hxxps://drive[.]google[.]com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Analysis

max time kernel
820s
max time network
813s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
22-11-2024 21:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Score

7^/10

discovery persistence privilege_escalation upx

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 43 IoCs

pid	Process
4380	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
4960	Setup.exe
456	Setup.tmp
3644	Creative_Cloud_Set-Up.exe
4952	AfterFX.exe
1396	CRWindowsClientService.exe
4040	AEGPUSniffer.exe
1124	dynamiclinkmanager.exe
2356	GPUSniffer.exe
3900	CRWindowsClientService.exe
3224	TeamProjectsLocalHub.exe
1668	CRLogTransport.exe
3252	CRLogTransport.exe
2936	CRLogTransport.exe
1892	CRLogTransport.exe
2200	CEPHtmlEngine.exe
3416	CEPHtmlEngine.exe
3864	CEPHtmlEngine.exe
3900	CEPHtmlEngine.exe
5016	CEPHtmlEngine.exe
1484	CEPHtmlEngine.exe
3296	AfterFX.exe
4608	CRWindowsClientService.exe
5852	AEGPUSniffer.exe
224	dynamiclinkmanager.exe
5008	GPUSniffer.exe
764	CRWindowsClientService.exe
1340	CRLogTransport.exe
456	CRLogTransport.exe
5512	TeamProjectsLocalHub.exe
2308	CRLogTransport.exe
5700	CRLogTransport.exe
5884	CEPHtmlEngine.exe
3604	CEPHtmlEngine.exe
4796	CEPHtmlEngine.exe
5468	CEPHtmlEngine.exe
5908	CEPHtmlEngine.exe
5460	CEPHtmlEngine.exe
1696	Creative_Cloud_Set-Up.exe
5872	Creative_Cloud_Set-Up.exe
2228	Creative_Cloud_Set-Up.exe

Loads dropped DLL 64 IoCs

pid	Process
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	AfterFX.exe
File opened (read-only)	\??\D:	AfterFX.exe
File opened (read-only)	\??\F:	AfterFX.exe
File opened (read-only)	\??\D:	AfterFX.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
5	drive.google.com
6	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000025b17-311.dat	upx
behavioral1/memory/4380-312-0x0000000000C60000-0x00000000013E6000-memory.dmp	upx
behavioral1/memory/4380-346-0x0000000000C60000-0x00000000013E6000-memory.dmp	upx
behavioral1/memory/1956-367-0x0000000000C60000-0x00000000013E6000-memory.dmp	upx
behavioral1/memory/1956-394-0x0000000000C60000-0x00000000013E6000-memory.dmp	upx
behavioral1/memory/4664-432-0x0000000000C60000-0x00000000013E6000-memory.dmp	upx
behavioral1/memory/3644-9995-0x0000000000E50000-0x00000000015D6000-memory.dmp	upx
behavioral1/memory/3644-10022-0x0000000000E50000-0x00000000015D6000-memory.dmp	upx
behavioral1/memory/1696-11479-0x0000000000E50000-0x00000000015D6000-memory.dmp	upx
behavioral1/memory/5872-11840-0x0000000000E50000-0x00000000015D6000-memory.dmp	upx
behavioral1/memory/2228-12019-0x0000000000E50000-0x00000000015D6000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Lumetri\LUTs\Legacy\is-2HN3O.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\is-V6C0C.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Universal\is-N2RRV.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\Qt5Test.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\(Media Core plug-ins)\Common\is-VEO9V.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\images\thumbs\is-EQOAE.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\resources\is-7QUUU.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\mc_mux_mp4.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-89ABA.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\EngineAssets\Shaders\is-9DSBS.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-1GFB6.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\typesupport\cmaps\is-JS7FR.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\boost_program_options.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-L9AIS.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\ru_RU\is-QOHP8.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-N067F.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\is-05MK6.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\sdm_dictionaries\is-5AQFL.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\is-BEK93.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-PTUQM.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtGraphicalEffects\is-JTP4Q.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Shapes\Sprites - Still\is-FDAP5.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Transitions - Dissolves\is-K66PT.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvawhatsnewui.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\luthien.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\opencv_core430.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQml\Models.2\modelsplugin.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\is-9ABAT.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\images\thumbs\is-FAIJC.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-TLKP9.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Required\is-C8MF1.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\images\is-AG5KO.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\images\thumbs\is-DH9CH.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\hu_HU\is-D6MDG.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Keyframe\is-G7K7D.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-IN1N0.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Backgrounds\is-M1QGU.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\typesupport\cmaps\is-GVLAD.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-HUVFQ.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-UF3Q3.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls\Styles\Base\images\is-VJFUA.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Miscellaneous\is-NQQDA.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Required\is-3F210.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Resources\ocio\default\luts\is-EEQJB.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls\Styles\Base\is-VVP78.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AID.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\ccsearch\images\is-GOO76.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\ccsearch\images\is-5J6RU.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-89FBP.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Lumetri\Video\is-14UMQ.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-K6252.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-5SF7N.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\lec.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\is-12QOD.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Resources\ocio\default\luts\is-LLL0N.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-H9KKU.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\ccsearch\images\is-JFGRA.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-89KPF.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Resources\ocio\default\luts\is-EIGLP.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Material\is-EN1TR.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\css\is-NJFQG.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Animate In\is-8RU0P.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-KPQ49.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-OO41Q.tmp	Setup.tmp

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2488	4380	WerFault.exe	104
1876	1956	WerFault.exe	109
2732	4664	WerFault.exe	112
4888	3644	WerFault.exe	118
6124	1696	WerFault.exe	173
5528	5872	WerFault.exe	196
6108	2228	WerFault.exe	212

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Creative_Cloud_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Creative_Cloud_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Creative_Cloud_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Creative_Cloud_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Creative_Cloud_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Creative_Cloud_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Creative_Cloud_Set-Up.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Creative_Cloud_Set-Up.exe = "11001"	Creative_Cloud_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133767848914731036"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Applications\7zFM.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\InprocServer32	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\1\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\InprocServer32\ThreadingModel = "Both"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Applications\7zFM.exe\shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\ = "Dump"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}	AfterFX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D517CC93-7066-4D06-A2AF-2F4298738C2A}	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Applications	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0 = 50003100000000004759a2611000372d5a6970003c0009000400efbe4759a2614759a2612e000000539f02000000040000000000000000000000000000000b9f050037002d005a0069007000000014000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	CEPHtmlEngine.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	CEPHtmlEngine.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	CEPHtmlEngine.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\AfterEffects 2022.rar:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
456	Setup.tmp
456	Setup.tmp
3644	Creative_Cloud_Set-Up.exe
3644	Creative_Cloud_Set-Up.exe
3644	Creative_Cloud_Set-Up.exe
3644	Creative_Cloud_Set-Up.exe
3644	Creative_Cloud_Set-Up.exe
3644	Creative_Cloud_Set-Up.exe
3644	Creative_Cloud_Set-Up.exe
3644	Creative_Cloud_Set-Up.exe
3644	Creative_Cloud_Set-Up.exe
3644	Creative_Cloud_Set-Up.exe
3644	Creative_Cloud_Set-Up.exe
3644	Creative_Cloud_Set-Up.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe
4952	AfterFX.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
2780	OpenWith.exe
2516	OpenWith.exe
2472	7zFM.exe
4952	AfterFX.exe
5272	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
5216	msedge.exe
5216	msedge.exe
5216	msedge.exe
5216	msedge.exe
3712	msedge.exe
3712	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe
Token: SeShutdownPrivilege	4944	chrome.exe
Token: SeCreatePagefilePrivilege	4944	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
4944	chrome.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe
1904	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2780	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
2516	OpenWith.exe
4380	Creative_Cloud_Set-Up.exe
4380	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
1956	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
4664	Creative_Cloud_Set-Up.exe
3644	Creative_Cloud_Set-Up.exe
3644	Creative_Cloud_Set-Up.exe
4952	AfterFX.exe
2200	CEPHtmlEngine.exe
4952	AfterFX.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5272	OpenWith.exe
5884	CEPHtmlEngine.exe
1696	Creative_Cloud_Set-Up.exe
1696	Creative_Cloud_Set-Up.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 2436	4944	chrome.exe	79
PID 4944 wrote to memory of 2436	4944	chrome.exe	79
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1512	4944	chrome.exe	80
PID 4944 wrote to memory of 1344	4944	chrome.exe	81
PID 4944 wrote to memory of 1344	4944	chrome.exe	81
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82
PID 4944 wrote to memory of 412	4944	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9710cc40,0x7ffd9710cc4c,0x7ffd9710cc58
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2008,i,5886037837790858711,15925060755939572933,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2000 /prefetch:2
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1732,i,5886037837790858711,15925060755939572933,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2020 /prefetch:3
  2⤵
  PID:1344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2180,i,5886037837790858711,15925060755939572933,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2272 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2992,i,5886037837790858711,15925060755939572933,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2744,i,5886037837790858711,15925060755939572933,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4404,i,5886037837790858711,15925060755939572933,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,5886037837790858711,15925060755939572933,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4780,i,5886037837790858711,15925060755939572933,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5400,i,5886037837790858711,15925060755939572933,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4332,i,5886037837790858711,15925060755939572933,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2896

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1108

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3124

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2720

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2516
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\AfterEffects 2022.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2472

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AfterEffects 2022\" -spe -an -ai#7zMap22981:96:7zEvent7838
1⤵
PID:4488

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\AfterEffects 2022\Readme.txt
1⤵
PID:4528

C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4380
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 2468
  2⤵
  - Program crash
  PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4380 -ip 4380
1⤵
PID:5048

C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 1992
  2⤵
  - Program crash
  PID:1876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1956 -ip 1956
1⤵
PID:4160

C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4664
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 2432
  2⤵
  - Program crash
  PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4664 -ip 4664
1⤵
PID:4928

C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4960
- C:\Users\Admin\AppData\Local\Temp\is-8VAAU.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-8VAAU.tmp\Setup.tmp" /SL5="$50204,882176,0,C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:456

C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 2232
  2⤵
  - Program crash
  PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 3644 -ip 3644
1⤵
PID:1988

C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe
"C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4952
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" updatepvbpreference dummy
  2⤵
  - Executes dropped EXE
  PID:1396
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\crashlogs"
    3⤵
    - Executes dropped EXE
    PID:1668
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\dumps"
    3⤵
    - Executes dropped EXE
    PID:3252
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe"
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamiclinkmanager.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamiclinkmanager.exe"
  2⤵
  - Executes dropped EXE
  PID:1124
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe"
    3⤵
    - Executes dropped EXE
    PID:3224
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\GPUSniffer.exe
  -T 62 -H 896955275054952
  2⤵
  - Executes dropped EXE
  PID:2356
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" updatepvbpreference dummy
    3⤵
    - Executes dropped EXE
    PID:3900
  - - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
      "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\crashlogs"
      4⤵
      Executes dropped EXE
      PID:2936
  - - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
      "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\dumps"
      4⤵
      Executes dropped EXE
      PID:1892
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\index.html" 9791bf4e-258f-45d9-a12a-13c844039e97 4952 AEFT 22.0 com.adobe.DesignLibraries.angular 1 "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" "AE_CApplication_22.0" 1 WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= en_US 4280492835 100 1
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2200
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=gpu-process --field-trial-handle=1676,11340888186344376463,12173642510372610587,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --params_ppid=AEFT --params_serverid=4952 --gpu-preferences=OAAAAAAAAADhAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=1736 /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:3416
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1676,11340888186344376463,12173642510372610587,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=utility --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2032 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:3864
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1676,11340888186344376463,12173642510372610587,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2056 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    PID:3900
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1676,11340888186344376463,12173642510372610587,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=4952 --params_extensionuuid=9791bf4e-258f-45d9-a12a-13c844039e97 --params_windowid=66534 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:5016
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1676,11340888186344376463,12173642510372610587,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=4952 --params_extensionuuid=9791bf4e-258f-45d9-a12a-13c844039e97 --params_windowid=66534 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:1484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004CC
1⤵
PID:4740

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\6626f0bf1af1478886d0a59972cc2d58 /t 1800 /p 4952
1⤵
PID:5800

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5272

C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe
"C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe" "C:\Users\Admin\Desktop\Untitled Project copy.aep"
1⤵
- Executes dropped EXE
- Enumerates connected drives
PID:3296
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" updatepvbpreference dummy
  2⤵
  - Executes dropped EXE
  PID:4608
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\crashlogs"
    3⤵
    - Executes dropped EXE
    PID:1340
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\dumps"
    3⤵
    - Executes dropped EXE
    PID:456
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe"
  2⤵
  - Executes dropped EXE
  PID:5852
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamiclinkmanager.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamiclinkmanager.exe"
  2⤵
  - Executes dropped EXE
  PID:224
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe"
    3⤵
    - Executes dropped EXE
    PID:5512
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\GPUSniffer.exe
  -T 62 -H 1015257692573296
  2⤵
  - Executes dropped EXE
  PID:5008
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" updatepvbpreference dummy
    3⤵
    - Executes dropped EXE
    PID:764
  - - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
      "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\crashlogs"
      4⤵
      Executes dropped EXE
      PID:2308
  - - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
      "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\dumps"
      4⤵
      Executes dropped EXE
      PID:5700
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\index.html" 4171a1bb-05d7-465d-a19b-b3ff601f1a1a 3296 AEFT 22.0 com.adobe.DesignLibraries.angular 1 "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" "AE_CApplication_22.0" 1 WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= en_US 4280492835 100 1
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5884
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=gpu-process --field-trial-handle=1612,2533397752500841648,8620088095577243513,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --params_ppid=AEFT --params_serverid=3296 --gpu-preferences=OAAAAAAAAADhAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=1624 /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:3604
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1612,2533397752500841648,8620088095577243513,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=utility --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2160 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:4796
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1612,2533397752500841648,8620088095577243513,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=3296 --params_extensionuuid=4171a1bb-05d7-465d-a19b-b3ff601f1a1a --params_windowid=852500 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:5460
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1612,2533397752500841648,8620088095577243513,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=3296 --params_extensionuuid=4171a1bb-05d7-465d-a19b-b3ff601f1a1a --params_windowid=852500 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:5468
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1612,2533397752500841648,8620088095577243513,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2204 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:5908

C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1696
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 1904
  2⤵
  - Program crash
  PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 1696 -ip 1696
1⤵
PID:6104

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious use of SendNotifyMessage
PID:1904

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:1108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=This+PCC%3A%5CUsers%5CAdmin%5CAppData%5CLocal%5CTemp&FORM=IE8SRC
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xe0,0x104,0x108,0xb8,0x10c,0x7ffd811f3cb8,0x7ffd811f3cc8,0x7ffd811f3cd8
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,12715919860612329759,10424971327024023,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,12715919860612329759,10424971327024023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,12715919860612329759,10424971327024023,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12715919860612329759,10424971327024023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12715919860612329759,10424971327024023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12715919860612329759,10424971327024023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12715919860612329759,10424971327024023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:5844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
PID:5872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 2120
  2⤵
  - Program crash
  PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5872 -ip 5872
1⤵
PID:2428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\{DED0A55A-8B2E-4A49-BDC9-2192B6380FE7}\index.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd811f3cb8,0x7ffd811f3cc8,0x7ffd811f3cd8
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,17774898331815736591,12089938674683363700,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,17774898331815736591,12089938674683363700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,17774898331815736591,12089938674683363700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,17774898331815736591,12089938674683363700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,17774898331815736591,12089938674683363700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,17774898331815736591,12089938674683363700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,17774898331815736591,12089938674683363700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:536

C:\Windows\System32\Notepad.exe
"C:\Windows\System32\Notepad.exe" C:\Users\Admin\AppData\Local\Temp\{DED0A55A-8B2E-4A49-BDC9-2192B6380FE7}\CCDInstaller.js
1⤵
PID:5836

C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
PID:2228
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 2516
  2⤵
  - Program crash
  PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2228 -ip 2228
1⤵
PID:1720

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
PID:1588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Adobe\caps\hdpim.db

Filesize
68KB

MD5
d6979b4794b15e3bc57ae5a84afbb92b

SHA1
a483617ad62b6903c4e68acc305000618af03982

SHA256
504c18904939228f7594cf24722c10089779774d022e44a4a87f3f08ada89c55

SHA512
0ece7a27579496aed1c9216826ea77c9ec38cd2da5a004b272431af2334ea22385caa80433295e07264ba6836b0a1b189be7a09a8ca826477890fd90c54b2d08

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ASLFoundation.dll

Filesize
456KB

MD5
815c858fe48e3b487139ad790d6086bf

SHA1
ae0f2a07c1beabdf87584f6e16b027783e56295e

SHA256
3b6e03d838cb72be322a74d7c2db79d820ba82eaf3c890765a07bbbe21aa044a

SHA512
3ee5678bc1b3393587c10e5a46ee79fe01c7c5af171293721944e779f71c44519a5fa8f222da13a1092328282d91c564486950cf4aeb8ffa00b4241f30466c98

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe

Filesize
1.2MB

MD5
782cd23f53637c6298b1fd849ae89440

SHA1
fea438d27ca9ad9dc293c5054452c00ee73b8492

SHA256
53b8ca0bdf6f16b2770ac0b3ef4f7d9d96ea660328407a31956b01617fc1a397

SHA512
c61fe1270c75a9fb5e11be45ba064d82bbd74a32859e888d1bbc6474c4ada95e0497760eb17ba3722f47ecce88c275f514f45c2030698d5dc112b94d45d30420

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFXLib.dll

Filesize
45.5MB

MD5
12346f5c85b4c9d208e02d5ce6ed87df

SHA1
c1f2b9edc65d56c2c4cc7e34f1b668d5ed180623

SHA256
f4ffb5cc7e790a42c0a625df35b091acd8a7c8d5cc935b5a168cd421eb59bcc9

SHA512
1699d0b11ebd9b2e452ae42ac2c1f84074a64d3a86f32ceb8ecb1585a3c9a359ae8e6613367227349802e151db67e80ff2f3ab40eead75b80c061df880214d36

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Backend.dll

Filesize
18.9MB

MD5
76ec2017cf08bbe72322bfea769a623b

SHA1
2d0604cfa431f4b0dce424c553584e7539b0c95e

SHA256
9ff123b4c20983066dbfbc26b8fe2df94d6ef6fedceb80680752d61e81062ed8

SHA512
f06efeb269baab2da845cd2346d1c9c917640e41a072d8fe24114e5caa0f907295e3a53daedb21ab727d843807c9a8ce33c8a683d47f10dd0e45ed90b8b77cc1

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\locales\is-I7VSV.tmp

Filesize
553KB

MD5
9e64f617c7278342dce87dd3bac112a6

SHA1
0c58bdd98c69b0f73578a56311aa22bc85f70d87

SHA256
6f117db8d19641253877c928fb4e3a8710f4380ba66b0d8f883a79c1e64b8edb

SHA512
40ac1fb74009921c32cec922d0efe55ff061dab9b647ada2ee28c8da986ff0b017fceaf9f04885a38b8aab02cce1618600ba473d89e6731306189b422ff9cd81

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CodecSupport.dll

Filesize
2.7MB

MD5
19c2ecf80bc4b84b43ec36c57a52cb94

SHA1
00c56f8c661376c88b579d56f922810467196b72

SHA256
8a52106f072bca00c74c093b7b902c7a3d305fde53add61829ba9b05bf82333f

SHA512
0e86ae79e110c382de36dba77a03c834c5dcf9a6debf535edfa33db11153aa7b813f7ea88c8eb0d6487472dcc2a9e08cbe15cd136f55216622f0cb5b88245e7d

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\DisplaySurface.dll

Filesize
1.3MB

MD5
2bd3bbd8cfd1b6c31b3278a0a0c667c8

SHA1
2e7c58ba732bf6248d318e9202ed8e5689feb1bb

SHA256
0fdfe23cae936fb70b845b7af8e0b5140ddf41ac28722cbda3e8a007e3e0e3f5

SHA512
93fce7b3142768c9e31fafba5bae18a911847de3c22555662051b70d4434410f398bf008eb2947c1cda41514ad08ece1f50d05917001b7974d861d448ed68954

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\EAClient.dll

Filesize
8.3MB

MD5
15b27cb2d8dd2fa489d9d999ad2f3225

SHA1
849badfe19efdb67d57d5fc340a7a966c86e95bd

SHA256
f8e1d4663c13156a62f81010fd81d136c4362127955667c2fa1371383bc0837d

SHA512
9651a16770ca842d1551612aae865826f5fb0bd3c0833c9819e72ee7af2e722ecd64a82aa0db28535cb7de5443108379d7aeba6d3e58837c0459ba9a57a2546f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\EAProjectBridge.dll

Filesize
5.7MB

MD5
9b8d4fbca19b50773ff6567d58ddd587

SHA1
503a1752a884c09b290f4a798745e63b73a5399c

SHA256
832ce693d15a0a9af4d779d7a80a552a41607c12710102452ac3165a9dffe01f

SHA512
f98ca4639f12f5760a429177cba624e30a28fa8f951cfe2c3b483cc35621aca4b0fce0e99adc1cece72f6f822852bca1429779c28956781fd84b61934b5467d6

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\locale\fr_MA\is-NMD26.tmp

Filesize
88KB

MD5
1a52bd2381250e4ef68a411e3f70416a

SHA1
280de059b7ffb6be20890697e485921f977b959a

SHA256
4c1f429a49b1f0d839fac6729bcb7aa956a6547c91c6d8a8ea92265923985fe5

SHA512
3224c891f3e3603fd07bead33218837b6283dc35d71f7c1cb5bb71fa81bcba87bd81892b1062042a8ce2a6291680b9146d837ebe1600912865d4f05af8158049

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\locale\zz_ZZ\is-1GK7E.tmp

Filesize
73KB

MD5
d675e91aea7f0fec379ecda4fe44182e

SHA1
3c72fb9ee678b91cfed8d702077ae6f48247aae3

SHA256
83f04204cd78ad88287b1e44d2200745a0f59863754906bb358c41228c2b8798

SHA512
d971aa0db0307a23d5e21609fc5b995752a24d79f5d2d880b47cdc7123ba12359df8c1e7602d675e59152da58420354fa5e76973e71eb90abe0ddc5fbfaf8fbc

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MLAssets\is-2TSAC.tmp

Filesize
344B

MD5
803efabdcb80cc3f150be9e41f7b4b57

SHA1
0750a3092054536d88a9c3b430e8ddf71b134bf5

SHA256
332312e95be9df62848fe57f265f54e219f071cf218c28ea23151fed66d0d859

SHA512
354d9ca7dc2cfb349014f24e0fd008f024a083fdc3321d2e57c778e0eeacc27ef24663c937287903e26d147aa8e515261fde59af8b1e8f3bf057619f338a39d4

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MLAssets\is-4R52A.tmp

Filesize
344B

MD5
2f4f57eff18062e994989da91f4086d1

SHA1
dacb16b5573f9cf7fb3762f169a1b52f79de3b3c

SHA256
22d18eae8b4a0091e1a8a50346c5f59901b33736df0a8fbbff4d7ba033a416cb

SHA512
e4b346d3def9a8b185a1ec0890a143cfe62ef73bf7cf7ee8a562a6cc31f7d74d63e438218af18e05387ff257b3a694f429010945e44f377e6853e4fef5d4eabf

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MachineLearningUtilities.dll

Filesize
497KB

MD5
5207ceb8e80c3e378a1d94cde5cd81ac

SHA1
203b7e8a59fd18a7688fa23649ecdf0037a630bf

SHA256
4d4db9ff763eb4a4d5d18f7f55862f52c6758a90daa00f5f7d308aec630514be

SHA512
d2eb45700511a0d749450eb13972f73abde1dc1bf3f36219cf7aa0df55c5b35a796ef66f3f94cd4167b06279e82b159fbd16d59e6aec2fa594332aec77ab4880

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MediaFoundation.dll

Filesize
960KB

MD5
93d26d347e13336bea687b786a87e8b8

SHA1
cd876dee89795a269278a552c1345e11e0a97d65

SHA256
89e213d83470c3f3cbb6b2a6891b8d013aa96bb9e3150ba0fdbfb327e5b85a76

SHA512
5aae484a69f16f264082c8630099da510c374c759f03309575d70ef7aa31a5a9915e405b3f4d06e223b318191798bc00ada2217973434217812f52f5ca1e2d40

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MediaUtils.dll

Filesize
164KB

MD5
502be848a7912db4c5b89a3e6c3ba716

SHA1
b556d739d626e532b5beb8b734557e2df89bf5b1

SHA256
32ec4bb900a541ed68f5069d06c8a02e22bc790f2351f448231a770fccf43432

SHA512
740769f0383dc69ba301bd61749487c86df4ca4f1fecb65e1081c2e79008993b17e52b9d4a4583697cc86b47cd0a01fd40c828118d7d8327a0d4470dea3ee3a4

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-7OKFI.tmp

Filesize
2.6MB

MD5
276fcc886c896b4734c7030a82d39b73

SHA1
b0fc396ec072c5ce69ac4c1cbb166ecbebe8cc98

SHA256
992644b9c1e8ebff7aa028f8a542b1db44d6f04db1a590535d44b0520e14d723

SHA512
7c3466b42b1026aeaca4cb95403caa4c7c8d4fb2784aff139170c7575c80c026540cca902fe6d392ba6e331adcd2a36656a4e041f24fc62fe8de09acccdefd2f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\is-SMCKJ.tmp

Filesize
2KB

MD5
5435f060331a523b9e5db9c9957756aa

SHA1
e0f07b59a0ac83b7cea1716cdae4a59aeafa396b

SHA256
91d7772e4a193e91a093d59451508cdb89448eaffb4febda26789777afbacf3d

SHA512
536e731672c1348222490d39099712c7bbcbf8d0c6be5d0f3517c10feb1b47d7942c18703e18c28f36774546a41f18d61fa8096e022a82947d43b11a2641d187

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\is-VTU9K.tmp

Filesize
2KB

MD5
e6dd3db4f8a582e30f07b77e801428f0

SHA1
d207e34278440fc9b47c6480a47fef13870ffff6

SHA256
a3fff66cd7217029792e7fce403cc658b0ea03b2d3a2860f57479c8ea6bc1372

SHA512
f58e27d7f36e05cb1d6277629ee2e3cc239b2ba73a75d1399a048191e4443dbb1360922b2cc0d36c3a19b04fcdb64f5dbbd0a838736dca658b9caf856031c5ea

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ProjectSupport.dll

Filesize
157KB

MD5
7c309d19b3cc9b7eca55e23f747e6416

SHA1
bb446d5894b913bce23b453358b9f8f920b573bc

SHA256
170c2bc6e952fdec57d08c77c7d7c8c2733144065d51f761920f32a59838efe6

SHA512
a4126723208cc791039305478be268416398e85c9abe46f35028ae65c904ec30e8564d34cbd6fe1cbcec2e4ef1b08e81f61ef88b7a54e99bc90aa65e6517f2d1

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\SweetPeaSupport.dll

Filesize
217KB

MD5
526b5d54be2e94e490a4671ef72ed328

SHA1
6dcd805bc6c01f6c9e78909c71fdf63ea33090fc

SHA256
a267bf6515bad3dd271783dec0579d8a68ca47cff7baffead7dd0954c45e2a8e

SHA512
b566a816e32b750399a96917efad869e180dcbf69eb35631228604bf418f39d2496e48cb903b365ceabad5bd08d5bd0627f1e27db725799a88dabeb0d893e207

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\VCRUNTIME140.dll

Filesize
77KB

MD5
214933e81e444675a9188f8a0b2dddff

SHA1
2229a5139638063dca97c82928b3debd58a8e49e

SHA256
8c45c8d45419b1d71f086dc28d562a9c19fa42e6335e2b0c614a6899d93023fb

SHA512
b177184a39f56f995ded7c3f6e88ce6741f927896b53d2967a1c2990588f168270c40de9ac8fcaf47cf87d8992ad4056de87bc6f4253c5784868a0a1aae88f75

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\VideoFrame.dll

Filesize
607KB

MD5
80ab704f27cf8829662b48d8a108e9de

SHA1
859315fa62e5df6639f12fa778e1cbfdab22de87

SHA256
f40cb4635ec140ea8d1f6059c99f231c882b31562599e5ff25bfbf2bdadf5327

SHA512
b1dd081433f666315d9cdab94324229ff1b09554eeecbd69562d81d8f9a35dd2eab1c2c027892b904e1fe231cb469ca557a57e093c8b79f67849fbcabdb675b9

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ahclient.dll

Filesize
313KB

MD5
b9a7dd7f322d07db95616e5208838641

SHA1
46630fd8c25ea9cdb56325a7cf45572e5ab31bd1

SHA256
c26f9a1f0ea3e175c2d229baf369364af257083a3698cfb52398933bffbd3f10

SHA512
37083884beff6d8291207ef12e93c60b473c98f845e5633d0c0f456e803256a763f15cf2b9dbba862b5e8c036a073cebd26d3ace287bd37760032985ce89069f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\images\thumbs\is-67C03.tmp

Filesize
6KB

MD5
14efcb232fe86257595d64bc2df6b75d

SHA1
659f8e6be9dfcf41a2f8d634010fc22c69862a4d

SHA256
bbefe78465090c6ec55757d596979e8b59f2cd7417b2f513ca8ab84eb2d45e5c

SHA512
80d411289380a61639757fa88072a563b998775656359c6ccd5195f2deb84c8bd18adf81305dfee586f3aba92aa43333ae99802c807c06c280e31d691b64dac4

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\en_IL\is-0HC87.tmp

Filesize
26B

MD5
c0ab735c82f43e1f4db2bfbff021f15b

SHA1
d8b781f3c63c7fd4745caca90d652c4b630a30b1

SHA256
7af32636e9ecfdf1e3814a6869cc718a42c884e724fb4363f0068752c77530f9

SHA512
3f6c699e6c55b64c4f544fc28d4a6302ffa118a0642bb4c23d7bcf73a6cbb52b4f710adbfd7c865c6c8e2081ca2a219e224765ec4138c2a421b272aaf98a072a

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\en_US\is-84M7C.tmp

Filesize
10KB

MD5
ad3a0179cf63b44cbcda21b81ea01a79

SHA1
1139584a16322da850b338a3fbe7b1f4f4baec18

SHA256
513a2c998c7f08c3dde497f5ef1e453440d31bc47fd3e2bee57eebb2f54b8d83

SHA512
c75548d88e23dafc0f675e14fb3dc9efc5a2b9b190a57b648ed2c8cc48b760da65a43dff4339f6c6e5960a21af3ee5cecea25ec7f528c14329f48645872c4ec2

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\fr_MA\is-724J4.tmp

Filesize
29B

MD5
b36e87c45a0f04e734d5497f3e4f5d7c

SHA1
3b56b1411801365379ec2c6a0800e50dd543fb93

SHA256
c42d0117a10d85e1abbc3cc56203a5d80e2c21a1e3d1da4c260c6e3fb4eceab5

SHA512
3a42ce831fd3a5f7bb636fe069361996c6ac9becbc3bf7b19684ba613decfbf8d0dc777dbef639b486e3e6a70a24c484aa55fe20d7c1485303fc8a31553464ff

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\fr_MA\is-CGPVG.tmp

Filesize
12KB

MD5
9387d0ed2744788b96a5943834045261

SHA1
5495984a89de521c88bde2e723e46fec02a545bc

SHA256
d764a166183c94b88795c4f40c143ce9f4be04d8237cc6f40ce1d10c98577477

SHA512
a4753a51f73ae1e9da391c7a2ee86ec32069fc4d0d315f4c9787ffd8ae93e6a9ec26df4440c3b3f1c1f911fe80e88e8eb645cbec2424ccbc0df04fe5c07cdaf7

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.susi-dva.extension\is-BN1L4.tmp

Filesize
41B

MD5
c08502997fc819570b793f6e81ce0495

SHA1
20f805f7c716f09950bbc2f7a9c803e3f1cf57b4

SHA256
6f4ece9eef5c4e518ad56a6f82d14e95f93e4e5d07b1cb8d22de8666d7ac3d7f

SHA512
abed6ed6e8fa6716921ac31213540fbf8caabcc7bf58ef8002c0ed2d63f51d79aa4f15007a8d9c7013bcc6f6e6bc4b87f9b7d717cce583e5873ab7107e37eb1e

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvanet.dll

Filesize
985KB

MD5
b31b8b0cd75e8fa3675f276a09928b7e

SHA1
baf3aca89b20319fbbc278a7e212c5706b925d2f

SHA256
44a8521c1a166a2c21e4895b859081b1afe1b100e9962cdef2f40bc19479351e

SHA512
9fa466fa3fe8c819fdb477d7fd7faab33d44a0bf8503d77cd348a8fef63b7795b5e2d7e7da84d9e6401c860b468ff0a3aa893bd3424270c12d8117bbe695ee8b

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\msvcp140.dll

Filesize
609KB

MD5
3aece536e1e7957a3b1150c3a45b8d26

SHA1
714a130c6d3de4356a782f6d469430669030405c

SHA256
beee6ddee281c1884b9dbfa66be05380ca12858e91211bf182c4af0d734e3f44

SHA512
2ea958a4c8e7ad1f9ab61e5141194deab18f2c6972a8c39986a815b1ccb1b158028a61a81c4002f48bf52564a9bf8d8d4156417807838d8cd4c62af0ceb1fdd3

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\en_IL\is-GBBNO.tmp

Filesize
11KB

MD5
e9031e4ce52193bec6931c23f65fee11

SHA1
f712cd9b86cda8eb79a1ef0806501dde2d68c376

SHA256
ca30d8c103cb7ac0584b2249291396e4c5487c8aa6efeafbb133a65cd48f8851

SHA512
7b221cefacf3e1929f85edfea649edc1c219d3868ef5a36977a635726ff061364069e666b71d98fe41be4aa1605eb7e5317cd1987a976249bedeb7a7140ff11e

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\es_MX\is-PE5B7.tmp

Filesize
11KB

MD5
4d50ae44fa238ea4aabe5d1f8f36fccf

SHA1
2af1026cf84382db7ac72d68683d21dfa0b5703c

SHA256
af0beb0b93b7509b41b34fe0a20e51ea626b7e3365b4668d1008cc80c9a2247e

SHA512
e339f7860a92f69da25a7d88e3dbc4e5d8191f68d281f07e03ae1ea97d95c2cd3a030acf6f1cf56e7fe4a3c5073087fc54498e8803ccd19870053df1c029064d

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\fr_MA\is-LFT81.tmp

Filesize
12KB

MD5
0563790f85f836158734dc3d770f1b57

SHA1
477a32071883e563e897b109a13038d687f5633d

SHA256
72823c1df23d465aed6d43f034b6d2048b9b20c6a565ad890e35c9a16981ff01

SHA512
714795d5105ed6b990f3277661769589ddc92a04e5eaa8991a8f9da2d553d5e8a9bccde7b601d5b101a0a4a908510a7bcde033afb76e7c8967c117417f43836d

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\ui\authdialog\mac\is-39QN8.tmp

Filesize
461B

MD5
3cf3f3fb1be27155d466b8456a1d5c0c

SHA1
18480fa646a673148d634488ed9b193b95a3c0a4

SHA256
fc525d5a585f7fa66de0bce0d368ea0907d0b60caf06a6dbb0e15e3b75e3b092

SHA512
ed6baa106696c95aa7b74a8d48edbed2d8acf3e3abc401cd01af48b88a2c63b9bba7f39d473126c9a9e8e1ae783aa07f93f595fbc76f755b665f6effc6182c51

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\ui\authdialog\mac\is-RHDAC.tmp

Filesize
497B

MD5
9ff1bade0d4b2445db4638cf7a9b8790

SHA1
e5ce76bc8ebed90dcff4aa5047717ed0c67e24b8

SHA256
268c3d515af1d44766d8a5059391f34ec7e1cba36ef184a91112b4b016056435

SHA512
22d558bbfb662a7a578fd5ad6e949941cd81b762618b87ef7e68fe2dc4212f627a2a82037a93da79fcb048c5c087ad11dd84a97d9bd265454d1b5fb7efeabbca

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\ui\authdialog\mac\is-T5HLQ.tmp

Filesize
425B

MD5
51a63d748b4f19a75c45ac6ef3595246

SHA1
453776f6de11b18314314d884efadf90f2e549cb

SHA256
e70e39e1fca76069432faacc9e6c654e91a39d9286f0406b13fab33d42f1a7dc

SHA512
87b43d7accd25240869a28cd9a611f1e67bccd4f112cbff5efd2daa3d7440232fd7d9f1bf28c06bfe4f91b60597e15de222a063277322e141c986d8ac00fda28

Download Submit
C:\Users\Admin\AppData\Local\Adobe\OOBE\temp_ins_lbs_wid

Filesize
38B

MD5
ef23f39a614ad410c1066d9fa7e1198a

SHA1
e1acda0c03f646228a430466018ddcdd70868605

SHA256
e7275ae942f42aa7965c670c4fdbd6baf057529f65e52b60d4e18a240bcc2505

SHA512
faa9669a9aa807d68d62646e388d8edcb60b22f78955b3a129ca86120a6d5141464b9d4cc9c0499fc45e8eb3f7a65e5d3fcec63f8755c59ee7931f8d384318f2

Download Submit
C:\Users\Admin\AppData\Local\Adobe\OOBE\temp_lbs_wid

Filesize
38B

MD5
2cb634b77460e3d5517a611cf01a113a

SHA1
a74a3420f84a6da7335959ecab8f875ebef1c029

SHA256
4a541710325790d11b619da71b902ede88e8ed4d9dc22031aed4c330287e6cf8

SHA512
d4c1da8a61637fdf00d5135553025c4bdb55d1728f563bc03f490003f0b65ec7850f454c49c2e92acb0513a4d8cb2e340393029dd857a5f33184249e8097f036

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c719b8a64128062e1892775ddef7a358

SHA1
b1be58649cbda2f78adf9a392facf297a2106413

SHA256
ed33073ec2fd7b51a5d2025d918c2898f6df1e3cf84e69170eb3e630e1ef906d

SHA512
13575f8464e21e47b268fe4c6023d820720d8403a8625deb36e8d8c601b632105245923a2bcab37091d5d0a0a1050af92b07c7c164210ecfb9b5b78b48cebe0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
03e49b0dd52c3045dad2595294b71e90

SHA1
b02a803f247c4956d3ad98f6bab57eb23720ac1f

SHA256
2f76ef38334267e3458cf78b493d91d4ec393bbde95f677c696dce0a1e388e18

SHA512
459dbb3f17486d241470522dbea3eaf26acee81a93d66044edceddcf33bfb97a8c4d3c8de6a278e7cb0703d0063ecb9d0bc74ffa4549adc1a1ced27974acffaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
7222ae775176ca30e17cb1619c673703

SHA1
4bb20a118726dad0714e26e86b6bbaf0f5b30709

SHA256
5db2d1d3b211a9864a38486ba5fa1c3663ea6f7ce71ebbdd568595f83ac304a9

SHA512
c852c2798ece4df8371af189a7787ea6757d2d84313248aeb4cd526b8d97ad0efcb2c463b6dfa445c3ad9f654531858c304cedaf208dcd10304ac78452acce70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f001f18c4c4918fc2349dcb510547da0

SHA1
de9e1ca6ddc195e0b23d5e7765ad4a539f1c0315

SHA256
8b772d8a1b65a6a71c669c7666344e2e9e393c83d27c5393f784d6936525566e

SHA512
76b723e91264f93b72e79ba9e658ab5d01825fb78cf49002debf35ba25d8fcba7252de50fcbfdfef185487d77675796e0750b03109d84f619f744f883f6678dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
225583a88a83251631959caaa432297d

SHA1
ad11d2755ff80cf0d25b56370a533e6b6c144d9d

SHA256
0f93e4bb4ea8dcd64d958afae05307ddb79febd909838a9728b6e3bbb035d979

SHA512
5d8e7529511e52d87596716fb0aa1e3c29a1fa7ac01cd082639a4ad0d0ff1dbb69f997ad7990c7d46f77cb9e058dc59a7f977f66b71ef1358320816cab3d0d4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e36b6c493b215ffccf62d932c9890856

SHA1
cb733cc3b0f03bce5268f89a8b2a6350ccd22acc

SHA256
95e336e5e2e41e93cbf5f8a176654a361c0ebf4bf45477d867a767bb511618f9

SHA512
702ae09efabe74fe26b1352d16e5fdef62e4e7b34428ab7bbb91afcbb456b54df9f2b9f52d8e9436a63adbbb338cce94f0ce540b005d49ec4d9d44f5f584ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
81ecad3f360506e304f21b716b7b12d9

SHA1
4b12764f1d0f7d88b62003616f9c5f0c2b60c296

SHA256
c9ff1a355baefdae19919d8c9f88d35f2a8a24f5f880bbe497d0980280b1a4e9

SHA512
c63a9435569fcf1214253ead0478ad61326ee30040ac5819e185afc5a7559d5951ac4182ccad21bdf7e34a75bcc1bccff804315c836f44b1bfeab2e88c59650d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
172d7bead10bd7c6741fe12a0f9d26f7

SHA1
031b424a5f5b7d09742206818faf6c0d77a437be

SHA256
b0a2f9a7c06ec19b6264fcc75739f8cdaa2982eae2faa691277edf249cc4c639

SHA512
c1398159dd153b20409adb68a4eaf6822d9788a1e6faf9671dc9021d6e718ded505e5f56d63280b694f17d8f16b1b43c3dd5e79ff1fa18ea0bc47764f399c9b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b424363756728509fba02e1fbb83ce15

SHA1
cc4f025644a00cacf8cf7177887cc2891c3d4c8f

SHA256
55bc797f2deb375261d82a0cab94f36cc4c329eae48204f7f4d96f34945bb48e

SHA512
47de0814fe871d1e23fb45cc8cfb649b1d9af4a53e8ceda16f9690a5ae067f800b162508cd93b939c0fb8d52a8f24ca21471df265d8db489d634503d4b3078c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1b3914a47251155a51eacf816c21db74

SHA1
86be764b6d9fe3600321aaa55810b1d1dc9a3589

SHA256
4ca2bc672b554b08e369133c56e55eafd47afb87a00db35f33ace252c5a537d5

SHA512
963f6f4abad29aeb9c77d94ba8bb06ad5f4345b6f2a67f9e81be8283535b0d31e138a9c5f6cd514ba27f5cb38b366e156f7d02a5a499e9466b263c9d06f4a28a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fc50fbbb1b7d4b41f3572ed7e16184fa

SHA1
827d1cd6d8903324ba6043f5ad19e165a5cf22be

SHA256
f802664e571b45ae3f4ca949fa3e9a8228e406cbd37fb72c76683e8bacc84b25

SHA512
abf2708569d47a9ccf603ce283d2fa368e549a0a771a5c72d79a8b2b3f1c6dff17b93808dde63aaea7d96f1ae42945f69bc6fa5f86ca7112ad0b96dabb6fa241

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c0c3ceb4968f356e7415eb0c4c8fde39

SHA1
9e5f4be09fb08eec84b622ea78b2d555f85957fa

SHA256
27a9bc03762708c7e743a7d5e1c7eb13eeb08fde38d1fabda9c0a9492a083860

SHA512
10f8cdbf1427516579ea0f2bcab61ce380f07cb7e5bde2fe7389212f895571b0942d215168731492f16797b93872462d60438744ed5cd4c2ee55a1644bbff6a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86efac6a71c4479f7cc8debd191d30fb

SHA1
df91d74e72f284652e109baa0fbb397f2f387e20

SHA256
0e761af4932caf31ab16238f3c6e82be5ca9e881c04db77f0fa142adabb94de6

SHA512
0cb17728931ea3bc2aec7d71ba79934eb476f463db6d1c1d585b0053b659a9557851083f39aa926a9862ff7d39b81e02fb9dfad7140e0461ad63a6b02d64ad4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
44776d6d89068f6688c499a94b592ae1

SHA1
241ac3f8fd894d3f9bac090b7427fe48e53a6513

SHA256
0dead2c4a5c345a66ca303ca9954d29bd87061f2a19bd4027274b2c1aa271815

SHA512
c5923803bcc8638810de401b1d24f80aa75a973a888531a9e27ecd2552a9cb2d210025e4337942459ad97fe342d98a218ca5bda843c84e1f674f044916198475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0d8ec54f390cf2e46a11638861547079

SHA1
ece6de11dfb2e7a4bfcec68a1b12be9e957c06ce

SHA256
a648fa1c416bcd5cf1a2badb01f94b95208cbf7e954ad826ea8bb52de840e481

SHA512
6beaedb71eedd72951f4658e78ed17004d4e280031e3b4e5af183742bfdefa1d1593d4bda04faba9f54e231cc506fd9323d6deccca7ac0e6ef376f0ee5e28c12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d953d5fc3eeb54cf8a2a17ecce40e7cc

SHA1
1f993defb8b76a5800d0a1bb6e3e3da4a984a3c6

SHA256
750a3a145fa82c604c14657dfc6501c2dadd9642aa4e3d46dae9c62c0d3b68ab

SHA512
a2a03f07ff78da1db47c50222fcef56f78e0988a4bbcd81aafc01916cadcf4f7419b7ee721ed1fd8f23f751792a40404da49c24cd25c0e239c729a10bdb6bd9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8ac9321eca62f12d1ae5f924f988dff5

SHA1
1adc3d0221755e348670adedd3d3c3eb506fb6c9

SHA256
f2e869c0357b2eaf8bf03f742e3e5274b714e34d5efda70192cec1fdf54c83ee

SHA512
14460f558f0074d466916b20abcab1475e20519734a94f24982045f0d9cccb7536b54e8eed29e0c6eaac3bf131ea273963ed97f53f68223c7b4ca2ed883841af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f729516f555b46233191ced33e8b9996

SHA1
6998de51c89c05effb8de4c2f6f408fbf2c663b9

SHA256
f67aa04226841ae548e1e04566803439fed480dc9f55641e679980ebcf6d80ae

SHA512
d0d86c85127c50c5442002f05c6ea3e0761b0fbb68f0d66ff080b4ba567b5d2971c6ea40ad77905501b184b2a9f614b1ee2c9fb47c32545f6234c7f647b9b81f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5e4c42471e282893bb0dc33c8515874c

SHA1
d6ac7de70c4406c2e1e7c829b74bfe30e2390d9b

SHA256
f796474f2c22e6bd48bc708b859630b381901d0ea8c39f3c9fa43a9c709de602

SHA512
b9315df2303987df1378a4da5249f769fcf97aab180cca75a561a483aefccc29d1e0971ba87967ac8fadfcb391ffc233ee60f2b04a30ec3ca9ccd999ecb136b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f6f26ee21400bc7a411d254ab941dc7

SHA1
a65c4fcdfa460090340ab2d73a7e9f03634b2bc7

SHA256
e5a96e89bc09d26adebcd74d9a0485d5997e239ed365f9811376efb28a77c552

SHA512
61dc16a34ba352c3bb2abb4155dff0e748444ea1054dc4e4a0a4e6e771246c9cf64fc60f234dc2be1177f00bcb4a7944bbaa451ccf72bfcb273dfef1315782d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e71a5ce5f7c7b3c97810f916ffd9c16d

SHA1
08220cc6064714bb565d5937e6119e9ead910c66

SHA256
9cb44526e36b286d6c2b9df84fe18211845f7b43d6f426f6eb90fafe9d87e588

SHA512
65d17cd9874c2d44698d209633411c3179286c58f524ebd4a83c5fed0b07f4598d7b3e4ecad26dc53a7760ed1b62b250e3fce9481b0e0fedb18a68b43d00b501

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bbd86e76a98666a14036807408763c01

SHA1
9f2403702dbb18c673189b93efae3051f6ceee2d

SHA256
8a43b3af13e6fdb3b12907070c0fbf222a121022fdee71cf03b462de62ad6df2

SHA512
e32ccc9e8c7e861e737397f2d44cdbd0be03021e63dc52362fc3daa84c0a5ad66ba32e6274f7340ceec1975a7a6687286310d3d64b3ed9809504fb580aae2a68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
79e2e8d5ec675e2c367b68e81156c592

SHA1
f714275645d882548b16b0b4003ec713c1782b43

SHA256
1833ea1fe709752143a7af823a857f9919098fa61e2b41c0b4fd0a3cf1ee0799

SHA512
994083864b483e6bcfc0aed10e0b6aa1d739e8fc69341c7467dd3c4553ce9225041e5ce32ad824950e1ed65b391db8adef47fa2be2ce4e9d213d44146090d106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0df8130eec71543a17dd0e8b03e76ae5

SHA1
d7d8971ed0280b893f85c508c3638ccf81b5861a

SHA256
af9801356ba54feb9ea723338ed467996797cf806f39490fdaa91d5a611f7b45

SHA512
a1bc63332f430b80350968f6ceecb12990de08816cc63fde1446487cdcf8000bbd835610cfde2b49fce0c4b538e267eb78e8524bb5ec733c5c55d4e4edb0355e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e12ee6997f806298d552dffde4010b62

SHA1
cedb076e4668121734a60669c53ccd5cd40b4268

SHA256
4797e4714588bc1902b81942b89405f5c5572b66cc9574eca8533ffd11fbf1a1

SHA512
73271edda2a67f8d21e69416850f69832a54ef51565dbc695e9b10bc3945a2c1e549ccee80b1c96233ee9cff58f81acac89c62f9cd2aeaf1d7caf96807750f8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
29e9091df24af081602848bb436c9ffe

SHA1
c974b007a3596c968df5ae4f9ed69f52b9dcbc46

SHA256
314a5c9f394dce01d7cff850bccadffb53793033b0ac491b31448d035088abac

SHA512
9d251a8518a3b2df7e6bac867f495af7083199664ddae40247f1c2c0cc7b2adeefbce11e893501e8f3adef9ac12fcf9715d3778f44322b47c2943ab278297d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
04dd300f8d9d6744f9ea18c59dd37ff9

SHA1
bf7c3121c58197f2af7fa3ecccc92dffa52245f7

SHA256
e503df0969fe0bd2920efa7a4f21258f71ab7f23acf4abe4d5ec24516f16ba75

SHA512
d286d2af41f62838571e08eddfcddf549ce4da049c5de85417abb71063cb3af2620816e9cedaf04d82512b64e8c110a9e33091ae50e9eb7aafd54fe66c4a4901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
92a1fcadda9abf8611a238029130b4e2

SHA1
b9c023e707e9a5ec7ca9f6d86460fea0ce0a0dfe

SHA256
4a16166b91ffa3e289f7f63197d794e2b90d6f9804da90e8d9e56d7ac315c9f3

SHA512
a2e81f832cfaa9244c7f3b8c271340e6ec0715ca904aa64d4c24f810092c3cb2f60c91fd21ed36c22c52f6efd667e4a0482892619c4f6d33e6537ab686b5c7bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f9e33dceca09dbaf8d312f1e432e720

SHA1
7839701d8b9cc0863a18e1273c3544a1fa1963a3

SHA256
ca5140fcc67b81ce899ee9a37d5367590375ed9c4417d467a32dc513cac69a8b

SHA512
cd926e052e76ff073b6790848e750fbcfdb29f110c22833f1aee9f909be6f66774aaa4c9123a9d5c9a973d647b66dbaf1a62c0cf83f4fdd35ac162eb595ce757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1502e41209b92bc2d99a944203877b6c

SHA1
71c2d059af09af143525116740750b058495893c

SHA256
3e784724ff48ffd70336eed79dde321d590758544e1eab0155ef8aabff3e0ba0

SHA512
d24366401e2b40235c3847e88980370c9f6dbfe56934fa679cb08c10bd22c61da82a98b9c2ae013a5839009ab03252b1482248d1c3e886a0bf3c1f4950f876e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f2548fa85c2bd1d9ac54eddf08ea4201

SHA1
9fcb3d197ed470a92c77799c42c6a5ad722a95e2

SHA256
aee4b838c2e1997d4a79af1d36267081a9a36d5207a6e8076d48b8e30eb8adca

SHA512
1f4330bb8660bbb56b603b11c6ad1afee72b04b3b5510de5a4c26a49f07b11bee910a6e8f9630b347ff857b71a2e96c4dd8361734ae11ef31a12cba0b8ef1682

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b2d8857038c80a243238ecc2adaee82

SHA1
5a89f356433a52c7bbb03566f1258c9d001b2ff3

SHA256
bfc2f096dfc71f8ffffe3b04223fdea4986e6392225c1042d6e7d2cd19a9591c

SHA512
5edc25f30c58146103aa32051380706133ddcdec5112f6931d8bab9ce60872c6618317f6a0a591c321bc52e6c891825aec46149c627134d979043047e3fa7a21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b8c80092a66f7f7577ce55ded5f62a67

SHA1
d89b0355f2c574d2afc45d220d9f383329b9ef7f

SHA256
d5deb663257242e80ffac0d0bfcaa938069f7500d21f9bc1e94b985cd3386b7f

SHA512
433cd29246d70a19329adb6184a28871b70ea8a1f3a655307661e595bfdcd4d6cefc2528aca73ab74f92d996b632fe5314576ac6b34626da83d333264014f86b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c089b69ab708976c781adc6576eef9b4

SHA1
9487bbcb371086ef26b26f011b1a9279936902e4

SHA256
76c01cdeebc76ae4a8b40a2d27c4cb933b5aded717e5b9c378b7569216960fd7

SHA512
d8ba27fc7021e86bee02f0336dceecc3e0e5adffb775ce3251031e0b783fcaae9fe1d81868f7b50ed3cc68b6917ec057b12f245181d45bdbf61e36a5f7cd4a38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d4571df800f464d33812f114200eb916

SHA1
114a464a46f5960911434a7fc8965d3548f56148

SHA256
dab089984a5cc0d1ebf19dbc86e59a72924486f98c0d195e3a5d52c11d7b5503

SHA512
13388a502e347ce994c4d1b1d000d556dfd4f6974194a453ece5ae1f369c77aea992e971e337d5b83eec485a2c36f3299702e7186e4e37dbbb9ff1307af0b216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5f3f66b6e1cfd6c4a8dc41c2cfe834dd

SHA1
2539dcdc08f9559f140862b3f005f10562e96680

SHA256
8cc18100d1f0810b644b254eabb1fcc54dbdc0b2fd51400bef88f50e7c7972ba

SHA512
ed853aab5ddcc7fcc8462a4194f076a736849cf25d58aa4afb0c9bac62ff49fb400a4ad15337cafd13592bbd7da7066bca8f1a5d671d8870241bb8793e965fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
71cfaeae1a7bed65ff14c04fd5911e51

SHA1
a7fb27df05af2c404eacd2b55484092d7895ed3f

SHA256
e0a6e7989fc99a5a15ef8fc6fe0a4b32fbeaf6153c602da7d1ca912cf0586301

SHA512
7923237e952f090c398fe2fdd33dfbb63192c7878e013391feb284efb240be59276d8e8a7cf7b354cd933c1a9c0612323d190f7221c0ec0ad9d1761df2c5bc70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d57891593bd3fd3dc07c2c0db40dd7ec

SHA1
84a7debfa6f77161adcc135c6caced57ee7794f6

SHA256
207ef71cdbe875746bd1788493ffc4c81118cac75a4783744399aed5e848a54d

SHA512
ea2444ca8c5f8af8e7eaa215aa69f5cda36cdb9757bc649bef1961a1ded6bf9f0ebf0343934eef416951e4fb921d61d95ff07e420df8b4b7fbb88497a5acd942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
72db33ed568921acc92a1138c5a96ee1

SHA1
9b17919667fc4c1585db2767fcab671d1791e65b

SHA256
20c148071d29366d6f42af66ef56b76172d63e92a43682aa3dbe08f7ad65f7be

SHA512
4eb3ba051bfcadeef4c4292b685c10f143cd35f228ff3dd8e1c654d9abe0ccb48755aa3b5ade6315264a248d30f0a25a9002255f7a1dfa7a8e393e1fbd23566e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e202ed4e5252d83f4f4ccc881c19fad9

SHA1
226d3feb1011edef1549c1209ce3355f14aadb90

SHA256
2db5355e1db2f17b091e5d16fc50ec15397d0945542c88c56f286be1b1ac9a6c

SHA512
46a0ed82ad5b457e6467829a281f9fa2277ce4a20b2a6f9bd11ac110db36a17a4b56fb4414d3e421a671a120170221373f3e6869edf4856b39d56d8df52500e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9b6035e9f4ef3fa6b2cd869c5ba3d069

SHA1
72300c7380661363051596766633c0e4d3e46e2a

SHA256
2967cb82b1a3d9f5b511fec3e81e6825cfbcb355dbe806b4a08eadc03ebe593a

SHA512
f984520b5e4096fd7aac4c77dbca07ca01f9b5fddf603eab584ff7a5d5f8d6e06182f90b57258c760c3ca7589cfad23cdb276ee48d9322bb5f99c923ffd627ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
841e85d05dc239566a89cf968bb56324

SHA1
a5aff81729a6d3021934886ba15d77d2f4146be7

SHA256
88aa33580fa75c8581ef0644438da63469015cf64dc39c374017ecd862dc1c03

SHA512
fb3f38c312ecb23f5c90390b49af99492c939d7d84763d65e53e661d1e7a1366eede67cf06f43cd5de484ef328c3aaae762712bc37b07cbe2cd454378dc75a2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d0b313bd668ba27aa9589591130d9216

SHA1
dec4c615713407f88a5e0ee7922d7e662e4fd319

SHA256
0c8f3b06b46dee2f918132196ccafa4ef4271be75555b51dfaccf388ab4c53f0

SHA512
a87382c173fe62e6f3fc6e041cfbc9468a286a29b63c14319cc9e91eaf32c0e3cd9b52bf604243ea1afb2452c24b97512a196c335d74d6548241cb2ef79568cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8bf2bb73e2014e6813d980ea95c4ef6e

SHA1
0585717edf5287670e06b0f6454093a97465a327

SHA256
9aa8cbc7bb75b8210caef3eb27ed5ea748ed58dfce937e20e3bb9e8fa4d8e8cb

SHA512
14217baaae5e27df9acb0d000cada07d1866f64f1f4f5ec5b1d17b3594b5546b86c1be480e3c76ed61cf936d55e20314fe68390721bb2426f066edf5cfe20fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b341ea1302798b4390d10f788f6e3e5

SHA1
b33afb4ff42695c4d58e37f1674e643a47757bd2

SHA256
7ba34febd5870b2f14eb5cb1613efdd59d131a8baef85bcf6aa88890b9aed507

SHA512
eea1e679d03e1967cc1258d012d3d10324488cb46e80d0ad2654011280e27a19f51365f12a3bfacb7b72c6e2f374c71b4849e7228f5ec191ae8031d029ee4c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8323f666475989449c90897b9fca3f9f

SHA1
a06b747252a3e5dba4bb2057e60a69dd344c9af7

SHA256
3d063a903cdb2e81a7c81f5b4d8dfd18619c77c3bc58b8c928656ad7f60f569f

SHA512
b9b3f5946b850beb4682522617f184ecd2377d15fb2ac2e229a44c8041724fca685606f39723852013ef10206d4812b209ee4276c509e8faa647184e8dbedba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7bf54fa7e8936378b6d9c35a28a5e56b

SHA1
ff79f7e28ec0314904a80b6e4a7c3f554e3abbe9

SHA256
77f3de1caf119ebc7a370fb1b6b3ce78bbf337f864d828bc3bde6948e0ce34b8

SHA512
0ff386583b975a521a7470b6abee6660db3304eb54fb86aaffa9247114b1eb67e438219e8f5675bedc656f3c8fd56727aedf04a482a68dcb6df026c1d3786188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
468033de34262939f07a79f01f9fa013

SHA1
cf9b3d61db52b4325a0449a9d676c1213666def5

SHA256
2681729142ad08266dc092d47594ddb40408ca633266abf1eac52617e09f6eee

SHA512
f5aae99607f0333675e1ba9fd5d770cc149c81266d5d585762c53d568b92dd17782e3842b0c6c3d2e8c6f119c5bee478d417b1d8f6d7ec8806caa57053d6524d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1139717e137778650cb4e900d82e30b6

SHA1
446b07fb1ee53e136d5c960e1f3c6322b225b66b

SHA256
8dd541321abdc074a51300a81e5e1e06980e38dcea353fe093f4157ecd790f50

SHA512
71db260d90c04fd0041517572e9774f33425bc877ca5889c9793b042c64ab329ee90a78805e3b75a37c915bdc46d8f84cef9c467d3083fe13e804ca5e2480bd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
773c649b51645a67a18b682cf7fcb588

SHA1
c49ddf920342b6833efd3a866202708ad622e31a

SHA256
808d78745e5f34b98c11ae2c5d16ab94eccc391c2980b8d3be4643796a4e2e86

SHA512
d9c3a4e603853fe23571e27c84cdff0cda4153897110c3370e9ea2aa8744126286b9721e6e8a1aaf62d41fb2beefd401a7bc9b6386f0147a3d9ecce5d9736f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1fe1d1e64af2274bfac4f034bcb6d564

SHA1
5a6dff29cb8ebad81343d1f5836f6c227917d5a4

SHA256
3688167b374140762b265f27fe457144b548d2e89a78369510ec5cbb2d7c78da

SHA512
564ad8672252232507d8c56b3050cf95eab76a6bee466d94e3e061dff453db3b59799310baca39d7bf0d4689b9d6c75bf5ef5f07756f344634768eb4b1cc21ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
27899945144904eb466933fe0a77d868

SHA1
53338360bbff799a3e8fee6113246442dd99f663

SHA256
9ed9883afef0c857819d0f0e64976be0bd2aba1548fa9db01689fd8db5e11b13

SHA512
66f44e23ca7e87c1a0157413f2c7d1e7e67a7ed5f7dd666c5e4c757b06b49218f819e798ed9611992e8ea4c5a8cbd682ab058e8bc458130ef30c14c5a4517626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4de16fe42c25daad60ad661479d959dc

SHA1
820ee169ba85e972761f807d50048e33963b72d4

SHA256
0fa9565f62992516fc72922662d4c50cd17eaa87fae6c1670c53a6d4ff813c35

SHA512
1cb9a2484156299e798038cbfa8af0239be0a402a33d2ebd9d806417e34f25178501a8a5bb7ff2b07da7c55b1465f0b8f18e891bfd8ff212a022a526c8d5aff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
abb291007da34b8f50692f94a7376cfc

SHA1
1ae514682453d62f4bbdb8458d7b0be9584f0ee0

SHA256
17457478f2a3932b036519c4c90b61a7271e04b76cca5b03289f593dddf99555

SHA512
35b28f5bcfd914a5cc67651b4898756f28bfeb90e8cdb2cdd9fb51bb1a2b4718b773970c0841835d7dc6fd9a1385a2e9462bd920ff4778faa879a4924b96db1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fbd98cdf02deaae20d5f0ba390f027d0

SHA1
518b278be78ca824653fa23a845010b62f8e0ab5

SHA256
308889c3e43f349a6850cd19da7c60808b95c436b7aa970705de49cf1734c069

SHA512
8700a35d36ca5ce3dc2152cb8d03e841cc6a222583a85d62fe10ca603a111d8ae99184177cc1c9850f0e4df387c3fc33607ff8d10dfe1ea835c7b93a21dd70e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ce85afc492b1887b91ea3b34f53763f0

SHA1
c8ee2dc3279366dd86592611db85172072bda698

SHA256
e08b8d255b992dae122c06eac5e4462f5ac78d2f13a0535f17c7308e91c29e72

SHA512
6c33eacb1b130d1010014ab9bf0c187d68b4c7254a571c8edf94152bd38b25e50eacf36a27cdc6f86ae04fa86fe61b9f1b1826d68f81e6b9b7593eddbc539623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
282a03dda99dc29d682dc69720ece6eb

SHA1
d6efa0804215eae887ef3d3a1c1ed46884c45426

SHA256
50d44d48cd774e6d9bcf92e55b6995f0ff0b771786fbd002f0f051dcb35b6238

SHA512
825b1a6cb85d72d6384d095daf6b18178ec9017db49bdfdafa05e7ad6260202c46e43fafd506f72a5be2af52fd34baa7387b291a6485aeb30392360de301788c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9e76dd95d9dba6d98507ac3443779ae6

SHA1
4023cab6f87adeb73b3cd7440079dbe844f44c54

SHA256
22c7de92dec4c2b4a51f0d83e556a7c7ed05fea6fbbed23edbf690590c3fd069

SHA512
eed7aa1533eb9f9fb8501e0ae39d38e2db6dd22cb0cbabe8bd362d8aec20f956bb9cfbd20d73d25f8e8613be2021d6f1d9d0f235b60872cc41083f85fdb50185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
152641e754ffaaf3accab9b7542aaf07

SHA1
d1fd96f669f9766dc322eb5ba7ec5d936f08fdfb

SHA256
eb733f407a6f0e64446895c9d87d3ca0cc7f85f9beac91dc0e21c41af1fb7c50

SHA512
31296bcad61f53806363c890f8d173d9cdfe8e8b138b89a9294fef0cec63ac05ba0f87d8e5d6aef26d3e4860fa9dc3a3f797d4546ba11c74a7286ecadacd925b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
1ab5b7e3fd446fb9eb72ed189c983ddf

SHA1
a29f4277e9f438945e99432e85634728b0a5cb82

SHA256
7ce54c1a2284efca102ab2141baf6e79b1f4723983694fe3f98ce74fb1a1bd08

SHA512
bd94f929da51b13b3ff65234fa6efd79c095096e8e814f4f0d6b1076d120cd9782b560c1e19c2c344dd28d9cabb0c89202028846bcb3c812e2ac178eac5c69c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
e774c577ff23f58231512b660e0f228e

SHA1
af1f8d7650c60eee95e95f43d574ad840d176d1c

SHA256
287c259f14711094fcc445ba03067242b4fa1e51f269bb3cb0b9b4de79534747

SHA512
5b41db83725702fb0fe06007aef5a2b46e839219a49485ab988cbbe2386f8465d6bf7520836297f74e34e11a008d20376db544162ed4757b126a6044746a2825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
384fd5eea7b0eb3892e6649d6d16446f

SHA1
c5d1dc7f15a18784d0d671906f9745b18911e852

SHA256
30610f2785eeff0aaa4eb3daf173324ae18e75da3d7fa18a4b9c706df0b48049

SHA512
ec6f330ab43b8fe2d3820c3370b4c9cd6799fa9e04a7e254d4bb4c490c539525a3fe59975175e6ff9aed81f0f7f6b65120aca630ba8ac0fa6ac5f76e8249511b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6136c8743c26c0539e20768df4ba4753

SHA1
7d887143c1f1790da7e07ec5abbcf357697bda1f

SHA256
a0ee2a65bf7a72918af2954cd72f034d2933403337d460646967f648fcb0b026

SHA512
fdfcf7fca06541c2d26e438321aba800c5afd4897dcafa4bb6d83cb52fa3b000969db547580492f4bb89d1f848ae8c5b32cd9b88de32e408c4001255f9454137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8bb40073-cc89-4caa-8710-445fcfff1dca.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5dc0f97bdbe2fdeec7cb0a81e1490743

SHA1
a274e5a5eae6f330230c61e41fdacd1253634985

SHA256
ae36c08a07c700391f2bfca6e9d0a2d5818f44e645ebf9fd8999fa200e95446f

SHA512
b859e7034390db4661df8e6701ccf41c4d16be9181264f143529f3d63dfa71b30d689cbd48d9063cea2906ac93a0fd3174d7c621d82202c62a995603bad7aef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
331B

MD5
aa89c4a3c317873d402cd275452f0f51

SHA1
0ce698f07b8edeec4becb82385b744588f345196

SHA256
c2e7554b4a63fe368f106ff40ae318cfb8906ecf2f94a324c739af9b19dc9860

SHA512
20eddb0543e409d6f3edf3945eb7de1337fe332f1449b48e0bc853de5e3af34273e16486fa293447fae568e0fdacdcc578fc371e9e7fd0ede7b9392e22363ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
331B

MD5
c59e30666881ec7e937e8c87088189ce

SHA1
28d8c9e4a8cc5a65b9ada2c7bb23b5056307f51b

SHA256
09abf48b7d705824cd5d9a2d65006fbfa502fb818e71891d82a5f799a64a0bd0

SHA512
a858f0b43c32da975880ac21ecbb37c71be08b4e16fae4c651025208fd96b6817de4237d259b57c50012a2db600c4645860ab1e24ef095ad854a1e41170ab85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
80054921dc9ca13aa6f9c18c789c683b

SHA1
7705fdd49d4596b3688f21f5920b6f2a14f00232

SHA256
ce3986e3887f6a97b7b097e310555bb9afa0cfde3b7519b5a4f04088ed2c294c

SHA512
3a3c9f76159c208c36649d1e5e3105468ccf0c51df40ca072b2824bdefa9b7306040aba009798e882e940ee8da25850341110429a635dad3dfd88eee653e88a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d641bf4061d3844cbd07ae58ff48326e

SHA1
7c8d516388bd45e0d24e655df2d7c410f2de8481

SHA256
e0243bb38d65407c425ea5831c065db0e9bf94942794b95288bdd280e1e6f43f

SHA512
9b8bfeefc50f4dc2f95d90cd90f909df0f1af4af1568a9f72681b9eacc2c761bfbf0312ddd5a4ced982215b43403e2a26988db6c2a7629d2be31a379e9659ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c6ca42b1d7dde6122b10cc27d8bfde8

SHA1
73adc33420cb7a82b6fedad7fd99f5ca3be901da

SHA256
c6b6f4696f3b02c1ddf2c5627aad5726f73f0bbe4c732f18f4e066748bf08a5c

SHA512
6aaf89f84f4c702150fc2f53287b7f67f6af6bab2ca57b684df9218f878e2b9963910a6ca626d68f2be13c4e0d0c2ca44fab4437bc8f981f2eb2c40079a4fb4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e191673a7a5065310696c587b4ed7811

SHA1
a84c48f84535a7e369dc44e538059f052cb2e77f

SHA256
26c409e9eb5e37c3777dfb131f963b5829297cac74c004a9f8193768628a362d

SHA512
cf0c6e2fa0460313855f00285f54aa430a6ec17d327d5036b9fd6e5c90685a71125995df962c020e9eed69b6729f21f6fee7299b2a01e715cfbf787daeca04dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7a6c9f9fa06e0d11031e39b01a62861d

SHA1
f89671379991687ae5b041b512e1f6e68bfe9d8b

SHA256
26d2c76dc2095f002c924b99b278779274555e9e62f00abe5dd03d72644e5a4a

SHA512
5950015f170a80dbc41201eb6fa9f9730ba95dd46b03ade526af8e07ac6e5572c1ae5cf93d70ee416a77b0d4a10dd683346eff5b67bbbe2c878c28f665a6df0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8e63c52391e071eb5e6b7941a1cdd96

SHA1
6d1911dcc7928d38b382e507310edb28222c42a9

SHA256
b11215608f3c5d06d7e27a2b73faf1ef7db2c1a5389ec4e605bf6da3ff6376b1

SHA512
5244552a29eb07df7feee19725a283807ab9924341cd26cb4ea4cb6fb0b299e703a86f45bdf6c8056f80493b0667f8bf36e5a34545fe857fb438153ee51868bb

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\65dc7442-467a-49c6-829f-4795a3b0ad2e.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
327975ba2c226434c0009085b3702a06

SHA1
b7b8b25656b3caefad9c5a657f101f06e2024bbd

SHA256
6fa9064f304b70d6dcebee643ca017c2417ff325106917058f6e11341678583c

SHA512
150a57c143fc5ff2462f496f5a9451310b8d99e32c4d570641204c8062a78590f14bed438ac981e8b0609a0c87b859a1f8502a78687bc36c3a9529d633a58e51

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.log

Filesize
17KB

MD5
32fcecb2ea7621ade64898eed9de4b21

SHA1
aa826f5bf92899e5c30a3c417d0e6cfb5f2ef97b

SHA256
cf08e8b75647b07208aa5c142f3270c0fb6f418cdb4cc534ed183827cf4575a2

SHA512
58b02ad31b9a7e41d867c50721db7deb901aa76a2f35288c70ff991eb62a7d03ab070a4144a2cbb4f95f4c565161758a2d14934a231e9ab97e79a4cd35c5d8ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.log

Filesize
29KB

MD5
0f3f058e4971c3ef31e2bc065789e36c

SHA1
5e50ee72f8516172c1c9614942ac19a74c988069

SHA256
5459722fa581af749aeb62bededeb4daa10a58042a7d22c3924798ba5bd25c57

SHA512
b2edf58b3ced1134333e33d920f68e812571596ea357e00f3769c98e587c265219c2b81a7b17fd8ed5e64ec38cd88c0bebf74baca0ba72a051207c969337cd6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.log

Filesize
40KB

MD5
0e99f893ba6799c1a4b6b6e52cbed7a4

SHA1
b10e751fa9103d0f4f7a1bfd46af6e3fef3e7e10

SHA256
5f4516dbbd19ac3031851e962e8f01669545db9d0a60a4934880ecead1e719bd

SHA512
98faea09ac5d711951f06f175f5110ea366774236452c1ae5b178d360a87af2ca99f29c6677606edbf9dbba2e334b7d83b5ee19268096e6f1b61c8a9a3d7161e

Download Submit
C:\Users\Admin\AppData\Local\Temp\NGL\NGLClient_CreativeCloudInstaller12.1.log

Filesize
6KB

MD5
c6f02ea496ac0296f1e7bf7c08dde8aa

SHA1
1d11312682dc7cb95e937b91a4e766e425f3ff83

SHA256
62c1a28be38915e03f3c14a83e431caceb925b111c2f25d1a92a516ceeaf305c

SHA512
418b3d71f310265af2f51a9421cbc1596ed3f48e3a69aca5b8223feb06abc13ea62ad0a0fb578c53bfa47d46947b08cb454a0985d43d3631618101b95ea1ed39

Download Submit
C:\Users\Admin\AppData\Local\Temp\NGL\NGLClient_CreativeCloudInstaller12.1.log

Filesize
13KB

MD5
0a916043ba8d106d858c31853321755a

SHA1
8cd40f202b1d25a63ecf88ac5fb78e82043e8a6d

SHA256
82d27f76fee3dc1ae80768f9bf5ffbfd513916870535b20f8b9d78fa92027c84

SHA512
f536efc184a413fc6d01023c07a0e2dbe83c52dd6791f18da5b56627d4eb9ba39efb11e0f03ff678b34530b90756bc23398b6551075b99fe7a2842f48d24ad0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\Network Persistent State

Filesize
178B

MD5
703b8384fbc9bbdb23ba7f712f8c7913

SHA1
277bbeddc9e20c10b003b5e71b23a30815fd82f6

SHA256
ced33a2fe945253495fe2e0c333c99e2053946ebc66a604bafe4946feaa9a9b2

SHA512
542630952a3be6f6b80ae7a6aed06120952eccaefc1f40397ec8c6bd4188a29365e1d3ff972c5a4555645eb7876d31ea21b2419272807deaef92361b3e283f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\TransportSecurity

Filesize
203B

MD5
fc4b3957fdce9d55c95f86a54a8762cb

SHA1
fcc3cebfbf21062b01d7eb1d38bf491374665d28

SHA256
867e84df151ebe619dae6e8696a4934a1802a407cff45620f17b6b1f707a5c2d

SHA512
22aeba78bf313547a72afaae684040c8e5b332e82fe2849e64e3f65fc360e9d328b5e7c5db9afab05235dbc3a25e37c9a66f554583a2978d377501fa2cb58c0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat7D7.tmp

Filesize
103KB

MD5
fa794ec12d353c26805ff53821331fc2

SHA1
cbc6658badeda2ad9b0d2e03a0a35ff7fbba542a

SHA256
cfdbd8a2aa463c11e483dc10c480acd274e9786632f5571a3970e8a20a2d8237

SHA512
1161afdbf6fc9b74421031fe6e139587f291ffaec03cae4aa76c1a86e10a69c7b1602ecbfbf60287ce8ed926377ad159992cde605ba98e75b212e971b7e14f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat7E8.tmp

Filesize
140KB

MD5
d070306a9062178afdfa98fcc06d2525

SHA1
ba299b83eb0a3499820fddcf305af0ddbda3e5d0

SHA256
8f5ccdfd3da9185d4ad262ec386ebb64b3eb6c0521ec5bd1662cec04e1e0f895

SHA512
7c69e576b01642ecd7dd5fe9531f90608fa9ade9d98a364bcc81ccd0da4daef55fd0babc6cb35bff2963274d09ef0cd2f9bce8839040776577b4e6a86eb5add5

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat7F9.tmp

Filesize
140KB

MD5
e204643042591aeec2043c5eae255099

SHA1
ba5f2f94740400f540befc89f1c4d022a26faa84

SHA256
7f58f56a7a353f8fc78ec2757394a7c7f28165e6bbf2a37d6a6e48e845874f3e

SHA512
7196c5b8e88100a08eb296be7570df4d045268ad6bab1c45ebaa9063aa9b46b8896886e24a9f861e322b167dd95e18d5a18abb76f1bb01c8bc85c36bead855ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat7FA.tmp

Filesize
139KB

MD5
dfce51814cf6d2f42375f948602cd99d

SHA1
766e162ff305343010b67fbaa28b36af277c5b34

SHA256
7a8a945586a1d21d2922cb4aed9e28d872129f6c396ac69f47ef3e32ea972ba0

SHA512
2c9489c18719ad29928e86a9e631e080b024c882a77a582f40f4f86f625de9b08ad3c09710d5ee32b5cae5284fd960f412f05290bdb3b4709f097b269b99ce21

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-8VAAU.tmp\Setup.tmp

Filesize
3.1MB

MD5
f3b4d096d4cee3df1d9c8a1c45da95b5

SHA1
c61c6d61b77554dfb37b0ae84b1eb7f142888bbb

SHA256
9cea3c44bf11f95583b35b6f69085f9105168eb69bb6cb0cbd64fe21420bce1d

SHA512
04493cef582c86ec54badfaeac7abd595010025f3c92e1fe23e6a2b8d2441f2ab256a754be2b02954364c2de080a15bee37b5a653a62c1ce6b16b967a13efb50

Download Submit
C:\Users\Admin\AppData\Local\Temp\{012B7A1A-291C-4193-BA13-C0AD01A7BA73}\index.css

Filesize
860KB

MD5
c41b17e540568c9ffd76baeb550a3895

SHA1
9d4b48084f7d422bb407f535875a8d99939b1dd2

SHA256
a3ae7258dbf676b8cdcbd0890902e88a4a7fdecc6112513fd006ebdbad295863

SHA512
fce89f2ccc901de7b3d4b6003cbb0f961abb32f457bd17f4f9f82c840eeeef85153d409dc8dfedf4ed6cc3d73d3b11f93556ad66f87dd11b7546b55114b94de7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DED0A55A-8B2E-4A49-BDC9-2192B6380FE7}\CCDInstaller.js

Filesize
1.2MB

MD5
a8cca5b969784f356bcf8bbd0895b8cb

SHA1
bcedc0d7ed2e6ac55709f0b837a354c6ad7f9c97

SHA256
a641388d7b4c162c026606d4b099afc45db810edb39c8c5bddd087a1df840aa0

SHA512
7c9e9fc110ea0a5c51a15b5253c0dc2d47a490581dd4005925c3045d6f4e2ed0ff9cd427a9cc42db090153706283b1a6270c225bd3a161198c805db435375670

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DED0A55A-8B2E-4A49-BDC9-2192B6380FE7}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 MC Prefs

Filesize
1KB

MD5
82532b9b14074f8fb97e241b713830dc

SHA1
85e82f923a4952dba32ef7c93a1418df7b975742

SHA256
9f2a6ddeb493d718631c32e5c5eec13082b6cd82100f2a52be7c45249c399e9c

SHA512
3ce2fac8f0195ba48f713c89ad7188f31bb970926478bde1a256490f87a01481dbaaa99382c40819114757729b768c5d5318a671f5ddb19c286483616912ecda

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 MC Prefs

Filesize
1KB

MD5
dae5f94f73e81ead36de9baad52e5e00

SHA1
792d027e4e8a59470956a3850ff888e964d5882f

SHA256
b46dd31319805e780c554afe67bd09ecb31b84f1002e9ae9e2ea36e39f10cd7e

SHA512
af0046c6010a675f2f5c9bb927c1e1736a9623a9da540a13df881e0d508da732a8c0a6008e7f764ad9b1b5e34cd22e65178a9bfc83d0a20b71fbbb3e0b9995a0

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 MC Prefs

Filesize
1KB

MD5
f18c39e59b1ee1028bb8428439621b5d

SHA1
36decd9a9ba9f8444add94270844056cb522c4c8

SHA256
328df672a1c730c62649d48e98b527d68705b4a34727ef4312586088220167c5

SHA512
41f5df65207ffb2bf96f4a555502b960bf39a33d1e2b29a74420e8e3426486b93979500bb7515d573819ba81a7ccc7951a2cdd3c49fde97ab3fd1ba0fd0f35bc

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 Prefs-paint.txt

Filesize
56B

MD5
65ed218dbba5e06c5bda5779ce171d90

SHA1
09c26a83a6be0780b19bf1d1ab58b941994e9ce8

SHA256
667b39871b81af559820541a11df3aadd11c8c135e6099125d9b58e8a1cba709

SHA512
b9346e8e14a47128f32590be67f983d24787ecc0c07f5f8b72de8936aa84f14c4606add91cceb2716017ad6e7c30d8aceaed314ebd80fe525bdc2c68c3ee87da

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Debug Database.txt

Filesize
6KB

MD5
de35fbed9ae821552a87fda54157699e

SHA1
57bf72ad72b2638eb9e9562add95cba44362c7db

SHA256
e621e00f616cd02f1edc112c94ed3fa93b640d513ab28d399f30b0378a968410

SHA512
72e492b7faf355bd720f85d8d7b0f3ebec96b749e283a6bf25584952ab033fa3af758a292be4275d7a334a04ad3efe222159335a008a5840622007f57b5e8857

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Debug Database.txt

Filesize
6KB

MD5
5340fa7b627f2e16955a1bb3db74fa3d

SHA1
db291f8b51254cf9784047c6fcf9ea5280824132

SHA256
5f3024c7a63a0340009ed2eefb178412af17450bc1b6874f7d6982a013c235bf

SHA512
79d1d9eadc3df961d52fad0fb4a8e9fb808a1d7a38eff0856a3fbff903da96fcdbecbe36ca7e92869170a178d3154a8aeb77eba91c8e477eda9847a9b6e0d075

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Common\Media Cache Files\edf51f97-619b-4897-bc2c-c77391c71a74

Filesize
1B

MD5
02129bb861061d1a052c592e2dc6b383

SHA1
c032adc1ff629c9b66f22749ad667e6beadf144b

SHA256
4b68ab3847feda7d6c62c1fbcbeebfa35eab7351ed5e78f4ddadea5df64b8015

SHA512
3173f0564ab9462b0978a765c1283f96f05ac9e9f8361ee1006dc905c153d85bf0e4c45622e5e990abcf48fb5192ad34722e8d6a723278b39fef9e4f9fc62378

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Common\Motion Graphics Templates\AEMogrtInstall14-2-1.txt

Filesize
70B

MD5
7b5789f75f623e84b1c5c71190732a69

SHA1
734862049b2479508654732b102b81d110a0e86c

SHA256
7f34ce18801d96c731a477e84316d6a253a978dc5dcecf2f7df73879f273d603

SHA512
c40230ad55f74448c6b6090338ed9d85426f64bc028480ad723ecebe4a174b1a2389b092d2f0c65a7057387b145cb638d6a0d3dcd85b7a029d2ddb6411f3be23

Download Submit
C:\Users\Admin\Downloads\AfterEffects 2022.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe

Filesize
2.4MB

MD5
aaa117386cb47343ff74c4da553d22c1

SHA1
4485a0abbf66211c0e210f27fbb03dd86d7cd58e

SHA256
5737635acfdbc4831002ff2777a8b4ec3c7e11a93825e58ad6981b066c840dc0

SHA512
20ae835a513e01512c47ef6fc1f6a0d64d86e4c67140da7a8717bba819d57328ae4c5a0568603c4e1f8aa08ae6de539008961cc3bc85091cd8f687bfdcb38fae

Download Submit
C:\Users\Admin\Downloads\AfterEffects 2022\Readme.txt

Filesize
431B

MD5
11d53186d9d250ed867ac33871749372

SHA1
928bc33d62c896e8f122463d5e7a5ca496728806

SHA256
70bbe434e8beff0531bdf49744d045d8ace0196ed7902075741d707b9609702a

SHA512
a93065e304618dc11d4f221eeb8fac9ec2715f0bdcb716493808c01f54523df2c180622e9b6162c6eba7dcd2bd027578cd220cba2bf00309f5bcb66307e2b42a

Download Submit
C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe

Filesize
2.1MB

MD5
6c1620e5ff6fe39252348b0a314586c5

SHA1
caf8b8b2cc7a95762ee9413b825d6b7d80b90e0b

SHA256
d0ca0c9b434c6d2c468548d4add127e83114bf0eb2afb3d2beb6777791798ff7

SHA512
05c0ab98043cb4ef7c76b424d04b497ba6aef79e0029ee111cd62d738df3ae6ad1bee324bc22f7b6433e21b26d72d93a155a8065663aed284be8a4b237810317

Download Submit
memory/456-9319-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/456-755-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/456-955-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/456-4747-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/456-1254-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/456-9982-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/456-6161-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/456-461-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/456-3339-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1124-10180-0x0000000001010000-0x000000000110A000-memory.dmp

Filesize
1000KB

Download
memory/1124-10184-0x00000000013B0000-0x00000000014D6000-memory.dmp

Filesize
1.1MB

Download
memory/1124-10179-0x0000000000E60000-0x0000000000EF5000-memory.dmp

Filesize
596KB

Download
memory/1124-10178-0x0000000000E20000-0x0000000000E40000-memory.dmp

Filesize
128KB

Download
memory/1124-10185-0x0000000001510000-0x00000000015B1000-memory.dmp

Filesize
644KB

Download
memory/1124-10183-0x0000000001110000-0x00000000013A8000-memory.dmp

Filesize
2.6MB

Download
memory/1124-10176-0x0000000000DC0000-0x0000000000DE5000-memory.dmp

Filesize
148KB

Download
memory/1124-10173-0x0000000000530000-0x000000000055C000-memory.dmp

Filesize
176KB

Download
memory/1124-10174-0x0000000000890000-0x00000000008F2000-memory.dmp

Filesize
392KB

Download
memory/1124-10177-0x0000000000DF0000-0x0000000000E05000-memory.dmp

Filesize
84KB

Download
memory/1124-10182-0x0000000000F70000-0x0000000000FC9000-memory.dmp

Filesize
356KB

Download
memory/1124-10175-0x0000000000900000-0x0000000000B65000-memory.dmp

Filesize
2.4MB

Download
memory/1124-10181-0x0000000000F20000-0x0000000000F69000-memory.dmp

Filesize
292KB

Download
memory/1696-11479-0x0000000000E50000-0x00000000015D6000-memory.dmp

Filesize
7.5MB

Download
memory/1956-367-0x0000000000C60000-0x00000000013E6000-memory.dmp

Filesize
7.5MB

Download
memory/1956-394-0x0000000000C60000-0x00000000013E6000-memory.dmp

Filesize
7.5MB

Download
memory/2228-12019-0x0000000000E50000-0x00000000015D6000-memory.dmp

Filesize
7.5MB

Download
memory/2356-10229-0x0000000001F90000-0x0000000001FA7000-memory.dmp

Filesize
92KB

Download
memory/2356-10224-0x0000000001F30000-0x0000000001F77000-memory.dmp

Filesize
284KB

Download
memory/2356-10223-0x0000000000C40000-0x0000000000C6F000-memory.dmp

Filesize
188KB

Download
memory/2356-10218-0x00000000015E0000-0x000000000167F000-memory.dmp

Filesize
636KB

Download
memory/2356-10186-0x0000000000B10000-0x0000000000B69000-memory.dmp

Filesize
356KB

Download
memory/2356-10212-0x0000000000B80000-0x0000000000BF5000-memory.dmp

Filesize
468KB

Download
memory/3644-9995-0x0000000000E50000-0x00000000015D6000-memory.dmp

Filesize
7.5MB

Download
memory/3644-10022-0x0000000000E50000-0x00000000015D6000-memory.dmp

Filesize
7.5MB

Download
memory/4040-10123-0x0000000001000000-0x0000000001015000-memory.dmp

Filesize
84KB

Download
memory/4040-10122-0x0000000000F60000-0x0000000000FF5000-memory.dmp

Filesize
596KB

Download
memory/4040-10121-0x0000000000F30000-0x0000000000F50000-memory.dmp

Filesize
128KB

Download
memory/4040-10120-0x0000000000EF0000-0x0000000000F15000-memory.dmp

Filesize
148KB

Download
memory/4040-10119-0x0000000000D80000-0x0000000000DD9000-memory.dmp

Filesize
356KB

Download
memory/4380-312-0x0000000000C60000-0x00000000013E6000-memory.dmp

Filesize
7.5MB

Download
memory/4380-346-0x0000000000C60000-0x00000000013E6000-memory.dmp

Filesize
7.5MB

Download
memory/4664-432-0x0000000000C60000-0x00000000013E6000-memory.dmp

Filesize
7.5MB

Download
memory/4952-10075-0x0000000180000000-0x0000000182E02000-memory.dmp

Filesize
46.0MB

Download
memory/4952-10071-0x0000000004620000-0x000000000465C000-memory.dmp

Filesize
240KB

Download
memory/4952-10068-0x0000000004240000-0x00000000042C0000-memory.dmp

Filesize
512KB

Download
memory/4952-10069-0x0000000004590000-0x00000000045BA000-memory.dmp

Filesize
168KB

Download
memory/4952-10074-0x0000000006DF0000-0x0000000006EF0000-memory.dmp

Filesize
1024KB

Download
memory/4952-10072-0x0000000004670000-0x000000000476A000-memory.dmp

Filesize
1000KB

Download
memory/4952-10080-0x0000000017720000-0x00000000177A2000-memory.dmp

Filesize
520KB

Download
memory/4952-10070-0x00000000045D0000-0x0000000004609000-memory.dmp

Filesize
228KB

Download
memory/4952-10073-0x0000000004CD0000-0x0000000004D68000-memory.dmp

Filesize
608KB

Download
memory/4952-10067-0x0000000002EA0000-0x0000000002F15000-memory.dmp

Filesize
468KB

Download
memory/4952-10066-0x0000000000CB0000-0x0000000000D4F000-memory.dmp

Filesize
636KB

Download
memory/4952-10076-0x0000000014C80000-0x0000000014FCF000-memory.dmp

Filesize
3.3MB

Download
memory/4952-10077-0x0000000180000000-0x0000000182E02000-memory.dmp

Filesize
46.0MB

Download
memory/4952-10078-0x00000000171D0000-0x0000000017222000-memory.dmp

Filesize
328KB

Download
memory/4952-10079-0x00000000176E0000-0x000000001771A000-memory.dmp

Filesize
232KB

Download
memory/4952-10081-0x0000000017DE0000-0x0000000017E14000-memory.dmp

Filesize
208KB

Download
memory/4960-444-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/4960-9983-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/4960-460-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/5872-11840-0x0000000000E50000-0x00000000015D6000-memory.dmp

Filesize
7.5MB

Download