Malware Analysis Report

2024-11-16 15:58

Sample ID 240210-3cgflabh34
Target After_Effects_Set-Up.exe
SHA256 c4888e372a91bf592b344a9d435610b298297f48bd247c6b47ca7b10a879d8a2
Tags
upx adobe google phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c4888e372a91bf592b344a9d435610b298297f48bd247c6b47ca7b10a879d8a2

Threat Level: Known bad

The file After_Effects_Set-Up.exe was found to be: Known bad.

Malicious Activity Summary

upx adobe google phishing

Detected adobe phishing page

Detected google phishing page

UPX packed file

Unsigned PE

Program crash

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Modifies system certificate store

Modifies Internet Explorer settings

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-10 23:21

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-10 23:21

Reported

2024-02-10 23:24

Platform

win7-20231215-en

Max time kernel

149s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe"

Signatures

Detected adobe phishing page

phishing adobe

Detected google phishing page

phishing google

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\adobe.com C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\auth.services.adobe.com C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000009a4fd00fbff86d3af832a48486968a12f3d240ccdd0d83699262df1ea10ebfc6000000000e8000000002000020000000260cff5ab49bc2624b22eb8ce1ea4602ca6db78f613939394b33ee506d8242f020000000b65c4f9a1707c089b5dd95e46635808ae83f40765284000829ab2ad53fe02a124000000042fca9c2838a236802c5b02c25d79fda5785ec88e7743e3240628a57bb003ddd68162075c43ba0594839eaf383bb5df5211372e2a5fba17d45c495fd136ea7f7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\After_Effects_Set-Up.exe = "11001" C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\adobe.com\NumberOfSubdomains = "1" C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "48" C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70b65622785cda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\adobe.com\Total = "48" C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000debad4cd9a4c6f5945f00983315343312591d1433aac694aa50c6d19494bb582000000000e800000000200002000000045ee0651278613670481adba47c1e709c5943df3285eb93faf759be604ceb45d900000000bdcb65dd7d3b431570c93408d211cf95f56b0e1c65d8484ea32a0887525b8bd10a5f455e1e845e9c97a96e09e79b4c88a74a89ad80b2cc42863b5bb8a1ce7e571123a119330e227e6aa8dc0f266a091f83aad51b10acb37b7f64b849695fa123a15d45dcbc9deff12ec5b2ccf0a269c5d38bbc2adc04aa717194acf75297f3352ac3713b2a3273d5c9bfe19fadc80b2400000004d3c4a765103ca90a48dcfaecbeb7e9c69da099d8163ef8eccd235be95d5d7f5142a11ed80268a4fba2bfda55a8f67772389fce06e8932ebc27a5c526578968c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\auth.services.adobe.com\ = "48" C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A12AD91-C86B-11EE-BD45-D2016227024C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe

"C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://auth.services.adobe.com/en_US/deeplink.html?delegated_request_id=1707607363943-e47be2a3-f157-4899-9d0b-affabcce0da2&delegated_auth_party=delegate&state=sqsid-928f8bbf-498c-4f5f-925e-36dc3a6f043a&client_id=CreativeCloudInstaller_v1_0#/social/auth/google

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 na1e-acc.services.adobe.com udp
US 8.8.8.8:53 cc-api-data.adobe.io udp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 8.8.8.8:53 cdn-ffc.oobesaas.adobe.com udp
US 8.8.8.8:53 ims-prod07.adobelogin.com udp
US 3.162.137.42:443 cdn-ffc.oobesaas.adobe.com tcp
IE 54.74.32.3:443 ims-prod07.adobelogin.com tcp
IE 54.74.32.3:443 ims-prod07.adobelogin.com tcp
IE 54.74.32.3:443 ims-prod07.adobelogin.com tcp
US 8.8.8.8:53 auth.services.adobe.com udp
US 172.64.155.179:443 auth.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 172.64.155.179:443 auth.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 52.211.62.76:443 dpm.demdex.net tcp
US 8.8.8.8:53 use.typekit.net udp
GB 88.221.134.115:443 use.typekit.net tcp
US 8.8.8.8:53 server.messaging.adobe.com udp
US 18.235.200.67:443 server.messaging.adobe.com tcp
US 8.8.8.8:53 static.adobelogin.com udp
US 3.162.137.37:443 static.adobelogin.com tcp
GB 88.221.134.115:443 use.typekit.net tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 18.235.200.67:443 server.messaging.adobe.com tcp
US 18.235.200.67:443 server.messaging.adobe.com tcp
IE 52.211.62.76:443 dpm.demdex.net tcp
IE 52.211.62.76:443 dpm.demdex.net tcp
US 8.8.8.8:53 sstats.adobe.com udp
FR 63.140.62.27:443 sstats.adobe.com tcp
US 8.8.8.8:53 oobe.adobe.com udp
GB 23.37.0.169:443 oobe.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
FR 63.140.62.27:443 sstats.adobe.com tcp
GB 88.221.134.115:443 use.typekit.net tcp
US 172.64.155.179:443 auth.services.adobe.com tcp
US 172.64.155.179:443 auth.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 8.8.8.8:53 delegated.identity.adobe.com udp
US 3.211.174.17:443 delegated.identity.adobe.com tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
GB 88.221.134.115:443 use.typekit.net tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
FR 63.140.62.27:443 sstats.adobe.com tcp
FR 63.140.62.27:443 sstats.adobe.com tcp
US 8.8.8.8:53 use.typekit.net udp
GB 88.221.134.115:443 use.typekit.net tcp
GB 88.221.134.115:443 use.typekit.net tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 172.64.155.179:443 auth.services.adobe.com tcp
US 18.235.200.67:443 server.messaging.adobe.com tcp
US 18.235.200.67:443 server.messaging.adobe.com tcp
US 172.64.155.179:443 auth.services.adobe.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 99.80.102.181:443 dpm.demdex.net tcp
IE 99.80.102.181:443 dpm.demdex.net tcp
US 3.162.137.37:443 static.adobelogin.com tcp
US 3.162.137.37:443 static.adobelogin.com tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 8.8.8.8:53 federatedid-na1.services.adobe.com udp
US 54.175.249.133:443 federatedid-na1.services.adobe.com tcp
US 54.175.249.133:443 federatedid-na1.services.adobe.com tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
IE 54.77.72.255:443 cc-api-data.adobe.io tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 accounts.youtube.com udp
GB 172.217.16.238:443 accounts.youtube.com tcp
GB 172.217.16.238:443 accounts.youtube.com tcp
FR 63.140.62.27:443 sstats.adobe.com tcp
FR 63.140.62.27:443 sstats.adobe.com tcp

Files

memory/2232-0-0x0000000000400000-0x0000000000928000-memory.dmp

memory/2232-49-0x0000000000380000-0x0000000000381000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{525A4822-89EE-4325-A319-6B2727CD609B}\main.html

MD5 a501355e23582cbc6c8c2835fe076f52
SHA1 5dea00de3c163b2f4a2807f65b81f07fc957031f
SHA256 4be92dee71936c52319d441434992895818586acab859000341af74d0175ab54
SHA512 6e59cd5cc629a24fd0bacd42734937df779417fea595488d37f9923631f4b59abe7e24e9075e55e4313ea197c30f0bd44fd1663d9e6a4f9308b5ed7e3d5a62b0

C:\Users\Admin\AppData\Local\Temp\{525A4822-89EE-4325-A319-6B2727CD609B}\lib\jquery.min.js

MD5 9ac39dc31635a363e377eda0f6fbe03f
SHA1 29fa5ad995e9ec866ece1d3d0b698fc556580eee
SHA256 9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38
SHA512 0799ae01799707b444fca518c3af9b91fda40d0a2c114e84bc52bd1f756b5e0d60f6fd239f04bd4d5bc37b6cdbf02d299185cd62410f2a514a7b3bd4d60b49fc

C:\Users\Admin\AppData\Local\Temp\{525A4822-89EE-4325-A319-6B2727CD609B}\lib\angular.min.js

MD5 3be66f7f7b86956bc5e5abd64cadf924
SHA1 7d9e1d61541acfa6a0fdfc8f1932bd734fa61cb3
SHA256 b1a45f28aed77e38fb5ff62393f6c6573c6bea7f6089e83ed5e2e1fa025a6b2e
SHA512 2a72569fd512a2bf49d6667353530ab5bb2ff04b5579d007c4b5615ef128345d4dddd460cf1ec91daf775c40b15b9368ec1e815bfcdcf9e0abe94e8003fda947

C:\Users\Admin\AppData\Local\Temp\{525A4822-89EE-4325-A319-6B2727CD609B}\lib\jquery.placeholder.min.js

MD5 e13f16e89fff39422bbb2cb08a015d30
SHA1 e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9
SHA256 24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe
SHA512 aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

C:\Users\Admin\AppData\Local\Temp\{525A4822-89EE-4325-A319-6B2727CD609B}\lib\jquery.custom-scrollbar.min.js

MD5 ab3adf4aff09a1c562a29db05795c8ab
SHA1 f6c3f470aea0678945cb889f518a0e9a5ce44342
SHA256 d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b
SHA512 44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

C:\Users\Admin\AppData\Local\Temp\{525A4822-89EE-4325-A319-6B2727CD609B}\js\main.js

MD5 a2ecc3bba3a5033720dd046cc6cf64d3
SHA1 49665f0f09e9d4ed4900706f74676c95e89e049d
SHA256 fc1bba3a598af6605a402ad2552cd8d7605e51a019af119f25f30dfbd67e63c0
SHA512 607a68fc046fd97c125cce992a3d3bcee2cef3db1e782ede497ed945677b3b32af953496444dc10312df815168fb9c9c2484a884fb320f5c8663a51edd7f7932

C:\Users\Admin\AppData\Local\Temp\{525A4822-89EE-4325-A319-6B2727CD609B}\js\utils.js

MD5 11671543588b007e7be2af6c784cb8ac
SHA1 84c86bb07a59ea951a510a7a7ac816b478598bd2
SHA256 bc354f2e25fe40ae21745c51b06d8f34643e238ee67fb94f5cd59c9b56ac17f5
SHA512 31af704991693747a74a32bdcfebabf31d98e2a47e69fe21a53c852b4c30de1c526ab602c530010e37751b59f6ff308c46443bb48fa30ed688c384fa0df35afd

C:\Users\Admin\AppData\Local\Temp\{525A4822-89EE-4325-A319-6B2727CD609B}\js\mainController.js

MD5 51bdcc0e7d53c59ff20ff2f6e276e321
SHA1 10cbb35c2c714f940ee5d58a1cda84504471c764
SHA256 ec5b0cede51f5fd48c341cd27d42433bb9a2adb04836433fee5a90b101e4b1b2
SHA512 9ea5117d9a7862971947f7ece47dcbc2701b3ec61586f068a4cdc5d33c25e51b99dc4475fe9b2b33595f32d8d2c37e93310eb10638669b941f16b3d44d5c1a10

C:\Users\Admin\AppData\Local\Temp\{525A4822-89EE-4325-A319-6B2727CD609B}\js\overlayController.js

MD5 b610650c4d826b14c225cfbeca89b8c1
SHA1 05da2853feb6ec81fe44ef2c2d934878e48fb85b
SHA256 79d00458b49a02acee141b53dcf026aa1302ab6b48a745b57e1215bd3b20501c
SHA512 403d9f5f15e8a1ef438924327c1f8fe698a372ca0bcfbba7a1970005622c32468de89cbf13220aa33f6b0f44757c2f00c1f7291f45bf5e86bef9aa32586336d6

memory/2232-116-0x0000000005E80000-0x0000000005EA0000-memory.dmp

memory/2232-115-0x0000000005E80000-0x0000000005EA0000-memory.dmp

memory/2232-117-0x0000000005E80000-0x0000000005EA0000-memory.dmp

C:\Users\Admin\AppData\Local\Adobe\OOBE\temp_lbs_wid

MD5 04cd66889a065453c216325c61983389
SHA1 f0b29b8586cfcf49bfb8b28c8e441d23b70fbd6a
SHA256 d53756397895a593def0947b81383746987e30bb54c58dffba51c2dd2782e364
SHA512 4c49f955981e900e4dfc2f3eb166ef49602984aeb32a8632a70d34642e16fdf2e15300a9d7e8cf26b29613ce0f6e4432d64eca81f227905f4eeb782f96c73472

memory/2232-152-0x0000000002CB0000-0x0000000002CBA000-memory.dmp

memory/2232-153-0x0000000002CB0000-0x0000000002CBA000-memory.dmp

memory/2232-154-0x0000000002CB0000-0x0000000002CBA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab764F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar7690.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Adobe\OOBE\temp_ins_lbs_wid

MD5 e25819c415e6cf35004103d378ffc136
SHA1 274e49892bf0e2c3c91c5a31667a96c4d2b6f16e
SHA256 645a638e431e7e722c99065a0ad8d41b4bc394847aaae7add5a9d1b76cac37dc
SHA512 a968bb428c5a8edfef92674454bb5cecb1cf6c912c6cd646fa54d4c4f28cfaf0a8a5e3eba7545fadaccf759b8586bb229b4e4e959d89d0e29a02b4836f12b19b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\styles.726d5baf[1].css

MD5 5cddd22df83e62be0d835541a18321f7
SHA1 cfcc0f1113dc8a1baa684185f4381945c6fdc635
SHA256 4a03f00939e415929825ec6b30de145cd0216b4c8f3b1a251feb34a746f2cf99
SHA512 d334f1896e6ccf14f827675a630ea177021ab026b2e511a58907fd1d0587c7d3ec4c06f2c567dd9f2397e6e3bbeff7e25ff55b29fe9cab85026e7decfbf47202

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d26696d37c931d17aa94b6bd019cb42c
SHA1 54bf4a861d5494d52a3179ed92ea850d441827ab
SHA256 c7f4bfc4199d80dc99b6a3c4cb8bc64f47439e65bcd542f43e7f5b1092e4d270
SHA512 97c5c85603c0c5d242886a1a1c9437e4090c1bbeaf878d779874c4601e558ab494c711ae482b83913da7b2fd37b355917ef2dfcb6220e8d0a75c6fa1e0b88f00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97c3a97923125d5583c0ce2707eed1c2
SHA1 e87041a0709b9ea9b60815bdf03ccac3a5d4be9f
SHA256 9f9e52f1ea9701aaec14251f1b580fd60c136c93a3c2e748cead53f2e0d33754
SHA512 a6a9da102ac7b0e64d95c7f56d46063202ce69b2b716fc7bf9631f68114b740de161bc760c98f4460bd41bbf89f8f759fe03a621cb18669246d7e6be331419d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bbdac3dd9e4e60e1b0221fc67feddd2
SHA1 502333d34a6609304358b8f550986f2b96e65db6
SHA256 0109e0ace5216f64f6bb2f0b762c021bd2715debae92e4d4dc250cbf7b9f9f40
SHA512 6562220382cf657ac138b4f43ef6607fc53b31f5629e099597ab28279df5b795f71b56846625de8f4a79c86d8b363e0a4793015179fbe33e54df838ac89bb532

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea1aad91cc8fd125725b27d5d79268ea
SHA1 43861f6b7a64517c3a9f3f442c60e00f96fad1d8
SHA256 e2829e033f27b01ca9887b03182842b57219429161760ae03984793d0d410ef2
SHA512 37a934a434d3f46b37508455bf0e31057eecd6cdc15cb39854158354db413c4afa325bb831c611b0edec5c5be4347465cb936a63b81c8b20c346b93d99bc3b5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d6fe1d13a25691093e0f1b433a9c7ff
SHA1 606e5cb0ed4381d1bf6eb00cc61439a6dc95ea8e
SHA256 36e1edad93f4293e8b100b51472f627f91302b72c9f7ff17a7b9e132e6e7d5db
SHA512 1656e84c144f86b616391e6d694a92ccfff4eb457830308d475c9feaecda1c3f9e2fe82e824ccadfe0c952d903a4bc9059dee47f194dc1205e9db964a591e932

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1350832911fb2832e0635926e4503070
SHA1 8791e14bca1a9c8831fc1cfb0de976121ad3447e
SHA256 ee98b4c063fb2ddb87375605b83b119e69512fdb2809ec88e8e6e0a752239725
SHA512 d9e1d655a29e2105d94b1b6ce18e69d50c1cd57a5843c4eae42150c4c454a0f7ead2d638c6b5a113df9a61194168928abebbbd181052805f4e5138fec598e9fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90445abead5a18760aa5adf05171ab02
SHA1 466a64705f971a0123484d47d479eb6c0e63ccce
SHA256 6cc5a946312a9c3ecc6fde9f52747926d1f618cb4135e3f51ff73f20479a5ec7
SHA512 92b194fc30cc9367b49682990523a6e762bf6cd405d867b20553b2e8d439988ed6c81e08e36aa7337ca66265ed68010abaf605b316b7a939655a9aed2faf6235

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0c4857929a4d50e99e5ff269c8455b3
SHA1 ea302aff8ffff19138a6cdb4083d3d49eed1b558
SHA256 941825632fce21f27450ed65af9eed08fc86ecafad40adeacab68c91a3a43c1e
SHA512 217d121d63890e502ba0dc7cc7c168e1c8f82856052b8a53052b80877b27e0f2a71a87e0023e6b5086fb7043107cc0a1cfef46d58559ca124c4e34b38623bb42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de21b1bc91e6f99b755e16899f800666
SHA1 4f1022f723a307941b4d1d228820dca17f5e8c30
SHA256 a3833c9331395e853b901a30e26009e7c416c0d1884aebdeb5110c77a62725f3
SHA512 6d3f05f980d458a4d0af72043f46c35e371946c980db4c6bd3909cbd38e503d643976134c9782d84b3a6ed528cfa5a89d054bc34b76f05e02ffe381d54454a69

memory/2232-670-0x0000000000400000-0x0000000000928000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63110d65a5ce750f1f3372ff3e905665
SHA1 a76af04510693b53641a132c6a3beb92226c2d04
SHA256 a1f9efb7f93fd262061f703e2f82427f9649314331acec54d1562488fbde9669
SHA512 5d1661cb95f7574d04d6a94f0150ab4013af05242a8af0e56313ed6fcc641919040339d7a885f336834a46333134fe5d94d3ddceecd8b9cde1605baaa582d0f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a2d97d272afaa8c6f38183864c45e21
SHA1 4343326c73e883633ddb73e146457fa1d77801ef
SHA256 3372d038d56bfcf6c2ce234254fae1e21e946db1da85df2633c2014ca53b48c6
SHA512 8f6fbb629654a0dc2eade182d99d9aaaf376e5e24c93fed80e0edb391e9c4bd2acab7bac73eb4baed09e1385253f46b0b62afe7bcd293b352cf0c6a84c4c07e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c64ebd18e1f5807deb2c5dbd03102f68
SHA1 83ffdfa96d17ea5d037923c02d1f9df526f95bf6
SHA256 1624ec6aff057a2bdaaaa30e3798f0abffbfec2331ea80c9764d90bb44e8f822
SHA512 5b13f65566269ce5aa9d98d48414ba0a1565a350cc772025e07c1d8bb63a9ad2f1edc92da02050d75632154547ed51d748239b51d1d3c5cee12e8a292d0ebe4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c831e0dfaec52e336c0bdc60bb20bf84
SHA1 76a2f02cc015fd78b9c0e208951345ad808740b9
SHA256 2f2d9d143f6bd77b322cb8e0114661e574fb37217930bd76c98728e3734b4d1a
SHA512 ad96e2356a94e03addcdcf6d61d02e4431d790527e61ef92bb77d2922c7c56f14870ac93512cc57bbb8530a05092584aeb5d10164dcd813a3f5a040c44a3c32b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b0846ee0d8cf7c7a54637d88954a032
SHA1 80e670bed760605dc441f6948bb7ff895cd4f8cc
SHA256 b637bb32c80a40e46cf54eaa372d4ec1c1f79e0cdc3aed8cf250a70c7d4b3751
SHA512 6f765f02cb508247056bc0ad388473601e93d012839e334cb47ef224321aba46a826e584bf0f359586b468ff5eb55031f92ad795c9e08d4cb577e5509c152208

memory/2232-988-0x0000000000400000-0x0000000000928000-memory.dmp

memory/2232-989-0x0000000000380000-0x0000000000381000-memory.dmp

memory/2232-1027-0x0000000005E80000-0x0000000005EA0000-memory.dmp

memory/2232-1103-0x0000000002CB0000-0x0000000002CBA000-memory.dmp

memory/2232-1212-0x0000000002CB0000-0x0000000002CBA000-memory.dmp

memory/2232-1490-0x0000000000400000-0x0000000000928000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0I6KXNQ\scripts[1].js

MD5 122b27e358c312e1b970328d4458e208
SHA1 23dc8fc1385124045dbf1ea68d71652a57d1bbbd
SHA256 12565e17c1d79da9bca2849b7c7de6c518aedb7915fc795ae6ce8f89778c9dd6
SHA512 5bda1fdb77124da2071390f4e896d8e65ca4b5806baf8d1643db11ff500d2f3d569fcb2c5c55a073d2b31f31049453525db107f1fd5a5fac500623dae80f96fb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WIIT761B.txt

MD5 1873cf0bdcf080897812d6decc41a414
SHA1 e3118a83790073ea24ade80e89360f665447f56e
SHA256 d027523d971b6d6345238e0a2e5eaba036feabd705c9e04739110b9c798963d8
SHA512 4bec3d1b047b99831384085a1899899c7653d7b9fc8c9e1475261d6f8569146f5ee8c57d18acdf5ff31d473a8807b5e54c31c60803ee4d4b2483a247c832c331

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfb97d310f7676b07c3667e0eb6f8343
SHA1 cf464362bcb0b0679627462e83d375a79d019d7a
SHA256 4ad4136438e9b16db3e7b71a1bc1376ed70b0739b59458ba7ec682000a34a7de
SHA512 98ac265206fe5b48768f7d1eb53b7f4a0f10fe872367f7faf264bf08774705ab217cf44ec9683652e8812e0a7d759ced8f732be256bdda00b8685e4243685dbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 7f8fb4be75362f6f39e793b29e4ee620
SHA1 b39b49e56cc4e2bebc1e1c55ab4ff026edb7d7e1
SHA256 c53d726c8513e331389bad46cb7663fdc6283b747fbcd7af19424f2825b2ec1e
SHA512 6d699503495eebf0690ee34b41cc71df9d794b7acd39cb9d1d2f6e506a1436565d7115970861d84cb250f2538e6f61467dd53513a8dbfb22715415bdeb00460a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

MD5 99f10855d7f1aeed696bdb2f07e9d985
SHA1 b5c192e6a3bdfa66dc78e6bd4ba7daa5c5331aca
SHA256 0df85a5ecfc7e8d7ca10407d3ebf046f7cb1b8f3562d719af2e1bdedece6ffeb
SHA512 dcbc80005635e139422c3bfaed1cefc758b7823e6de8bd37245f9e278cf16cc753b8f218feda87e5eb2f16fb2bb2a84d7d970ea485281b9c4d9dc4524cd8221c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a6c17be58ba5c70e5fb4d7dbaf099f3
SHA1 0eb9055918456dd8e9dca8343a569d434b67725a
SHA256 688ed97e32ccf09803d159c88c41e261fc341f9b8ab35dc0b5e275fde90ec3d5
SHA512 bc1755803e729a39440258c328e0574c9a29ca7a06be7306bf25da658918895bbcb2852c4072a6800bea107a554780e55871ef07c49493c2040b25758e86fbbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d35eacf95de248f5a127960dc3eee449
SHA1 183fb37d135ea40fec61286f37ee3a841657e408
SHA256 7ce27e0d2e5a9706f47ec53372b35ba0ed60f8c00d2234a49f53618056797355
SHA512 ba93aea141f9a179fb03cdaf8a0e246d6d82ed839ea796c85f9425d55bce5c863cc2fe4153e06b00da46bdaa785b3f72722a71003c0d970e895f4211084c2f3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 401187d9b9cb984b0bd52c5ddaacc5ac
SHA1 10f13e11915404d0ad9a7ead7487d123c2b4dac2
SHA256 3d0fa68368185d1db24dd50bc3f599c2300841b24a58da760fa74c69aaf787e6
SHA512 f3cd9a7f3349ba613228f1b07412688f8624442966edd6c53f847791d536531d9c0dac7f0aa83f87eda0a352dfa3a36186a0a779f57e30f6ea8fc58ec2d1c67d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 168c3364c8ba10bb10ce2d085c932743
SHA1 520d9bbb1703968f6f6143ba824c97497daa49b0
SHA256 78deb69aaa9236e806f3107bd5033926b05ad2c0d06a741f1fc69eae8d65c896
SHA512 74c7e13e926c64f796c14c02e88f9b1756cfbe392a21f803f2667195d5f6310d4017f7048044463c248e92bf5b4abe770911c8079cf9009ab23239e660636521

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RU3RPYUN\adobe_logo_black[1].svg

MD5 e36799e0084267aa804e9b470de17094
SHA1 c15770f1faade2a58003ba8d3e34940621987de2
SHA256 6bd8880193131672d32517ed1ea30cf871f317b9a62f523f67b8a3b34caf1722
SHA512 c3df0bd86d66a78dc46161d0e5b10802d6e9c34102e8743ea600f995d1018f30b314275d6be9195937aa24f62fb452d2fa5c61916e72a81cd902808464bc72eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5d9e93460d4f1fd9e316aa0dbadc5bc
SHA1 c96ce1afc93cb0d4df268265b05bd927834c71d7
SHA256 287f50b4b0dc20f20d9e5e6f3d8aa5bbcd1396465ed4d5fcca85f89307c187b3
SHA512 08c9de3ceaac9e3c51b6307ee255443085238bd25fdfb6466be0ebd0bd68a2ce45b25d201312a11212f818352d4e3c2ea21d6c4ab3f0c1a5a00eb63b731a3207

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f964acea5afb78437c8f9668b1adf68
SHA1 7d8a915eb28b2248e41c63cda7c3634eca96fb66
SHA256 f18d2e72c10885dea41bd417624f20da90e691a5e2ba96243f0be777b21aff62
SHA512 aad18039b91e3b242e0c3949273bed92357b06d19d3ffb87e0395a61b6082faefcc2377fda5b1fda4e771469bf26bd5ecb4414695595f2b742ff79e19171a1c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5e8457f0145084b86c893913b57be08
SHA1 a5fe7dc4c0a6e057abb0ce806fe016c0f7abd9b5
SHA256 44e9d3dc6b0affe3af86bb74581a5d8986a93618c260a2bc0604094669593840
SHA512 230dd9a0aa8dac8086b97f10b85c0f49de325f5995deffe1184207250067c82728dacd5c492618aef2a263c572290493e9adc6f5b59b46af819d03d5fddc200a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c3a0273fae3db8c8eb91c58d5c3929d
SHA1 8083d947c56a8bf81f60d274846e85b02cc01201
SHA256 b3bec852e500de9212f8d69afe1c15ebfe02b21745d6337b42656896fd9d91b5
SHA512 0a050b2d2321ff1d20a4b97df97ce464b158aa8f08bbbdbe23e071ceaf0b9fa89b12882e528180236426c319be8ec7b408530137fd6a30a3013a2fb362b7a35e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 807db4c49bb2855377daab2123d45514
SHA1 2f5bb7ce8b1c700fd921c5780d3abc7bf0b3783a
SHA256 4a0e814af9d50e3f455ce11f482dcb0e01d71579a976ea71d688babdde3b9ad3
SHA512 6326f4d327646a54f17b42f0b7c0cb19d39ff632929eb90244ea853c28bfa8ea68b43cd5e44f7a1fb338259b1b11477765c399085c3861239e3d3d7d457e2922

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BWST1LW5\auth.services.adobe[1].xml

MD5 71cd65f553defd7699643803784a5b6e
SHA1 d271b67268de231c8322e09dd9fe6cc055e1dd1d
SHA256 713b67e9ca6a269ea05f2a2fc5f38c142473b279128f1a9654933199243a211c
SHA512 f8f8b75212879deefc681d3c0495fbba4606dfbe7fceceb3188ba000f49379c063ee65a523f9721f578ff23f0b2b7ffe5fe81feff4a22c7cb8cd8ed7d7553e0c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\96US2MNJ.txt

MD5 a40edf741a78e625ec66b54c3a7263f4
SHA1 fcea385d2c85f58b5f1bf8a4affa7b64bb41a7f2
SHA256 0619f0431de7312248b230d1ed44f0ba7d732bdf1d58abcc588348c75cd56d5c
SHA512 6730078c9ff495862f583d1254f0359cc0049e5982a93a901073a2355cce2323891d49a19de6a8218f9f6d5e6ea9c780d589d7ada0462394e4d5eeedec612192

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U9VC31Q9\messages[1].json

MD5 bb9783eb0ff28819dbde33bb8083cd5f
SHA1 600864574faedc9f3f27f9d581d4fea74011acbf
SHA256 93defd4af862ebf41c3ce4db1a3eeb9065039032b1fdabadb6a4a3f9d1b64917
SHA512 378a1584f3c413dc34217f000f92a197253fc96ef7df51461d639c7fcbf549de128c3c2a52bb8779c4210e4d55aba95e4be8be877d57cb2a7f82691ed9583347

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2OOWW6RO.txt

MD5 4af214d583308747a358d68c7d6d7420
SHA1 0a7b92896bb46d8dcef79c3a5580215769c625a0
SHA256 a33a7f614b9703878c504524e86f6490ad873d0634de1be846812f519c452c85
SHA512 6ea7714a6f395cce42c2a6e365df5d9ec9f0347f1fb6303ef63e82372d541d0356058a90c6d10b3caa3e57cc2086bc531db71b441e30b89ee068497618b53667

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccf13a2433b21dabe6f4f458a5ee89a8
SHA1 c9245a28718872a0dabf92147796fde37fe4fb5d
SHA256 e3154b4fd058463c3887c3331987f4bfb2c275d3f8403eb2db4a8a80541cf919
SHA512 84c8ba79545333c537d269e24c7c6fef0b73586c767ce08d6e061ffa17cd64d344ec63d57873286f38d154040cf480f656ebb45cbcf27748d95e31d00cd442c1

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0I6KXNQ\Fotolia_113489662_XL[1].jpg

MD5 5bd935b198ce19bf71074733883cea53
SHA1 7fb22f7e34827a61324d82126dfd326679e1373a
SHA256 62453fa508493682f1e76a026b6555e4895f3d91f00a612047543dfda05c8050
SHA512 9882e2c93c6e8890f5f4a6acb259f5a1fcdae31f128f44f4d2f6504d76df7b8296295f34121799b1c5774437ed2fb6e32fc2262bcc95143b677c037e02d6d727

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05b643333bc1cd8290dc08deda20bbac
SHA1 14cff8a8c2e8f5b98fd98db9bcd57e933abf1814
SHA256 9e4ff24b4ade75c89b3c7749dd55749c670107c8d471cbb40b98486a2916c893
SHA512 9dfcd77358f185e81cbae534176b226419f9dfc75132cbb4d9fb2895a0bb6e83aaad410e2e952880c0898b1fa7abe58096ebd879fc55cb3f23a8f31e9aad5d7b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0I6KXNQ\styles.9498ca2e[1].css

MD5 d88708e338622a3b5ac27c2d89c9fef4
SHA1 4f53782f2689db7ed3f4068c48b7577fa6e4eb45
SHA256 87ea0d96fb9a1a871fe5453f41d498f00de01513133ba3f16dc402f2ede464fa
SHA512 7044948e100ff5928be7651a41e68ba90e116c0ce8303f38587d307589523ac54ade2d8838fadf25ea06233292f035c558d1bf99c3fe847bf38d2fa3c775287d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 874ab999a83c97985d47ff98740d04a1
SHA1 faa9ee4013cc48538d71b6861bc2ca9a1352e3cf
SHA256 d93330f549b650b0dd5585905c7088fa19bf3fb2e5586a407ffedddd46cd1a1b
SHA512 249ef8c216e755e8c1b113c95920c94791dda1c7baa89329aec500084e4aad617022afdebb5550538ac0c58f463442b775b94625fa5cf68c8eaeaad5d8a741be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b05f0e2105c463ef088fcd1e955d9cf6
SHA1 45a60f6f117dcd8f2cf900763e1be5f19bff7138
SHA256 d1ce8cf3de70cfc8982b6bc075f52dd0d4a9f651b91ed89f1a6aa9f44b943be5
SHA512 8d95b448e59014c3a88ed6e43d3f9cf0896b620546b2b59de799b652fe6e7f52a28eda7b172fe23bf19ca8194a8a161f16470fabe82fa92cada964a24516593a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3Q6PPA4P.txt

MD5 f57276c9d5597327ee82befbf3c73177
SHA1 b4cc5c5f12fb390caf6e8cae8461b918dfa76e1d
SHA256 433a8c1089801de956e1041eae877be72795dc6ffa6b0cbc64d4c2413cc01d1f
SHA512 c1489073a15dea11d50aa199ea3ed5ddee79de8d671dfc84726413075d3e1301104446bbfb11311441e21ca3d53eab6cf0d1caa29d3866d0a18184ccea795acd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5395d1dbc5606462bb746cc7a49f7218
SHA1 2b1ca1cbc4b5d8a3e942a62c2ba555a829854441
SHA256 c012b9a4c596256e4fb61ea55064ac05b6c03c3f388c627fb93c6b74809b6030
SHA512 a38e6bdbb2f14ee6ba6429804e932667703b783b5275fe4faff9b70dbb4e17fb34f8555ef9f0a0ca37b1bd1b6faed97b5fdf2b3aaad29f7e058186b2d7739678

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\M8GCGFYU.txt

MD5 838f7027d4d1b36fd4ed0bfffb199cea
SHA1 38a71a5652f9e862063d18e2312d1a901363adee
SHA256 650a71b9096befdb8af677e0ad04962a507528bc6edb26d34ea983eb8ec9dff7
SHA512 853cfe7ac00fe1c699f7fbf82f158a2656291e36391d49f0b65da80321d2d81b416b32668fbd695893b1cf3ce05a5a7be31eccbfa9d1bea0daabda0bea56a4be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_B538C6D452B2C478CBF921F4ECA859C1

MD5 b7ecfb397d5f0bf96b0c999afe12980b
SHA1 f6d0ee8e6491f422bbd85b98032d899f83155a73
SHA256 f7707194b1d0e3a7d076ef37bd897b7ad135ae86cb9b7b9b0733500ff5fac69f
SHA512 2acd8bacb157c02a9e790b0ae24d83b2bb2e41d0e24c13f3249afaf4afbdc709173443c0df00c4ff9b93ba9c8dc25964c0df8b1c765784574f9084fb2c67eca4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_B538C6D452B2C478CBF921F4ECA859C1

MD5 12371715ce22c21937a95851a3ffa815
SHA1 7b05b97704956850f8294549a5b4ae4e3f3afe5a
SHA256 3894854c858eaf31186d9d299a5c481465561095400b888c0658ab0a737d526e
SHA512 775303e4855934ff11848084102e91a83b6d11a4f61d64bb30c2f0c8e4ddfc27b1e890f6b7dd0f8c845e9c3dfc62e58a40abb93b4a82687278599bc7ce31536c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a34da20c2dc566a8ec0c4065ee16c9cd
SHA1 50a5b0520107289c5f57c52466ffe09138a11033
SHA256 d6a88e3078f9b79d1ccdae23e0c7376438527fc9fa3a24240e4dbd12be04765f
SHA512 80f1e44b19402315761718bc01666aa454621f85a424ea3f176e6503208dd07e8d798b5f991200cc0c6f6bed8c8afd7e9cc53816da19a3e1545bae7894476c04

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\23KRCO3Z.txt

MD5 fa554620494efd302eb57354217909a1
SHA1 49abe26ad88ff38e2543035924369e0bd30afbfd
SHA256 31de7bee853ae52880568a6a2970d127783a660cadf782c5fd3b08935b07efe8
SHA512 9baed7c6d48d6e5c28a9268a85cea7fcf8b70c9fa5384d6e1f0458516b67a3b7c80e3fa67fdc1eaeb5b52fee1683cc4f5dc36ec475264a274a117722b893399e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b431c22022736efb0873c7aa3eea07ac
SHA1 5537b31919d7dcf230c5c9b3edeba77c5ae88415
SHA256 5481e66b09a51c863b377d0cf3145335c997769b3d7a967b16f5b66a52d3c891
SHA512 1f284c6f41dd202ed7503fd4219aa57f176afffff6b510e219c9323d530ec9ce64137969e8830cdc789ba6988d0854e883cdeac97af067487c34fbdf94953740

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 993469efbce9e0effefbabdfb1b6ce81
SHA1 208a18f0c559db2e023919e2e45145f219a969c7
SHA256 be88201654e0b6792bd6de6a0c30a0c3a0832513f5c89eacdd5d62470012f71b
SHA512 20b4510f6cae1ba7c4eb5c06e5201907e328e9ced1d152a81c7a012e35282b32b1dadb09e81cc9a4cce0a2a93800a154ae15cb518b32f7f78ce8976cd969ba16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc28b8a29d894d657d432ab93bb76fa5
SHA1 155f06e137c9584f64094e9172a1004350fa1779
SHA256 17d649baeac8e7ab091a16e344b7b4b61ce3ea1b55f280de2679ce7c5978b9d3
SHA512 a82b09c972e3d0fc60e79583875ff0e45c0bb7c78317fc4b2b691f74cd249615cd1506e650e81da921beeea1928c2255dfb63b185c28f27c7eca1182058d110d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d5472f996392d6a5c5207280e351bf4
SHA1 71f729d7b3d093c45b041cf312cb6a4506db6404
SHA256 d11b53eb72fe08f70e91dab22dbf6cd3696c1018fcb81273fef25bb706adae00
SHA512 ff1b14ff6f9ffd0d63d8905df6d3be738888ba830d76cd6966c96f6f8b36cf874ff70930e9a407174b3f72ecbfded7e8ad71ba474cc47dc656d8a774ef0624d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c15b0213f03a4ee04437328868dd95bd
SHA1 ffef5052a2e14e3b80e57536f55272d353b87a48
SHA256 d5d868dcd48541d60cee871ca3cf848c5a0a20f69c5db07c650875f41f851cc8
SHA512 0d4dd9175eedf965609bbf5d3a03e7bd589b577753a626f494fcddaa049893d2d5557ad213f1442edab77e4c7148e88969f0f01a4651d2d7c0bbe4e04681c6b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4fcef2faaa67f7a9d72ef4664a9ce66
SHA1 db418e958573b01b51bf1c785c8029ba3bfe1b10
SHA256 31decce93f149e59a136319f89da8e44de330d37a7463d6c74caae6ce342ea45
SHA512 ef1b83f7084fa9ffcbb596d4615c2ce86c7d9a9f55daac9cc0d39fe82ca15be11336e633f90ebc37a192b71d0fe8ef03b6a076a79672486f60d566004cf74c17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 475edaa2b50a1f02c205f166943d67ba
SHA1 280a0b0b2d88144a37832afa00de49ebca27b60b
SHA256 f95d06a269b8711aee7b37673b66a8b14e515a1b817f53e01eaf2b23ca64161b
SHA512 58102c5b0c3c57f3ceac8a339483c3f0472ec5cb913b38d2865b7942363e0024725e5a33eb57cd290b9d62bb22f4f901f60fc3b8840077c6d09e7e28b6e19694

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8006a09b2004daf9e2040ab57d283581
SHA1 67c9ea4b474c88f64583126f7320f4cf9785bd13
SHA256 08de2760ae336ac27ad7bad2f6b5ab286ce307dc8f5a9e339f6790df2f0b743b
SHA512 c5b25e134d62867629ed0519836375c41f7b317fafee31939f0160e3fe4c8bec0186895a852ac06140edabf6dbfa4c7de254844599bebd58eca5f5c4bb2962c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e3cefda87955a30fd6c6eec4890a084
SHA1 5f9cf3d1c95cbd41cb4b4db03b996a22b3dfed57
SHA256 0b0aa67192f75f5a14b2da658f9c9ab3d7bcd7bbea5c8c10c7b6bff54a74c9d2
SHA512 d94d895c9795a3e3d54cecdc45262708ebd76be5e534f7d01903a6b960605a2c1989400a3ef0bb7f51965694fa7d324227690e042cbd172940ef06ad4279ebd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 430a0a24a5e71dacdefac80d3ca48cbf
SHA1 3ab82fd6de67045ba3ad247b738dfc2b077f7cd6
SHA256 861170dbb3a01cc4a5417bb9aeb61e7cf25c4c16407c89a8e435e8738b44ed75
SHA512 7ae58f540eb80c46015483064b7759e20a1aa5e2b8cc1d6a551f15e5f5920d96eae057271055988d7c5c46fed2b605c15e4005383986ecb77acd044eed203a67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccbd52669fe3bbb2f2d5b2225b42c02c
SHA1 cf8c51fa483881c70b2f8938084937a834cc1bc6
SHA256 f6f2c9ebeab6b295c9f390fb5abf50564a04a69161579a1fecfda0408b07c136
SHA512 afa459837db801f6861db3aa4e7889391c27371fd4c5a8a271cd886dd45d0692202e815a529e7ace3fc5e28d7e31340e7bf1659cc2026b3356792ebbce5cb968

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1eb32a56bfeb641fdb3f3f3053b5ac51
SHA1 fc116cd9f9ef33e20f77535948cf866a538ef203
SHA256 e4c57bba82e367a13a5fcf9bd39b15979a0c90bad0b04c037d6821b579e49e04
SHA512 14cbba9aed7cca7a81a6e1d4275562bed10fcd9ee3fc8cd2c698874cb6ffd76a3cd4dd7ee3dd9295c1898f92cde35355293ad9b72ea062987d03bc47dd3c391c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 9b2fb835815f31685c8ba8a37bd2bd2d
SHA1 0a756152aacd5ab2cf86b741c8f17f8996c92510
SHA256 35abd270cd2fcab3247312872504aef716bf879de2a262e3553ec5bc144551b6
SHA512 64f632c5dc1ccfdc802513a8ff002c8d45d97253d0ecb085b2d36ddda09b8399c4dbf2ad0dc4fab824e3cee6d8f84cab585d79cb2b0f98d2c4842477f7e0b1d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DDCF8A1BB8132E191B1D87188F0E5FF4

MD5 18cfb78402273046f3d9335073899650
SHA1 ed8f28db9cdf53084780f61bbf760ba2aa63020c
SHA256 71683b90ea6bfa6c7a97a4877542aef93575d39ff811e2fc984a57cbd04da6b2
SHA512 0419126c88ac7a8d92afdd19d1fc13b08e57ba5a040022e8efcdb747d2b6cca35d61e847e8011efa85ec03323dff476b293e6f951ad7de3641d64cee100c7437

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3feef46982b0cea23406d41c0f7ab914
SHA1 b5a6daae66e586723121154c3e6acb6ea5f0fd63
SHA256 4c021ab783bac3b994bf7b1818ab2941b77c88c040dbd1e448f0e22a91a415b7
SHA512 106c0e59651e5dcc67c6b5dc7af08e93059c445c7010ecfad1bdf47db89583918c900485b3fb9e22540c6001947e5fdc3fa9381c4884ebfd49ac939567ed05a6

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LAJVCBJI\favicon[2].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2tj7qpw\imagestore.dat

MD5 4f84b67ab24f73738e34464a80fe9d6f
SHA1 a266544cce58a57bb86218a7812e354d452f1cfb
SHA256 7f7be7fe2a3278f66b82548860f0466c0919b2a459467148c7be663320f03392
SHA512 e82e4dffe580c56100844767d6a9dbf6dc738dae9d4c2eb57f4d6e2d248605951d7945839bba29f4e355ee99b94d5cab4f3f399132704777fdecccf4b218d60a

memory/2232-3698-0x0000000000400000-0x0000000000928000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cf9fc12084d030975ae4fcbdd05cb0c
SHA1 4c4fca5dbb9011546e7d9d8e517cddfbf2b92a65
SHA256 12c0c7b60224928d3a32732b2686f09da6bda6d49885397d7b7ab2413e2148f4
SHA512 dec5f13fc05d1140334302b4204301c7d1810783f7223bbf401f81bd618468a2b3df3ea5fe7f9be8679b6588561ff7e8ae1bb1b8336382927141708ccd594b22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d708ca306ef197da5b8ce35b34b3a778
SHA1 0fc4c6030b38f13af5eb968999e384bba5633cb8
SHA256 a82a204fd8976ab0ecaf16562190fa197dd2bd064cb4d0c8d7a58b3f031c2b28
SHA512 64dc6536effe5342c9323cd328bf6ba423797f7bacbfa408055917943a4c4e1dfdff84c4213558710c761f4606b6c41d31101f36d599b65d9ed62b77ed261bef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0d9c9b6b68b1cafaebe474cf312b8b8
SHA1 0a946d8f21454ed17588eabb24bcb7c282b1074a
SHA256 27389b4b12db8412b98420c70b7627f27a6df4e1874947c7cfa384040c2ecbb8
SHA512 aa49692e554467e9dcb5fc35ec13d49a761ff74eec4e39168af1a50fa585d19bdd8ddae5679f32dba47adfb7e5e3f5b55cb449482ce44a1b52f528854ffc91eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54bc0ab6b6b75871ae049b0bd00e69b6
SHA1 f38122f8fbe86f8c60c94d896130f0988611e508
SHA256 e7f65479dffb8df20bf4d55cafbe7ff65ac0421b82a432149a14304777aa46f1
SHA512 1bb8edb11ed21b7460437e547aa5a35df09ed3d1c161afa95b4bd9f608c1a18516605fcdaeb1118c287d43b093f6d0e1f8db606ef0ed81148f96779ce8d16b0a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3a264bbc53bc7a1c7bff1ca859f4102
SHA1 e72d8c33ce2916007ae375d1d4785c94252ac58a
SHA256 67463cc39decaee5233f047918f2540ebfceff6ba0115b6c5b619e0179f86116
SHA512 292babac3262aa60ba53ef8fb5c1316d7fd865cc96e2e19a87d28f445bdcb1c46e6e8bdd93734c3c31d710463c5b2cc6ba3c6819e0073794d31fe077acb82f55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 c8c18463e685dbf3a260edd95527c3cb
SHA1 e6c5961438632c686132753acf3ba83eb2565c74
SHA256 8b4338e48f87f06140bda8ba3322d99cad3b0e0bc697b8e3865f2a100c393157
SHA512 a3bf6577b6dad96dc7f0346657e5ea3604236ff1162711f79976cb008f8af5b937a0c7bbcf5c4d264f650fe7c401b5380d3afafe5e60d9aa30292eef60f35269

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56c0f7d3d3b07824492869e6fe81a059
SHA1 f8e43b229a30b9c8f954da840d09e74a4079c227
SHA256 baa47deb512661e4ad4859ad970591a17b0ff38b58cc9c9c16cc0b2a07933569
SHA512 ce215f5b0f07abd19327aa0991c0dc2b2b25bd4ed645642e21d6c57d46163ce11fcdc4ac2b5746e7f2eb4c3380fa9666bbf4ce76e791ab35a12b43fa0c7eddd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9920ef73f5333a4a4f39601e5db13cd
SHA1 5e73a07d608bed57f3c2c4a23d558951b833d06e
SHA256 1a1ddb166802ef669fcf669ebbcf62a260a981e01660a8b427436f9d85bb33d5
SHA512 d00a375afbec11d1aa90ca013933020e4c2742cf552e6a39f2f9f8ff56efb21a4a4d4302ea831a9290be91005f8f39db2f7bc0536e4ede229bfe8b0f1c585b6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1433818e184342650a05ad9d8a067911
SHA1 0ffc5660196c8b37c296b0831b02cdefdfd0b549
SHA256 0674ea39ab08419ec2e18d7ba582ee9b45d856fac4900077676e92806b78f929
SHA512 d373c1098a5fcc8c9eef3d231352d5711a43852b625b29630db3801f1e48e0503d6d6206906877ab54cf40f7c324c9ae6bdb0811430b409c7ec284e1c8461877

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7700e277d4e72d97ef042a5a2e045728
SHA1 db4d1a82ea8b94f17b238363b9ca957ff6e7b050
SHA256 147a6e58815a464ae27879fcf1adf1efb271ab67c9c4e1af212fb7221b8aeb23
SHA512 0afe366d3c837c2cc653b4be212e12c9e42a306f37236a0036ce97b56c2ac9cee8f68a86be9c506a735ae11fcd6ff6565c400882d56e5f998535ef56203ede68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 464e91475b43bad44d1abe851833aefc
SHA1 8d726ab6da3b46d3e7c64ec5df1693407192a64f
SHA256 a4776924aedafe9e39b8dbe6b015293190357b6a079211d29b89b9e98bc62cd5
SHA512 d128907360b5a9cff03a10d1280abe57eff3fb71d858333d87779d77ff4aebbca2d5ef298613d9e9b46e3704b343100c49e33164dabc7bd52fa16a1da932319a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bbc1cc0db11bcdfb03e938458b7cbbf
SHA1 f2ff942e244ec4c79e97c8d0d295f064f3d78a6e
SHA256 c600fec3e29aa519ea3275d598a79f27afb4a1260f504ca77c4e9bed6709c928
SHA512 d3bf28df0579659c32674bbee0d547aee1d2c0695c22f826c0b0974b41cc050da84908e61defc2fb2aa4e396b42c07a66f74ced281b2f2ca6132db24ed67983d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa3a95900ad74e365c58c5927c8f437f
SHA1 3ea961d0189734ddc36ccfd521ac127129b41054
SHA256 b9684028ebd40582a5009660d569ecd9d49a69fdb8e6689153c1cbd109e0314f
SHA512 3d43349a5cfc55fd3489092f317b285c1ee985df083d67245f8cfc2dc9e66a6824392893beac105454a5f093da7d904e10eaf839dea74d0c90c57803c5f125ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 967d349e480d093f0239d9d49c340c19
SHA1 8092d4894fd798a185ba6e29181d01c2bd6f3d40
SHA256 bf342b3983aae3effac86ace09683502ed11e5e77020493f62dab2a0d34cf3f3
SHA512 0bd319b2de590bd6600ce90f2fb389ce2eb88541f0191dd56a9f52218b046b1ba867c30f6e9415ffc280a4635bff1bbd4fc35a1847fdae313b9f81742d1b4ceb

memory/2232-4285-0x0000000000400000-0x0000000000928000-memory.dmp

memory/2232-4287-0x0000000000400000-0x0000000000928000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-02-10 23:21

Reported

2024-02-10 23:24

Platform

win10v2004-20231222-en

Max time kernel

88s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe"

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\After_Effects_Set-Up.exe = "11001" C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe

"C:\Users\Admin\AppData\Local\Temp\After_Effects_Set-Up.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1464 -ip 1464

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 2444

Network

Country Destination Domain Proto
US 8.8.8.8:53 na1e-acc.services.adobe.com udp
US 8.8.8.8:53 cc-api-data.adobe.io udp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
IE 54.74.179.44:443 cc-api-data.adobe.io tcp
IE 54.74.179.44:443 cc-api-data.adobe.io tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 44.179.74.54.in-addr.arpa udp
US 8.8.8.8:53 18.150.237.44.in-addr.arpa udp
US 8.8.8.8:53 209.178.17.96.in-addr.arpa udp
US 44.237.150.18:443 na1e-acc.services.adobe.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

memory/1464-0-0x0000000000400000-0x0000000000928000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{858EAF12-4936-403D-9407-04EA990A9FCB}\lib\jquery.min.js

MD5 9ac39dc31635a363e377eda0f6fbe03f
SHA1 29fa5ad995e9ec866ece1d3d0b698fc556580eee
SHA256 9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38
SHA512 0799ae01799707b444fca518c3af9b91fda40d0a2c114e84bc52bd1f756b5e0d60f6fd239f04bd4d5bc37b6cdbf02d299185cd62410f2a514a7b3bd4d60b49fc

C:\Users\Admin\AppData\Local\Temp\{858EAF12-4936-403D-9407-04EA990A9FCB}\main.html

MD5 a501355e23582cbc6c8c2835fe076f52
SHA1 5dea00de3c163b2f4a2807f65b81f07fc957031f
SHA256 4be92dee71936c52319d441434992895818586acab859000341af74d0175ab54
SHA512 6e59cd5cc629a24fd0bacd42734937df779417fea595488d37f9923631f4b59abe7e24e9075e55e4313ea197c30f0bd44fd1663d9e6a4f9308b5ed7e3d5a62b0

C:\Users\Admin\AppData\Local\Temp\{858EAF12-4936-403D-9407-04EA990A9FCB}\lib\angular.min.js

MD5 3be66f7f7b86956bc5e5abd64cadf924
SHA1 7d9e1d61541acfa6a0fdfc8f1932bd734fa61cb3
SHA256 b1a45f28aed77e38fb5ff62393f6c6573c6bea7f6089e83ed5e2e1fa025a6b2e
SHA512 2a72569fd512a2bf49d6667353530ab5bb2ff04b5579d007c4b5615ef128345d4dddd460cf1ec91daf775c40b15b9368ec1e815bfcdcf9e0abe94e8003fda947

C:\Users\Admin\AppData\Local\Temp\{858EAF12-4936-403D-9407-04EA990A9FCB}\js\overlayController.js

MD5 b610650c4d826b14c225cfbeca89b8c1
SHA1 05da2853feb6ec81fe44ef2c2d934878e48fb85b
SHA256 79d00458b49a02acee141b53dcf026aa1302ab6b48a745b57e1215bd3b20501c
SHA512 403d9f5f15e8a1ef438924327c1f8fe698a372ca0bcfbba7a1970005622c32468de89cbf13220aa33f6b0f44757c2f00c1f7291f45bf5e86bef9aa32586336d6

C:\Users\Admin\AppData\Local\Temp\{858EAF12-4936-403D-9407-04EA990A9FCB}\js\mainController.js

MD5 51bdcc0e7d53c59ff20ff2f6e276e321
SHA1 10cbb35c2c714f940ee5d58a1cda84504471c764
SHA256 ec5b0cede51f5fd48c341cd27d42433bb9a2adb04836433fee5a90b101e4b1b2
SHA512 9ea5117d9a7862971947f7ece47dcbc2701b3ec61586f068a4cdc5d33c25e51b99dc4475fe9b2b33595f32d8d2c37e93310eb10638669b941f16b3d44d5c1a10

C:\Users\Admin\AppData\Local\Temp\{858EAF12-4936-403D-9407-04EA990A9FCB}\js\utils.js

MD5 11671543588b007e7be2af6c784cb8ac
SHA1 84c86bb07a59ea951a510a7a7ac816b478598bd2
SHA256 bc354f2e25fe40ae21745c51b06d8f34643e238ee67fb94f5cd59c9b56ac17f5
SHA512 31af704991693747a74a32bdcfebabf31d98e2a47e69fe21a53c852b4c30de1c526ab602c530010e37751b59f6ff308c46443bb48fa30ed688c384fa0df35afd

C:\Users\Admin\AppData\Local\Temp\{858EAF12-4936-403D-9407-04EA990A9FCB}\js\main.js

MD5 a2ecc3bba3a5033720dd046cc6cf64d3
SHA1 49665f0f09e9d4ed4900706f74676c95e89e049d
SHA256 fc1bba3a598af6605a402ad2552cd8d7605e51a019af119f25f30dfbd67e63c0
SHA512 607a68fc046fd97c125cce992a3d3bcee2cef3db1e782ede497ed945677b3b32af953496444dc10312df815168fb9c9c2484a884fb320f5c8663a51edd7f7932

C:\Users\Admin\AppData\Local\Temp\{858EAF12-4936-403D-9407-04EA990A9FCB}\lib\jquery.custom-scrollbar.min.js

MD5 ab3adf4aff09a1c562a29db05795c8ab
SHA1 f6c3f470aea0678945cb889f518a0e9a5ce44342
SHA256 d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b
SHA512 44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

C:\Users\Admin\AppData\Local\Temp\{858EAF12-4936-403D-9407-04EA990A9FCB}\lib\jquery.placeholder.min.js

MD5 e13f16e89fff39422bbb2cb08a015d30
SHA1 e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9
SHA256 24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe
SHA512 aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

memory/1464-99-0x0000000000400000-0x0000000000928000-memory.dmp