e134b54f7c6a9790d291707b7808f1c3f5eee7f33ceb97e72cf3da9165bd7c7a16c16a3cade079b71eff3049d22c

Download Submit
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\customhook\AdobeIPCBrokerCustomHook.exe

Filesize
197KB

MD5
64100ce9dd9e670e28a487aabe7c1241

SHA1
4ac3eeb414d7d8d1c80b8644e445d2684991150f

SHA256
e97c8ed6d6c95556c11f73149a54b759548fd144e23f320ffa573709db9ccba7

SHA512
8527b9df907e98f0e810583cb1e64b7f8486e540daea5a7c0052e96d94516290eeb4f22163ed16b17006974d407132565e2c48d653ba385ab86857c0290d7cef

Download Submit
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\customhook\AdobeIPCBrokerCustomHook.exe

Filesize
197KB

MD5
64100ce9dd9e670e28a487aabe7c1241

SHA1
4ac3eeb414d7d8d1c80b8644e445d2684991150f

SHA256
e97c8ed6d6c95556c11f73149a54b759548fd144e23f320ffa573709db9ccba7

SHA512
8527b9df907e98f0e810583cb1e64b7f8486e540daea5a7c0052e96d94516290eeb4f22163ed16b17006974d407132565e2c48d653ba385ab86857c0290d7cef

Download Submit
C:\ProgramData\Package Cache\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcredist_x64.exe

Filesize
455KB

MD5
3284088a2d414d65e865004fdb641936

SHA1
7f3e9180d9025fc14c8a7868b763b0c3e7a900b4

SHA256
102f69b5a98352a6a1a6b26bc2c86ee7611c1f45f5a9ca04f5a8841961f191c6

SHA512
6786fb431addf05df256d0e1383501f96356aa78f66482db9772c58334aead59838abb7db0ea793d4a17627a357598266681c28328485489a21bc2985e751b62

Download Submit
C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\state.rsm

Filesize
822B

MD5
91cdbb5f3119650d3300a20a0a56a3a1

SHA1
24308f2a40737db0d92e615afbc200817455190e

SHA256
63421cc56e8ca9b41f35309e7cf605dd9df9961af1dfb5c67bb34d8968afd2b4

SHA512
3621c8c3809e4ca9a380afbc89cb26c10180d15691efba0ef491e3cc22e0ef851b23d9a6db4ba7e521c2993ea79121adf57e17253b36005c14d8fc376afd2f58

Download Submit
C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe

Filesize
455KB

MD5
0ce624d3a5a586c2bdda26b748da78d7

SHA1
b9ed0a86eae645ba19ed08327888a4474c95e34a

SHA256
fd597b58a578cfa46e1818b3b4b795ca6d25225dc11ee86cd491f3d55d7b235d

SHA512
e5bc577bd319eb3ac70c527acfb313fac817e63f5184e6581f6d813491ca0f1a0f80583c14c2b9f2b8fa1df5938c2ae3318a91bda41171c63cd1670c55a85b7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

Filesize
471B

MD5
c1bab462596ce25e1bdbd47d399ad581

SHA1
cb3941d4c5e5a4961eab50fe605834aa4ab75fdc

SHA256
53b78f6e0d83df95a5f34bb763468a1efd4cf47ca6352417c259c5514a66f566

SHA512
0d9e95596d2f9b04925e3f44d6085db2cc0611cce88deb5a2fc3cc4d961c2b684ee88030eb3709f406626609d6f86feabab020d0f4b43df9d8c68d080d1233f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_EA01B8AC2C0BE6E5850A0487D704D929

Filesize
471B

MD5
6c53fb3e9460c8a928aa38dd1458ba68

SHA1
11d02003fe9e5d9debd2e813cdfdc740979121f0

SHA256
aa30af83fe486ef2096d78d193a82c49e7496e7a0a192a25bfd5c4d3e53272ad

SHA512
e1cc5c0f93923e8f188dc2af923461a7bac3a7cfd1973eb8750886b2f034f0434bd024e0a74ef555043cf53ecd870050872a05d73599ebeb98abff3cf0771fea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

Filesize
396B

MD5
74d10cb938d33ac5cf751fe24f58e8e6

SHA1
e796a137cd538ee7f3f8f6281f38924335e00d67

SHA256
7606dc8756949b43cbbdf6df425d212e01e307be331bfe996a0899a03db97a53

SHA512
70c57e7928ac362fc8354c0d33f484b6f5a45e41b78fdab42204a4384b48e4af780e4891a00fcbfb3410b5f337e8bfaf5186d9a77352068770bb27bbf5a98d1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_EA01B8AC2C0BE6E5850A0487D704D929

Filesize
438B

MD5
e4051d09a27179e3cfb9efd157632339

SHA1
d0fddd71ede23abf6750255b4babe14d2ee054a0

SHA256
3131a9f93b407d22fa92cf5abb95e5bcee64e2d1fb6e79495264da9100d6d8b0

SHA512
201310b3dc6539415f59d022dfc1bd91af4c55575f97465af75bddfcb6c5c74ae8994d84d0f4181353e50b6e1fa14faf81344887e306d13a5abca07119754445

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\ACC.log

Filesize
22KB

MD5
702beea72057a8395be1681442c3ccc7

SHA1
8cc031c34538dfb167016d878779a1abe5e6f213

SHA256
d042b916aa369a18a1b164eeec5ab27f3e3fdd6972d6077e775c8af7f7c553f6

SHA512
f3f821ae548c43fcc0c9081c53a1586ed75b7204e777e568cd1b513ecac92b671d324344a31abb509c8eb2c787b104d8dbb995371b0f00e952601d58f16aa6c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\AdobeDownload\HDInstaller.log

Filesize
9KB

MD5
a396b998ae491991a98d00992525badb

SHA1
2831535ace73a4c467dc8294dec5bc9acd53b2ed

SHA256
ac09ee91792e1ea6cccd39cdde198ef52f1ca10e454e1d60e1d6cd8d9812dc46

SHA512
a1a267e9dd76cc849da82068142135d3dbfe7bf18c4f89ece39e44b2446dde170458541c82d1f3296459e2aede7ac991e7cfde41d2dedec3582c63d8958e4607

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20221203092650_000_vcRuntimeMinimum_x64.log

Filesize
16KB

MD5
cab553d2208ab3e3a47c6206450ad2d5

SHA1
5c95e39b04a8db1deea6b685dc4aa80ff1804cc5

SHA256
c402c9629d90a8ac0f39d3ce976cf5fc2c6ee4e5cebab54409309e04a75cbf1c

SHA512
44166f77b0ce21e7d2eae62dcda8c9180b56b4bb725cb238c39ac7eb2cc3e451ba99c66971e70e3ecf5471a7535d3592ec68f6e8faae15dedab5be7f9597aa12

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_amd64_20221203092650_001_vcRuntimeAdditional_x64.log

Filesize
3KB

MD5
70f0d1bc25001ac90f9382009f09acf1

SHA1
d89ee4d8bea5eea479c0ecfb6a96c6ea753e565c

SHA256
6c60cb944b6beaec6140d783d930a38da68f2aa0cb8487b6332000b89f9f46e1

SHA512
8d134c9ba7483d864591f38b8bba0b6a1c15a99409f5b3a85c186a7cd3b1878438dcaf0c5e7b5e0c00d9668c9564c5dae259f4f709935e3d2b8164ceb382c26f

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20221203092416_000_vcRuntimeMinimum_x86.log

Filesize
2KB

MD5
86b53a2b0259781be111fdc4e1783444

SHA1
4a8433a895c907ace059fe56b53be55cab9ba01c

SHA256
d8a5606545e17929c915d7b699d93c9e926913926b03b33b9281cb3478227c91

SHA512
2424e5828efa22a4040ea35c462cdbb01d9b1ef0977a0e2742889d3ec34e53639efba9fffe8b0d05375329e0134995fee1c956b60e67061a639dd13fd7816b6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredist_x86_20221203092416_001_vcRuntimeAdditional_x86.log

Filesize
2KB

MD5
72bb0b05f32d1ae73d120d26ca3d3aa3

SHA1
52dfc77c54c25eb4e733ccf4849423b8c947a3f3

SHA256
a11134dc7eaae451b020d4df4cf7e2904dc9dc1d129679b76723e3f76196adf1

SHA512
b74e192e9f45c4907977be01974d9563880527b6a2a598547f176ddf6c04db91c2fe2e5772b3cd28cb0e7de2758863c7061cf5dc679e22cbe68a6f06296c41cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.ba1\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\.be\vcredist_x64.exe

Filesize
455KB

MD5
3284088a2d414d65e865004fdb641936

SHA1
7f3e9180d9025fc14c8a7868b763b0c3e7a900b4

SHA256
102f69b5a98352a6a1a6b26bc2c86ee7611c1f45f5a9ca04f5a8841961f191c6

SHA512
6786fb431addf05df256d0e1383501f96356aa78f66482db9772c58334aead59838abb7db0ea793d4a17627a357598266681c28328485489a21bc2985e751b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\cab2C04DDC374BD96EB5C8EB8208F2C7C92

Filesize
5.3MB

MD5
f5879f5f3ffa839a280ab853338de872

SHA1
3b4366abb2da245416531925ebd8c76adc3e90ef

SHA256
1f2f8f5d60dadbc6e4d3d36c88cc54f22af0a615b609609e748782dc26231174

SHA512
96a88601cedf859c9fcd388d9e8d2fd6139f6e69ab6b05b0e044d1a598cd1a066d27a0f7a7c71bd77576dcdd083dec7a55f2cd9de52ff95aac23171c9f9670de

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\cab5046A8AB272BF37297BB7928664C9503

Filesize
1010KB

MD5
361903c5ff86511786d7b450301dd640

SHA1
c9fc04a718a388294658590f1240d8c7e9ee4f82

SHA256
e95d29cbb06bb323d9d43fc2ce61d4565b0866622a83d93df76430a0c252b433

SHA512
78ceaaaa7f3e1a40ac2528e2f169416d6ebfaba54301754035f2a62f845421c8cddaed84770182e51794c9fb32720aec998d453de2bef621de7a7e2b3b35af20

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcRuntimeAdditional_x64

Filesize
140KB

MD5
4f782799f84cd006f7f1c750afb04d8c

SHA1
0cd219d326fd40665d2f1b22569e2517792edfd9

SHA256
8909e5c1d917064983595a4e4717f758c2a8df8f59d7b31a5b79b2f95bd8f7cc

SHA512
cfddad551aa5a35b032b7006b167fd322aff46ec8a2934632c087882b24404ee48083ee38b9110add9846880b1ae0bed136bb21ae751e1d3cde9dc27eaed5915

Download Submit
C:\Users\Admin\AppData\Local\Temp\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}\vcRuntimeMinimum_x64

Filesize
140KB

MD5
87b74c694f295830ffe516ba20de0b93

SHA1
e6996d47bb76ad25954b793f73211524490f55a9

SHA256
e88d0915814e622cd1deca849efa23a0d58d5d756be44ebbb4d460d3dac9e816

SHA512
d0fd7f8c8964a99ce7a9d187640acdbff4ca3d16f02e44696706d6107b58890e763a18857bec2b94f92ca559510fea0ae5515ce3de20aa4371aebb38006c05eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{61087a79-ac85-455c-934d-1fa22cc64f36}\.ba1\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\.ba1\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\.be\vcredist_x86.exe

Filesize
455KB

MD5
0ce624d3a5a586c2bdda26b748da78d7

SHA1
b9ed0a86eae645ba19ed08327888a4474c95e34a

SHA256
fd597b58a578cfa46e1818b3b4b795ca6d25225dc11ee86cd491f3d55d7b235d

SHA512
e5bc577bd319eb3ac70c527acfb313fac817e63f5184e6581f6d813491ca0f1a0f80583c14c2b9f2b8fa1df5938c2ae3318a91bda41171c63cd1670c55a85b7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\cab54A5CABBE7274D8A22EB58060AAB7623

Filesize
973KB

MD5
258b65eb9fed187051d5fcec7ce65dc5

SHA1
b9afc5fcd8c6ca2ee3dfe9507e9adabdd9ded039

SHA256
80a29d5ce27c6794b9a38e5d5b98d535f877ac3363f450ee7ac0be9394426e49

SHA512
8d5b4c14deb07cc1bf70abfd6e04573822eff3b3937fb3867f5300d97c46f900f2446f923334d1cf5b51b17eeef063d6d59e8540456f310edecd98d223125bb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\cabB3E1576D1FEFBB979E13B1A5379E0B16

Filesize
4.7MB

MD5
7fe64755ed8427ee4512760b69cfaee1

SHA1
30b8c69a5eb83a1804975f04fd0e701e2e9d98cc

SHA256
e12efc1bc0c61a7b9ba10a07502ef6833297d028368760da26e63218b744da79

SHA512
dc6c9dc1cb0502be87281ad5bae3ed54c5cfc7cbc4434880f1ba7a33599fc5503d8192ce6afbcf8ffcc142955f593e9830e49e72c0d5c9a7aac5f91024eac38f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcRuntimeAdditional_x86

Filesize
140KB

MD5
b547a22dcdcf3d035a56f52f1b16c2b5

SHA1
ec9e2fbee0a5c43c021365a35d1d6d04eea335b3

SHA256
7cef0419f52c47f41b9546065e6788f20de07a7f1e647589ab52d88f6c7e50a5

SHA512
6d49cd8266575f3a9cac205425f1fc11b70a58b0a657ba3e4ebafab43cc37ccaf54f551cbf367c8c08b2a6710f82a18ccffb3870683a9b922c91cff19ea7b65a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcRuntimeMinimum_x86

Filesize
140KB

MD5
89d36fccb34b319b60d1850863e0560b

SHA1
f356410e3946063b85750f54998582510b9672c8

SHA256
60714fcdac0a7cbfc45e6ed9bc6d4b7f8536947f630016e5faca5cce1745adcf

SHA512
24e167d0305811409e433c8d78716e9b3af4bce4b3f372276f4730ae7c802b8be8f193a70ac0d44ad6e083a35f03fcfdb2faaae4a9975c9e2ef1254285b0309f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\.ba1\wixstdba.dll

Filesize
117KB

MD5
a52e5220efb60813b31a82d101a97dcb

SHA1
56e16e4df0944cb07e73a01301886644f062d79b

SHA256
e7c8e7edd9112137895820e789baaaeca41626b01fb99fede82968ddb66d02cf

SHA512
d6565ba18b5b9795d6bde3ef94d8f7cd77bf8bb69ba3fe7adefb80fc7c5d888cdfdc79238d86a0839846aea4a1e51fc0caed3d62f7054885e8b15fad9f6c654e

Download Submit
memory/3920-156-0x0000000003AD0000-0x0000000003AE0000-memory.dmp

Filesize
64KB

Download
memory/3920-158-0x000000000D470000-0x000000000D480000-memory.dmp

Filesize
64KB

Download
memory/3920-157-0x0000000003AD0000-0x0000000003AE0000-memory.dmp

Filesize
64KB

Download
memory/3920-159-0x000000000DA20000-0x000000000DA30000-memory.dmp

Filesize
64KB

Download
memory/3920-160-0x000000000DA20000-0x000000000DA30000-memory.dmp

Filesize
64KB

Download
memory/3920-161-0x0000000003AD0000-0x0000000003AE0000-memory.dmp

Filesize
64KB

Download