cfaaa719d6e271a03d708174a385b777db3aaa7969dcff417ec7f570d898fe07

Analysis

max time kernel
342s
max time network
407s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
28/09/2024, 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BorisFX Continuum 2024.5 Adobe v17.5.4 CE.exe
Size

692.6MB
MD5

bf59243355f7a970c0009c2d4d0d10bd
SHA1

37ddfdef40adba7bd1ea07538537c7b2a6d576f4
SHA256

cfaaa719d6e271a03d708174a385b777db3aaa7969dcff417ec7f570d898fe07
SHA512

d5d9e39e5a9000ca84e7b0a6e096a38343865691214a1fcae152bfd270ad97ba23785cdd574c449d5c9b00078e9c37deeb9fcdf4b8737c0a4a0b190d005911f9
SSDEEP

12582912:mpZ0T18w1fq+3/SlQzyJ1SotfM08mwiRfwsib4HQLB8Py6TSjkjXNYxYnH:mX0h8wt3qhSotfRfwsiUHQLYymMkLix2

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
844	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp

Loads dropped DLL 1 IoCs

pid	Process
844	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\ParticleIllusion\QtQuick\Controls.2\is-KA485.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\ParticleIllusion\QtQuick\Controls\Private\is-RFCDA.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\Shaders64\Images\is-V1LKG.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\is-D4412.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\utilities\BorisFXDirect\resources\app\node_modules\cssstyle\lib\properties\is-F87RB.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\utilities\BorisFXDirect\resources\app\node_modules\jsdom\lib\jsdom\living\nodes\is-S9N6L.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\utilities\pylib\Lib\is-IVKL6.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\ParticleIllusion\QtQuick\Controls.2\Imagine\is-BAUFC.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\utilities\pylib\is-LCEOE.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\ParticleIllusion\QtQml\RemoteObjects\is-1JSCI.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\is-HUPFG.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\ML\models\bcc\imgcvt\is-4MCAV.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File opened for modification	C:\Program Files\BorisFX\ContinuumAE\17\lib\ParticleIllusion\avcodec-59.dll	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\ParticleIllusion\QtGraphicalEffects\is-TQTNP.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\MochaPro\bin\is-3NK0S.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Gobos\Windows\Bay\is-OPLAQ.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\is-3490O.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-IGQO2.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\is-VP92D.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\utilities\BorisFXDirect\resources\app\node_modules\https-proxy-agent\dist\is-FHIUS.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Flare Elements\is-MC9VE.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\Shaders64\ImageProcess\Glow Remove Color\is-BDP5R.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Gobos\Elements\is-41I9T.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Gobos\Glass\is-A05KD.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\ParticleIllusion\is-CME66.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\is-83N7P.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Gobos\Windows\Transom\is-34G8J.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\utilities\pylib\is-VAIBJ.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Gobos\Stylized\is-NC9Q5.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Gobos\Windows\Double\is-ORR3H.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Textures\is-7B7PU.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Textures\is-8QK4P.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\ML\models\bcc\imgcvt\is-8H0KD.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\ParticleIllusion\QtQuick\Controls.2\Imagine\is-D16MU.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Gobos\Abstract\is-5NKKR.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\3DOImages\is-JEL9O.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\is-GH9JK.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\is-BE0FL.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\ML\models\bcc\imgcvt\is-QPBRL.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\ParticleIllusion\QtQuick\Controls\is-31OU0.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\is-NU75J.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Gobos\Foliage\is-TAT6J.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\utilities\BorisFXDirect\resources\app\resources\bfxdirect-local\product-logos\is-C6LFM.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\utilities\BorisFXDirect\resources\app\node_modules\http-proxy-agent\dist\is-3C5N8.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\3DOImages\is-17BJU.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\is-SO031.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Flare Elements\is-7JTLA.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Gobos\Abstract\is-NQ19A.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\ParticleIllusion\QtWebEngine\Controls2Delegates\is-NTKM2.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\is-EJDDM.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\utilities\BorisFXDirect\resources\app\node_modules\jsdom\lib\jsdom\living\generated\is-T085Q.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Textures\is-G2HII.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Gobos\Doors\Ornate\is-PR1KU.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\3DOImages\is-M8F2O.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\utilities\BorisFXDirect\resources\app\resources\bfxdirect-local\svgs\is-6QNPM.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\utilities\BorisFXDirect\resources\app\node_modules\punycode\is-J3QBO.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\is-6FNJS.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Gobos\Abstract\is-MR5GO.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\BorisFX\ContinuumAE\17\lib\Shaders64\Images\is-R1CIE.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File opened for modification	C:\Program Files\BorisFX\ContinuumAE\17\lib\MochaPro\bin\osdCPU.dll	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\ML\models\bcc\imgcvt\is-DHPE8.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File opened for modification	C:\Program Files\BorisFX\ContinuumAE\17\lib\MochaPro\bin\boost_thread.dll	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Textures\is-GO0RQ.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
File created	C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\images\Gobos\Windows\Ornate\is-T0G9O.tmp	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp

Runs net.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
844	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
844	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
844	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 844	4620	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.exe	70
PID 4620 wrote to memory of 844	4620	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.exe	70
PID 4620 wrote to memory of 844	4620	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.exe	70
PID 844 wrote to memory of 2356	844	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp	71
PID 844 wrote to memory of 2356	844	BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp	71
PID 2356 wrote to memory of 4472	2356	net.exe	74
PID 2356 wrote to memory of 4472	2356	net.exe	74

C:\Users\Admin\AppData\Local\Temp\BorisFX Continuum 2024.5 Adobe v17.5.4 CE.exe
"C:\Users\Admin\AppData\Local\Temp\BorisFX Continuum 2024.5 Adobe v17.5.4 CE.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Users\Admin\AppData\Local\Temp\is-7D9E7.tmp\BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-7D9E7.tmp\BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp" /SL5="$50226,724791761,850944,C:\Users\Admin\AppData\Local\Temp\BorisFX Continuum 2024.5 Adobe v17.5.4 CE.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:844
- - C:\Windows\system32\net.exe
    "C:\Windows\system32\net.exe" stop RLM-BorisFX
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 stop RLM-BorisFX
      4⤵
      PID:4472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\ML\models\bcc\is-7ONP4.tmp

Filesize
7.3MB

MD5
0eb1a7ab1008b5ddbc8126364ced9f9a

SHA1
167c35dc04fab05c7bfe3ebb9f5f5b6c3afa5917

SHA256
9a5f495578715428475acadd8057bd673d61cb3b866082d7dd325a3bc4724f52

SHA512
73bbf9c046759c5c6f74b80c67c03db0dfdf06bbb7eb9cf742bfe972b7972692c8011593c168ead11d3d5b98dced490fb16983fd0291bff19caa215026153c0d

Download Submit
C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\presets\is-FORU0.tmp

Filesize
68B

MD5
b8fb888c520d42d7ad777cc77db25255

SHA1
58a3c5e00836f4f760f17778060346f7de43d743

SHA256
ba75ba2929fbc1f325907143040939d154e4b24647ef4c20e6c4788cbfad51d9

SHA512
ce2f4bc10a93334b6d325fd92f5795f541e607ef700f120d089ef4ca1095cc36ad253a29171a336b8b2d81acd29c18b19cd7e1e561b29cfbe28ccf8276e0ec2a

Download Submit
C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\presets\is-GHESS.tmp

Filesize
71B

MD5
2740cec4f3547828ebf7fb1461beb75a

SHA1
b1350e1d3b7ea1428e558c41b2c868ac18e53678

SHA256
ed0c16e18047e69d2364eec70212e276cd8d3331129c117b5793b441b2e422d9

SHA512
21a810c7f4cf21d83c94cba9bb81ca68fa4faf0150326817cdfcbd5c32d15f05856235f980f6b2a2b881e05bcbd921513e8d263a8a53d318cb5fa28a6a4e3b71

Download Submit
C:\Program Files\ADOBE\Common\Plug-ins\7.0\MediaCore\BorisFX\Continuum\resources\presets\is-LJN6I.tmp

Filesize
69B

MD5
ea8ff58bad9071126283b0e3fe4658b3

SHA1
017b56b7cf7a9f773a96cb4986292fd7b92e1bb1

SHA256
3dfc204544754892f4950561b13af352469b1fd24f087864ba2a15ea8b04fb73

SHA512
1c4de0ac9ab50ac42146b96e26c067b9f2a35912d344092fea49d14c73246a93a273c40b4d37b43e2df48e3f8422f7d173050d084ba99dff127341b688444d0a

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\MochaPro\bin\usd\usdShaders\resources\shaders\is-SGT1G.tmp

Filesize
1KB

MD5
3272bbfd706fae91e58b9b600f88dde7

SHA1
ef2c1dcf4efee69ca7a5f8a5ffb921d900c685ad

SHA256
f200ce8c46927df71a168f06a8101b84fd4a698c244c8619c56f3d7636cd04cd

SHA512
e63beac56dfc8773628f18e43045a3a06a39d672792cb5a6a6db95d658c180e248600734437e096da838f6f79f4f57fa1a57bfc0531655054fa55ffff4902456

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\ParticleIllusion\Particle Illusion.exe

Filesize
15.4MB

MD5
0ecbabe5d84d00b5b9af7f0a3ad65915

SHA1
548ef6edef0a983514177d661a733fe1ea7ea2be

SHA256
17cfaaadba2905f46ae9090f53490954b1d3c2c2a584c46e22188232bb531816

SHA512
6df4222c97bdef4cb8af8c40875cc06a0054439735a2af3b2c5dbd7596db28e3d7cf33e8ab0c4b14557e1c9cce549a20555a74d15b292f9c4d69d4bce17258cd

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\3DOImages\is-88B6M.tmp

Filesize
46KB

MD5
a82743660ec87cfb117bbc1322492148

SHA1
756ef1fc63b510cdff516c6cb47e54a9700eb384

SHA256
6801265b0d59ac6afb5364929522155081f19bb4a65504b77782044d4c4dfeb1

SHA512
00dc48830fce37d78ac0f5f40f7d3f19b134e95203d7fb59898d3ee6b8a7f0116e15c558e1be16bed7dfe3c6c52bb9fd852ec39cd073108efec59903ee1894d7

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-0DLNF.tmp

Filesize
523B

MD5
29e27c3a39f226582692644662e18d81

SHA1
ce085eba6243552bb932fe84a072b3609d72135b

SHA256
489b056b1e42933bbb6f531f6e143de6dd2290d207e127d9e128e6a56bcee9e4

SHA512
da4762b5a16f5432fb309db0e2d187b2a5410fb6d456508592515efe3cecf8e2760be825cb4fb5bc198ee2b13f7fcc3b998a2416e4b29f3023b57d12ff2e320f

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-7CCCO.tmp

Filesize
588B

MD5
57117a6d4cadd87ded000cc3f921e868

SHA1
69d11e68f52d6898d10ff58e3696505a8d140645

SHA256
6e17c682b3518e6334be76314dcaab5e4cf2682d4e042984601e8da6b1ba5199

SHA512
8c3ad6666f55c83c4d83e0745f5bb105384356741757b822b1b722e1bcad08a0228d53bd86166ac449ca78dbae732fc1d2bd4e86be707b3dcfaac7fcf96676ba

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-84RD1.tmp

Filesize
192KB

MD5
38d22ffa9717f071466ad0b902b747ef

SHA1
3cefc2c23316fd26d920e26d887281a3bea0f971

SHA256
fd025128a032eb2b8a88cfa355c570f354c14e655d1be311870a5aae7649c065

SHA512
7a6cd443ab803740523498e47701ea100f70ec304e68f40ca8fde95a9333dc4aba71229f4b4b19949a1df16fde5dfed5d035383d2b595734b3a1a3bef4ab8681

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-87EBN.tmp

Filesize
570B

MD5
7ef15541f3488b614e2f81831ef1a2dd

SHA1
3b19ea8b63b3a8a59d24b8a0172e0ebbc5570dcf

SHA256
07281e71ed532c6ddc12c57c0d6692d4cf234344907dc7974566854794d0ed58

SHA512
ce00b25e4d7248b1d080a9e5de61344922edd222d86d59a306e147a9e80e322581a878ac24aa27ca91da7bdaed1ba7d2ffd22a235a835823e023c7d092fe4ffa

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-87M1V.tmp

Filesize
536B

MD5
00a4309b242d9dbeda5aca91e1486a16

SHA1
8f61884072ebfb410143abbde9ac9952734eee7b

SHA256
beffd11405c681a70c89ef9d2bba7abca6e047fdea12312014643bd8d1c85a93

SHA512
01e71ff1a25c20e742ca18a00fd26df2369f1679aabc084380fa1de89d26ad794e4496a6a56bf22a407474e4cf132f6d357e327501f4c4c3b6644d1f866783f6

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-AI07S.tmp

Filesize
18KB

MD5
f4ca16387f69da692f20d2053586a64f

SHA1
7476526265c1fba801d8bbe8fa23c5bdf70fe209

SHA256
e4968faf40f84da0aa5c7affe572cdb860e646e3062042817639997f0c91c56b

SHA512
74476a9d48112c19c2e7b8543dca4e978363d7130db8a11056f7887d03884ebcb68ee2bf50d697978286a9391b31ff46f0ff4a438f4fedf509d7e6e501d55072

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-AN4EA.tmp

Filesize
582B

MD5
4277b0fb8ef316e78dc1af3ccedbf95c

SHA1
7007d5610d38a5e22520b2abb9cf4c0106850013

SHA256
af4a8dfbe0ab5c0b05436056a38048b726d51a840f0fa42d9ae72827d03573a8

SHA512
fac42097beb84528618bf70236fb6168f4af892a8b7b0917ca64c42dd3c0c4a875837e0817c513c20b7244ef823baf5c469d161fc65e092c933a61ab2eec1e92

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-BMG18.tmp

Filesize
847B

MD5
8c877965fe29bcfe228b87ff84887e7d

SHA1
9c299ab37b6a10c50fb463617a1752d6e1cb45fe

SHA256
bfbce5e9e9575ca5e1a2a182977d20ac742e3e6f00d0206d6009552ee5ceb8bf

SHA512
a749c2c014ae5879a8f224751ecf5fedd8042bd693817f15f8ac85e2f5f7b27030f5049981bd25710ad24925a75191c190e8b2504cbdb2bb320742f560132b88

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-IDTN2.tmp

Filesize
7KB

MD5
7fd0304744707ba02f3f0a5db46adc79

SHA1
5f6951ce70dbb88d9dfc3eca54e4d209942ea607

SHA256
3e96b24d493aa225d84967da1c51560464230ef3e4e26f8d7079fbb20b7291a5

SHA512
33495a9e84a56be72a486b7f590c74c2ddffdea2d2b6f42a997be275b76bc47412ec23a3bc519d6adf910da0c13aff67b49eed382a4f35ff0b96f874fcb25e08

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-J9Q14.tmp

Filesize
1KB

MD5
aa0a0986a62e811eb491a55b70eb8d90

SHA1
da56aafa56bfe11baf22d6c98b5babe9cc9cee95

SHA256
416049913d3a68f7943f2adcefd5a57b1263740e73d3a99fa624ef98d0a4b4ad

SHA512
60fdd1d1f375ba3e1acba09fd2f549f73534d58c055abcb833c74bc9a5dbeac84ed1b7427b2b406f012b30383c0656dd6e2e60ec48ecc6f22815b1c0e75c16bf

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-L79C8.tmp

Filesize
514B

MD5
5ee2cccefb118030febb8dd2608a1d56

SHA1
a50240cf4d3c1b9174ed30898fb9a2bb215c95e4

SHA256
1b6a657145c2c6118cec5e55d4fa48cf275edb225bb0e2a0e01f1e16948411a4

SHA512
a228f05428c130e24fe00b27e845828ab878e009ab9bc232795bb41058c9917ac9a7e3d5764622136e3f3ec904ce27806c75b196c7ff84966103cc041cf6495d

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-LM99N.tmp

Filesize
345B

MD5
7d3c35d1bbd5c8fae21901d3c030d126

SHA1
2e0b4617d725a50c15b7ab7fbe470cd61a11a48c

SHA256
bc0d4466f2e5cd656dc84118918e22fc5ed46339a5f584d55709974167bb5b36

SHA512
7c0fb7c90574c7fc495fe9b88b314d9b44578f70e62427bba7330087a873ec98d31c12ead8e205cb70fb4bf49ee055b2b37be547923436d62a7f799674d87c9c

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-LRPJ0.tmp

Filesize
15KB

MD5
768d7dc26a5c1f4c64e48f336b26b7bb

SHA1
cbebd673dd8ef9eefb1da7845b26e6b42c1ec83c

SHA256
9779005863eccb9be4f38215faee9abc2c2ed1342eff21efeaaab598dee05a7d

SHA512
c5aff472e446d8b5c6a2f92b9d8fe3f7197d12ca640e56b18b59b1480e6e35d9a5964c9fdf4a30c2258892855d7792797835951748045f2008e40f837b7e9f9b

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-NKRGO.tmp

Filesize
8KB

MD5
9795300ac2349850550117f70d7b6a14

SHA1
e03c3d70831f06a47942c908deadffd898242b11

SHA256
aa1e8b748122feddfa8020e235f7872f935ebd049bbff076a0d4a2d8823568a9

SHA512
4c284396e7c4d2ef8176c79d44fabd4bd439740db34b6f25665d83283609551ff362efef8172bd1c7c25bb94891667189b438ebeaa2b4e11d2674df90a3e4307

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-OON46.tmp

Filesize
11KB

MD5
14cd31a44548fffa5f35a7f17c9da7ee

SHA1
99c6a84f59fc5f1b4821b0d336fd0f5ded3f7188

SHA256
6cbe86a030900981c5e93b278345ea2f19d99ff42ba685b21667a33808dcf892

SHA512
47a97dbe117eef5d7e7dea4f7ff2413b1317e142cffee4be65dcd1b53d064a52cb78105d41d19aae623d86b6bb0482b54843eeecb50cee4def6599e55b5de789

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-RLE52.tmp

Filesize
297B

MD5
308e55a9b4c5ee20806cfbe5a2e29111

SHA1
f06b48a27e330a42c8eeb299ab8b1551b6c3e5e3

SHA256
191d6225d3ba9018c3f10ca79f503a2b9deb3f1a35263e019fe8bbf32703c396

SHA512
68f09c80509185179d01be295017d06c1694e15c824fa6ccfe8c8e4d9e252f2fadc3eb31ea01de27f4c915eb80a0d478f26ece79e59bcdbcaf9b38f8047b9bf4

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-T20FC.tmp

Filesize
8KB

MD5
2fecced6c93c2e0e7547f73468a83bb4

SHA1
be76d70a59e50ebda9d4753cd836114ce06f1809

SHA256
e84e27786d9e3e9c443a489034d96091af0470d86c8e9c5c9c7a8b9a33fe3e0a

SHA512
4fa7f49a332868ba9bebefaf23dbbd50277ae6c6e05a8098f04ef7b0cd78735ba1ce3a44c442936a9c08dd8bc92a7428819b0e43a3eb02829d5e0686fcee0e3a

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-TJNNM.tmp

Filesize
16KB

MD5
71a894b0df1193f76a315831fcc94b2c

SHA1
f0208b9db79aefe5e1ec1ecc78d879a27fd23bad

SHA256
d49de111187addb46d37278a7a365c4c6a0f2d4dc6d85b6ccb17512c134d93eb

SHA512
231fcbbd3428785ba352db81b83baa3dd73ed2e2610b27d52dc36ceb46c88aaca8b239ca295ecc28f68a2d7d45bcce18b61b433c1eb003319840ad0f80e3c84a

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-UFU1R.tmp

Filesize
1KB

MD5
44a70efc7bd22f0cbb6420315ec63583

SHA1
17a762dc0866bde26e2ac762e8f117c8b44e4120

SHA256
ad475ffc52c6b0cf10f47fa9b2ea5839149877dc384184f3416a1085550dd50d

SHA512
ac5cfd6b67a54f4c77e76b9ae4a10adc8fee1dc831f61f6b30b04475d4dc17625e73ecb9fdd848265e74f85e700da03f19ad97d34c39ce0d22f61feb571e3caa

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\lib\Resources\Images\is-VA074.tmp

Filesize
702B

MD5
818279f204617d172f66ad8517731550

SHA1
893eb476c98ad76c0eccfdab3e6787ba4d966f6f

SHA256
703d088f318d81730e7b07662a29a39751d03d670993ecfbc0f80e0401b304bf

SHA512
31c908e4d8453e747aaede0681821e7d0c2e69d3363d5412833c547c6be07f62c17df097a6a1f1beb98a72c3d579684cdcf81c654953f8e790ba590401a32255

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\utilities\BorisFXDirect\resources\app\node_modules\url-parse\is-76265.tmp

Filesize
1KB

MD5
4310a14e1d911cc6e4b5a34dbcbeaddd

SHA1
5ad90133cb189c11a7b1e1635a431aeb3e8ddf68

SHA256
3b2a6a268aa815dec121d614245e03b5c68db1f044d5b525e36db7d5dc7fb9c3

SHA512
8017ccd57bab89deb8e032bdefd55fbee4259c03925dfe82b99e0778946e86582d1a2cf0d624a91f7c400ad712719177df65deffcf4a6866040f09580abb0661

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\utilities\BorisFXDirect\resources\app\node_modules\whatwg-encoding\is-CRNUV.tmp

Filesize
1KB

MD5
0a0c0f3a891454d985704a2b0071c46d

SHA1
163db33b0cfedcdd3f3ecfdbd1042b3cb7e9cadd

SHA256
528eec83cb836a0adda9f8fc3d6a2a70a710d6cc0be9a155f92212c8df28acfa

SHA512
ed02bca2e6735bda7752ce7233d81b0f74fef13ed24122bdf91fd1aed3738e4ff8c7f02755c2a465b097125ad3af694f150474efdc9c9560b490fa0e1e206d96

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\utilities\BorisFXDirect\resources\app\node_modules\whatwg-url\lib\is-11BF4.tmp

Filesize
1KB

MD5
3c5fb877a295c85fd121c58f666c80d9

SHA1
06971aa7fd35075af8c25901113250cffb7c286f

SHA256
913cb6a510a344fd81bdfd45c5053bc63352d31331e4e97daf6bb9baf8317910

SHA512
4b41c371ea1388aa73727c48acf1b8a556d920b5539a98a9632a103165fc0cccd293278ec66059a02f516089ea75192aad10e377b7d4e2882f31e349f9a7b321

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\utilities\BorisFXDirect\resources\app\node_modules\whatwg-url\lib\is-9FOP3.tmp

Filesize
5KB

MD5
97fdd66079680419d89688075f32ec3f

SHA1
46b7e6a666b10b7c3512ae5ca5b309abc89d5fa8

SHA256
3dce521ab525a11eb5d817a78bf3308a8ab2e16b73c5c288f81c8d6ad496fa2e

SHA512
7e0ece792f5ab1d4603c67e50e5e787d4828d0af2dd668048b6ab0b3bb60265a314c2364d75a570eae32ca13d36be5a98c50f4e3d160206597bebc24ac9d79c7

Download Submit
C:\Program Files\BorisFX\ContinuumAE\17\utilities\BorisFXDirect\resources\app\node_modules\whatwg-url\lib\is-EHTCD.tmp

Filesize
728B

MD5
17b66835625ce65f768ea8c5cf578eca

SHA1
77ae2c67fbcd4cdc40bf11cddfc5259e786817d3

SHA256
9b404e93615b95bd26051da63d631d134ae8c7ff057d2324d094abed18ff8dcc

SHA512
5d6b2c8750206a98207a83b5d3e9c40300d2be44db61938671c881a46710e5e973856afdc7a223e2eac145b7d01bea2fecb38452291437bea98ca40715607889

Download Submit
C:\ProgramData\BorisFX\Continuum\17\Presets\BCC Art Looks\BCC Artist's Poster\is-MBOBM.tmp

Filesize
7KB

MD5
f6ba0ea597e1c1a4df5b19baf1cfad47

SHA1
d2a4d7c889c3508ab220d87d51941f7e627d53c9

SHA256
4363c5c032db4f47239c8eca6b95037cbcc907ef0aceaeb58142089ababbd26c

SHA512
22fd2e90f8d7bf928fd384a99f312ce1a347bf6011d7f966865bcd730f52bb4263c4c076e6ce51449c3de1994a3797dbe7349e1ca81ccd3ad2cae2dc1d6b37c9

Download Submit
C:\ProgramData\BorisFX\Continuum\17\Presets\BCC Film Style\BCC Match Grain\is-U9OUD.tmp

Filesize
7KB

MD5
b5786fb6754969ed2d2b03a5f895abdb

SHA1
2fcb6f4b0aaf9347a120bc34330f7150017291f7

SHA256
370b8a1152ef5b1623d0f13a1144343a2fa51902510cc633e59323db55c562bc

SHA512
1444ce15a4547acc508c8057e05edf964d001858a320c2299dde28390e8f0460b7c7bc62c0e16648fbfaebd10d32b503ae8aa961ee4d6f7b7c8b53dd4b4c9832

Download Submit
C:\ProgramData\BorisFX\Continuum\17\Presets\BCC Obsolete\BCC Rectangular Wipe\is-KPOHI.tmp

Filesize
17KB

MD5
4c2bd441376360c980283208d26efe90

SHA1
74b75ffea7054a7c4254fdfbbd66cc8b3b5a03cc

SHA256
e0e03241983a43bd8c3bdcc8e7532c1979d81efa82f8b2ba11b8eefa420d6e54

SHA512
976dc285e94dfaddbfc456ccd3b83a10cd46eaa2f7038fcb41e9e2968d7338ff324da6d4e50a828fe49291b67ffb19e088ea8bf3e24abf0032e0dbaa60ff3db9

Download Submit
C:\ProgramData\BorisFX\Continuum\17\Presets\BCC Obsolete\BCC Steel Plate\is-G9QLN.tmp

Filesize
7KB

MD5
879f41abae01abce490f3dc8b6aab6ad

SHA1
4f220615392bbd732f7bd7ed96b6bf479ecf3120

SHA256
7d253781e2141c4b795af0cecdd6b8d2dc73493624893af2b9340a9508236012

SHA512
69fcfa8cf765fce4a74f57cd46820054ded6db0d3b6547e887fa8ac2d26523c09d64d72f01c78fae3f0d88152d8dc85a09b5dc6e4d134009f663e5847ede6a3a

Download Submit
C:\ProgramData\BorisFX\Continuum\17\Presets\BCC Warp\BCC Turbulence\is-FQARA.tmp

Filesize
18KB

MD5
0eddbf92f5f833f1d43b4103a26e3a1c

SHA1
dec500c1a7342727df3129e93868dc49e7731ed2

SHA256
5fcd33f4c3a9ccdf38125a329fa914378745e84056f697341843c9751bf09ef9

SHA512
15eee74684c0e902b1b4d94b311c42164e6beafebdd8266a0634cb9fc4714169d0edd8ce088db958a69c378b6a6004a89d1d4e483b94118f579c6e3762a1dea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7D9E7.tmp\BorisFX Continuum 2024.5 Adobe v17.5.4 CE.tmp

Filesize
3.2MB

MD5
d7cc33a4e618efdb98090c344a7d02d9

SHA1
563c07a835983e2445d8e4ab9c478c0482db5b4e

SHA256
916a14becf43f6ceabdddd7941f4bf0cc21a38f8956012aca62584fdfbc35569

SHA512
5901b8f5f12a9eb34257bc49d6468f948f7baaf0b9a549e6783e18be51f17a4e51f90b4a9c6ae9b200a8bbbd535b9032e4ebb70a5ed4f42c367595a8c761deae

Download Submit
\Users\Admin\AppData\Local\Temp\is-2HNCI.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
memory/844-521-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-6437-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-307-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-12-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-10325-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-12061-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-23894-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-12701-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-475-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-6-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-4355-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-863-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-15865-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-897-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-18444-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-2953-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-8657-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-21139-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-23885-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/844-22845-0x0000000000400000-0x000000000073B000-memory.dmp

Filesize
3.2MB

Download
memory/4620-1-0x0000000000400000-0x00000000004E1000-memory.dmp

Filesize
900KB

Download
memory/4620-2-0x0000000000401000-0x00000000004C1000-memory.dmp

Filesize
768KB

Download
memory/4620-11-0x0000000000400000-0x00000000004E1000-memory.dmp

Filesize
900KB

Download