hxxps://drive[.]google[.]com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Resubmissions

03-12-2024 23:00

241203-2y3qaatrhm 7

03-12-2024 22:46

241203-2pxsnstnel 7

Analysis

max time kernel
568s
max time network
545s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
03-12-2024 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Score

7^/10

discovery persistence privilege_escalation upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 13 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CRWindowsClientService.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CRWindowsClientService.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CRWindowsClientService.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CRWindowsClientService.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 49 IoCs

pid	Process
1476	Creative_Cloud_Set-Up.exe
4248	Creative_Cloud_Set-Up.exe
116	Setup.exe
2084	Setup.tmp
188	AfterFX.exe
1412	CRWindowsClientService.exe
4300	CRLogTransport.exe
3908	CRLogTransport.exe
5336	AEGPUSniffer.exe
1472	dynamiclinkmanager.exe
4240	GPUSniffer.exe
2152	CRWindowsClientService.exe
2992	TeamProjectsLocalHub.exe
5684	CRLogTransport.exe
2452	CRLogTransport.exe
780	CEPHtmlEngine.exe
2084	CEPHtmlEngine.exe
5552	CEPHtmlEngine.exe
2332	CEPHtmlEngine.exe
1496	CEPHtmlEngine.exe
1848	CEPHtmlEngine.exe
6064	AfterFX.exe
940	CRWindowsClientService.exe
5172	AEGPUSniffer.exe
5780	GPUSniffer.exe
648	dynamiclinkmanager.exe
4392	CRWindowsClientService.exe
6120	TeamProjectsLocalHub.exe
2264	CRLogTransport.exe
5328	CRLogTransport.exe
4740	CRLogTransport.exe
5072	CRLogTransport.exe
348	CEPHtmlEngine.exe
2908	CEPHtmlEngine.exe
6056	CEPHtmlEngine.exe
5288	CEPHtmlEngine.exe
5724	CEPHtmlEngine.exe
1184	CEPHtmlEngine.exe
5932	AfterFX.exe
4872	crashpad_handler.exe
5912	AEGPUSniffer.exe
6116	GPUSniffer.exe
5176	crashpad_handler.exe
5944	CEPHtmlEngine.exe
2836	CEPHtmlEngine.exe
1232	CEPHtmlEngine.exe
1056	CEPHtmlEngine.exe
5528	CEPHtmlEngine.exe
5872	CEPHtmlEngine.exe

Loads dropped DLL 64 IoCs

pid	Process
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe

Enumerates connected drives 3 TTPs 6 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	AfterFX.exe
File opened (read-only)	\??\D:	AfterFX.exe
File opened (read-only)	\??\F:	AfterFX.exe
File opened (read-only)	\??\D:	AfterFX.exe
File opened (read-only)	\??\F:	AfterFX.exe
File opened (read-only)	\??\D:	AfterFX.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
8	drive.google.com
10	drive.google.com
5	drive.google.com
6	drive.google.com

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0002000000040d89-754.dat	upx
behavioral1/memory/1476-755-0x0000000000920000-0x00000000010A6000-memory.dmp	upx
behavioral1/memory/1476-798-0x0000000000920000-0x00000000010A6000-memory.dmp	upx
behavioral1/memory/4248-806-0x0000000000920000-0x00000000010A6000-memory.dmp	upx
behavioral1/memory/4248-842-0x0000000000920000-0x00000000010A6000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Resources\ocio\default\luts\is-JHAIN.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Material\is-QGK20.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Rotation\is-2S3OO.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\typesupport\cmaps\is-29TOJ.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\EAProjectBridge.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-DU43S.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-RPCAL.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-02BAC.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls\Styles\Base\is-H0A57.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\XmlListModel\is-R88PO.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\nl_NL\is-S7NEE.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-8FOLG.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-EK9C9.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Extras\designer\images\is-3889H.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-CNGC3.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Fill and Stroke\is-U3F88.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crxdec.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-336JH.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-1P363.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-IUT30.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\is-MF36U.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\css\is-17H48.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\ui\authdialog\mac\is-D9MAC.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-7OCB7.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-MJMJC.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-DGODH.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-0MFTQ.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-ML4OS.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\is-FEUC7.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-VRPHN.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.LABOR.LearningPanel\panel\fonts\adobe-spectrum\is-1P65H.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Cineware by Maxon\Ernst\is-PVBOS.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\is-09VQU.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Material\is-3GRRR.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-JAV3M.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls\Styles\Base\is-7RFKT.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls\Styles\Base\images\is-8M6DM.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-SPTH6.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls\Styles\Base\images\is-I7T75.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Fusion\is-BM5RU.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Fusion\is-QMTQ5.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-L4LNO.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\ccsearch\images\is-DPASO.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-O2LNP.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Lumetri\Misc\is-2LMSA.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-4CLCF.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-5IJAU.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Transitions - Wipes\is-22OEM.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\locales\is-873HB.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-I98PQ.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\css\is-7QLOQ.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\Film Stocks\is-T7745.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\is-36B4C.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Animate Out\is-3CQUK.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\is-AUD4E.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\pt_BR\is-HN780.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\css\is-HMIFJ.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\is-2UVRI.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-R8L8E.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-N0IBR.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-CIF0H.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Lumetri\LUTs\Legacy\is-U93CR.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\images\is-NKED1.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Paths\is-FSS98.tmp	Setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5628	1476	WerFault.exe	109
4792	4248	WerFault.exe	115

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Creative_Cloud_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Creative_Cloud_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Creative_Cloud_Set-Up.exe = "11001"	Creative_Cloud_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D517CC93-7066-4D06-A2AF-2F4298738C2A}	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\MRUListEx = ffffffff	AfterFX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\InprocServer32	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 020000000100000000000000ffffffff	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\MRUListEx = ffffffff	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\InprocServer32\ThreadingModel = "Both"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08E3287F-3A5C-47E9-8179-A9E9221A5CDE}\ = "Multigraph Bridge Controller"	AfterFX.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2319007114-3335580451-2147236418-1000\{37900734-8677-4788-AB33-20F6F52E50DA}	CEPHtmlEngine.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\ = "Dump"	AfterFX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\FilterData = 020000000000200001000000000000003070693300000000000000000100000000000000000000003074793300000000380000003800000000000000000000000000000000000000	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08E3287F-3A5C-47E9-8179-A9E9221A5CDE}\InprocServer32\ = "C:\\Program Files\\Adobe\\Adobe After Effects 2022\\Support Files\\(Media Core plug-ins)\\Common\\DxMultiGraphBridge.prm"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08E3287F-3A5C-47E9-8179-A9E9221A5CDE}\InprocServer32\ThreadingModel = "Both"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 0100000000000000ffffffff	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\NodeSlot = "6"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\InprocServer32\ = "C:\\Program Files\\Adobe\\Adobe After Effects 2022\\Support Files\\(Media Core plug-ins)\\Common\\DvFileWriter.prm"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AfterFX.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D517CC93-7066-4D06-A2AF-2F4298738C2A}	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AfterFX.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2319007114-3335580451-2147236418-1000\{A3E69307-DED1-466F-87DA-8D7DFBBB2DEA}	CEPHtmlEngine.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\FriendlyName = "Dump"	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Documents"	AfterFX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\CLSID = "{D517CC93-7066-4D06-A2AF-2F4298738C2A}"	AfterFX.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2319007114-3335580451-2147236418-1000\{1E53DD47-AEBA-4FE7-997F-929F2D63E8E8}	CEPHtmlEngine.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000b87ea63f5625db01e3c6d6415625db01c47f3e465625db0114000000	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AfterFX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08E3287F-3A5C-47E9-8179-A9E9221A5CDE}	AfterFX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08E3287F-3A5C-47E9-8179-A9E9221A5CDE}\InprocServer32	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1 = 14002e80922b16d365937a46956b92703aca08af0000	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\NodeSlot = "7"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AfterFX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	AfterFX.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	CEPHtmlEngine.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	CEPHtmlEngine.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	CEPHtmlEngine.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\AfterEffects 2022.rar:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1476	Creative_Cloud_Set-Up.exe
1476	Creative_Cloud_Set-Up.exe
1476	Creative_Cloud_Set-Up.exe
1476	Creative_Cloud_Set-Up.exe
1476	Creative_Cloud_Set-Up.exe
1476	Creative_Cloud_Set-Up.exe
1476	Creative_Cloud_Set-Up.exe
1476	Creative_Cloud_Set-Up.exe
1476	Creative_Cloud_Set-Up.exe
1476	Creative_Cloud_Set-Up.exe
1476	Creative_Cloud_Set-Up.exe
1476	Creative_Cloud_Set-Up.exe
4248	Creative_Cloud_Set-Up.exe
4248	Creative_Cloud_Set-Up.exe
4248	Creative_Cloud_Set-Up.exe
4248	Creative_Cloud_Set-Up.exe
4248	Creative_Cloud_Set-Up.exe
4248	Creative_Cloud_Set-Up.exe
4248	Creative_Cloud_Set-Up.exe
4248	Creative_Cloud_Set-Up.exe
2084	Setup.tmp
2084	Setup.tmp
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe
188	AfterFX.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
188	AfterFX.exe
2196	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 30 IoCs

description	pid	Process
Token: SeDebugPrivilege	4456	firefox.exe
Token: SeDebugPrivilege	4456	firefox.exe
Token: SeDebugPrivilege	4456	firefox.exe
Token: SeDebugPrivilege	4456	firefox.exe
Token: SeDebugPrivilege	4456	firefox.exe
Token: SeDebugPrivilege	4456	firefox.exe
Token: SeRestorePrivilege	904	7zG.exe
Token: 35	904	7zG.exe
Token: SeSecurityPrivilege	904	7zG.exe
Token: SeSecurityPrivilege	904	7zG.exe
Token: SeIncreaseQuotaPrivilege	1476	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	1476	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	1476	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	1476	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	1476	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	1476	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	4248	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	4248	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	4248	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	4248	Creative_Cloud_Set-Up.exe
Token: SeDebugPrivilege	5916	taskmgr.exe
Token: SeSystemProfilePrivilege	5916	taskmgr.exe
Token: SeCreateGlobalPrivilege	5916	taskmgr.exe
Token: SeDebugPrivilege	4456	firefox.exe
Token: 33	5916	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5916	taskmgr.exe
Token: 33	5752	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5752	AUDIODG.EXE
Token: SeDebugPrivilege	4456	firefox.exe
Token: SeDebugPrivilege	4456	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
904	7zG.exe
2084	Setup.tmp
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe
5916	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
4456	firefox.exe
1476	Creative_Cloud_Set-Up.exe
1476	Creative_Cloud_Set-Up.exe
4248	Creative_Cloud_Set-Up.exe
4248	Creative_Cloud_Set-Up.exe
188	AfterFX.exe
780	CEPHtmlEngine.exe
188	AfterFX.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe
2196	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 4456	4768	firefox.exe	80
PID 4768 wrote to memory of 4456	4768	firefox.exe	80
PID 4768 wrote to memory of 4456	4768	firefox.exe	80
PID 4768 wrote to memory of 4456	4768	firefox.exe	80
PID 4768 wrote to memory of 4456	4768	firefox.exe	80
PID 4768 wrote to memory of 4456	4768	firefox.exe	80
PID 4768 wrote to memory of 4456	4768	firefox.exe	80
PID 4768 wrote to memory of 4456	4768	firefox.exe	80
PID 4768 wrote to memory of 4456	4768	firefox.exe	80
PID 4768 wrote to memory of 4456	4768	firefox.exe	80
PID 4768 wrote to memory of 4456	4768	firefox.exe	80
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 1524	4456	firefox.exe	81
PID 4456 wrote to memory of 4512	4456	firefox.exe	82
PID 4456 wrote to memory of 4512	4456	firefox.exe	82
PID 4456 wrote to memory of 4512	4456	firefox.exe	82
PID 4456 wrote to memory of 4512	4456	firefox.exe	82
PID 4456 wrote to memory of 4512	4456	firefox.exe	82
PID 4456 wrote to memory of 4512	4456	firefox.exe	82
PID 4456 wrote to memory of 4512	4456	firefox.exe	82
PID 4456 wrote to memory of 4512	4456	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view"
1⤵
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1848 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2031a53-1e18-4956-a908-00312f8d9b73} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" gpu
    3⤵
    PID:1524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4162b6d-015a-4523-ba67-eb449c47770b} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" socket
    3⤵
    PID:4512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3128 -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3220 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95d18bf4-5d24-49b7-860f-fc062f703408} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" tab
    3⤵
    PID:4480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3704 -childID 2 -isForBrowser -prefsHandle 3696 -prefMapHandle 2748 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bdf011b-5fd0-418a-a94b-1a9b84a434a4} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" tab
    3⤵
    PID:64
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4504 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4600 -prefMapHandle 4596 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8320ab1-c8a0-46f3-b69d-c1762f4bbd53} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" utility
    3⤵
    - Checks processor information in registry
    PID:1876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 3 -isForBrowser -prefsHandle 5544 -prefMapHandle 5540 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66cdf445-ade5-454d-8937-8cccbcda23d0} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" tab
    3⤵
    PID:2804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 4 -isForBrowser -prefsHandle 5708 -prefMapHandle 5712 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8efecc6b-ef86-4fbe-89fe-026796de9542} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" tab
    3⤵
    PID:1152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5956 -childID 5 -isForBrowser -prefsHandle 5876 -prefMapHandle 5880 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c51675f-b64c-4200-aae4-b6630be67381} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" tab
    3⤵
    PID:2720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6308 -childID 6 -isForBrowser -prefsHandle 6196 -prefMapHandle 6228 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f955db8a-063e-4af3-a97e-9f7d56f1c2e6} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" tab
    3⤵
    PID:1772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5492 -childID 7 -isForBrowser -prefsHandle 5456 -prefMapHandle 3656 -prefsLen 30165 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76e028aa-59f0-4f90-b0bb-13bf460cda2b} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" tab
    3⤵
    PID:2040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6784 -childID 8 -isForBrowser -prefsHandle 6808 -prefMapHandle 6804 -prefsLen 27873 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97b6245d-730b-4bfd-9fcd-4ac665d5f241} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" tab
    3⤵
    PID:5416

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:828

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AfterEffects 2022\" -spe -an -ai#7zMap18879:96:7zEvent26908
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:904

C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1476
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 2084
  2⤵
  - Program crash
  PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1476 -ip 1476
1⤵
PID:4536

C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4248
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 2476
  2⤵
  - Program crash
  PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4248 -ip 4248
1⤵
PID:5164

C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:116
- C:\Users\Admin\AppData\Local\Temp\is-NKD0I.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-NKD0I.tmp\Setup.tmp" /SL5="$702C0,882176,0,C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:2084

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5916

C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe
"C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:188
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" updatepvbpreference dummy
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:1412
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\crashlogs"
    3⤵
    - Executes dropped EXE
    PID:4300
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\dumps"
    3⤵
    - Executes dropped EXE
    PID:3908
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe"
  2⤵
  - Executes dropped EXE
  PID:5336
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamiclinkmanager.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamiclinkmanager.exe"
  2⤵
  - Executes dropped EXE
  PID:1472
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe"
    3⤵
    - Executes dropped EXE
    PID:2992
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\GPUSniffer.exe
  -T 62 -H 78474279408188
  2⤵
  - Executes dropped EXE
  PID:4240
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" updatepvbpreference dummy
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:2152
  - - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
      "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\crashlogs"
      4⤵
      Executes dropped EXE
      PID:5684
  - - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
      "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\dumps"
      4⤵
      Executes dropped EXE
      PID:2452
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\index.html" 76babe94-6ca2-4e8a-a07c-4b26d4731564 188 AEFT 22.0 com.adobe.DesignLibraries.angular 1 "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" "AE_CApplication_22.0" 1 WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= en_US 4280492835 100 1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:780
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=gpu-process --field-trial-handle=1708,11091733627222903595,14934388089426642399,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --params_ppid=AEFT --params_serverid=188 --gpu-preferences=OAAAAAAAAADhAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=1724 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    PID:2084
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1708,11091733627222903595,14934388089426642399,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=utility --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2060 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:5552
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1708,11091733627222903595,14934388089426642399,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2104 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    PID:2332
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1708,11091733627222903595,14934388089426642399,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=188 --params_extensionuuid=76babe94-6ca2-4e8a-a07c-4b26d4731564 --params_windowid=197848 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2392 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:1848
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1708,11091733627222903595,14934388089426642399,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=188 --params_extensionuuid=76babe94-6ca2-4e8a-a07c-4b26d4731564 --params_windowid=197848 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2420 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:1496

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x394
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5752

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\0dcc5da873264aee92634bc786459104 /t 5764 /p 188
1⤵
PID:1672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe
"C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe" "C:\Users\Admin\Desktop\Untitled Project copy.aep"
1⤵
- Executes dropped EXE
- Enumerates connected drives
PID:6064
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" updatepvbpreference dummy
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:940
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\crashlogs"
    3⤵
    - Executes dropped EXE
    PID:2264
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\dumps"
    3⤵
    - Executes dropped EXE
    PID:5328
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe"
  2⤵
  - Executes dropped EXE
  PID:5172
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\GPUSniffer.exe
  -T 62 -H 880176045346064
  2⤵
  - Executes dropped EXE
  PID:5780
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" updatepvbpreference dummy
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:4392
  - - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
      "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\crashlogs"
      4⤵
      Executes dropped EXE
      PID:4740
  - - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
      "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\dumps"
      4⤵
      Executes dropped EXE
      PID:5072
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamiclinkmanager.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamiclinkmanager.exe"
  2⤵
  - Executes dropped EXE
  PID:648
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe"
    3⤵
    - Executes dropped EXE
    PID:6120
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\index.html" e16bcbaa-37ea-4004-b029-102138785b6e 6064 AEFT 22.0 com.adobe.DesignLibraries.angular 1 "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" "AE_CApplication_22.0" 1 WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= en_US 4280492835 100 1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:348
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=gpu-process --field-trial-handle=1540,16419997357168460029,8836966596399480851,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --params_ppid=AEFT --params_serverid=6064 --gpu-preferences=OAAAAAAAAADhAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=1688 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    PID:2908
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1540,16419997357168460029,8836966596399480851,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=utility --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2000 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:6056
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1540,16419997357168460029,8836966596399480851,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2040 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:5288
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1540,16419997357168460029,8836966596399480851,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=6064 --params_extensionuuid=e16bcbaa-37ea-4004-b029-102138785b6e --params_windowid=328534 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2276 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:1184
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1540,16419997357168460029,8836966596399480851,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=6064 --params_extensionuuid=e16bcbaa-37ea-4004-b029-102138785b6e --params_windowid=328534 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:5724

C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe
"C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
PID:5932
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe" --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db" "--metrics-dir=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db" --url=https://o307710.ingest.sentry.io:443/api/5227323/minidump/?sentry_client=sentry.native/0.4.10&sentry_key=b757a395cf2c47dfbaa4bcf6186b45bb "--attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\3d4563b3-179f-426e-662e-277c153bc7cb.run\__sentry-event" "--attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\3d4563b3-179f-426e-662e-277c153bc7cb.run\__sentry-breadcrumb1" "--attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\3d4563b3-179f-426e-662e-277c153bc7cb.run\__sentry-breadcrumb2" --initial-client-data=0xcf8,0xcfc,0xd00,0xcd0,0xd04,0x188848a0,0x188848c0,0x188848d8
  2⤵
  - Executes dropped EXE
  PID:4872
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe"
  2⤵
  - Executes dropped EXE
  PID:5912
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\GPUSniffer.exe
  -T 62 -H 927223672695932
  2⤵
  - Executes dropped EXE
  PID:6116
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db --attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db\14a37239-28f2-47e8-60ba-a73353d669d2.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db\14a37239-28f2-47e8-60ba-a73353d669d2.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db\14a37239-28f2-47e8-60ba-a73353d669d2.run\__sentry-breadcrumb2 --initial-client-data=0x490,0x494,0x498,0x470,0x49c,0xb7448a0,0xb7448c0,0xb7448d8
    3⤵
    - Executes dropped EXE
    PID:5176
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\index.html" de596cdf-2d23-4dc9-83a4-65a274a76f28 5932 AEFT 22.0 com.adobe.DesignLibraries.angular 1 "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" "AE_CApplication_22.0" 1 WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= en_US 4280492835 100 1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5944
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=gpu-process --field-trial-handle=1396,16111488585165958287,1150534141052229327,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --params_ppid=AEFT --params_serverid=5932 --gpu-preferences=OAAAAAAAAADhAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=1720 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    PID:2836
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1396,16111488585165958287,1150534141052229327,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=utility --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=1980 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:1056
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1396,16111488585165958287,1150534141052229327,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=1992 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:1232
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1396,16111488585165958287,1150534141052229327,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=5932 --params_extensionuuid=de596cdf-2d23-4dc9-83a4-65a274a76f28 --params_windowid=328460 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:5872
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1396,16111488585165958287,1150534141052229327,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=5932 --params_extensionuuid=de596cdf-2d23-4dc9-83a4-65a274a76f28 --params_windowid=328460 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2384 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:5528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Adobe\caps\hdpim.db

Filesize
68KB

MD5
d6979b4794b15e3bc57ae5a84afbb92b

SHA1
a483617ad62b6903c4e68acc305000618af03982

SHA256
504c18904939228f7594cf24722c10089779774d022e44a4a87f3f08ada89c55

SHA512
0ece7a27579496aed1c9216826ea77c9ec38cd2da5a004b272431af2334ea22385caa80433295e07264ba6836b0a1b189be7a09a8ca826477890fd90c54b2d08

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ASLFoundation.dll

Filesize
456KB

MD5
815c858fe48e3b487139ad790d6086bf

SHA1
ae0f2a07c1beabdf87584f6e16b027783e56295e

SHA256
3b6e03d838cb72be322a74d7c2db79d820ba82eaf3c890765a07bbbe21aa044a

SHA512
3ee5678bc1b3393587c10e5a46ee79fe01c7c5af171293721944e779f71c44519a5fa8f222da13a1092328282d91c564486950cf4aeb8ffa00b4241f30466c98

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe

Filesize
1.2MB

MD5
782cd23f53637c6298b1fd849ae89440

SHA1
fea438d27ca9ad9dc293c5054452c00ee73b8492

SHA256
53b8ca0bdf6f16b2770ac0b3ef4f7d9d96ea660328407a31956b01617fc1a397

SHA512
c61fe1270c75a9fb5e11be45ba064d82bbd74a32859e888d1bbc6474c4ada95e0497760eb17ba3722f47ecce88c275f514f45c2030698d5dc112b94d45d30420

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFXLib.dll

Filesize
45.5MB

MD5
12346f5c85b4c9d208e02d5ce6ed87df

SHA1
c1f2b9edc65d56c2c4cc7e34f1b668d5ed180623

SHA256
f4ffb5cc7e790a42c0a625df35b091acd8a7c8d5cc935b5a168cd421eb59bcc9

SHA512
1699d0b11ebd9b2e452ae42ac2c1f84074a64d3a86f32ceb8ecb1585a3c9a359ae8e6613367227349802e151db67e80ff2f3ab40eead75b80c061df880214d36

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Backend.dll

Filesize
18.9MB

MD5
76ec2017cf08bbe72322bfea769a623b

SHA1
2d0604cfa431f4b0dce424c553584e7539b0c95e

SHA256
9ff123b4c20983066dbfbc26b8fe2df94d6ef6fedceb80680752d61e81062ed8

SHA512
f06efeb269baab2da845cd2346d1c9c917640e41a072d8fe24114e5caa0f907295e3a53daedb21ab727d843807c9a8ce33c8a683d47f10dd0e45ed90b8b77cc1

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\locales\is-QTPK1.tmp

Filesize
553KB

MD5
9e64f617c7278342dce87dd3bac112a6

SHA1
0c58bdd98c69b0f73578a56311aa22bc85f70d87

SHA256
6f117db8d19641253877c928fb4e3a8710f4380ba66b0d8f883a79c1e64b8edb

SHA512
40ac1fb74009921c32cec922d0efe55ff061dab9b647ada2ee28c8da986ff0b017fceaf9f04885a38b8aab02cce1618600ba473d89e6731306189b422ff9cd81

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CodecSupport.dll

Filesize
2.7MB

MD5
19c2ecf80bc4b84b43ec36c57a52cb94

SHA1
00c56f8c661376c88b579d56f922810467196b72

SHA256
8a52106f072bca00c74c093b7b902c7a3d305fde53add61829ba9b05bf82333f

SHA512
0e86ae79e110c382de36dba77a03c834c5dcf9a6debf535edfa33db11153aa7b813f7ea88c8eb0d6487472dcc2a9e08cbe15cd136f55216622f0cb5b88245e7d

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\DisplaySurface.dll

Filesize
1.3MB

MD5
2bd3bbd8cfd1b6c31b3278a0a0c667c8

SHA1
2e7c58ba732bf6248d318e9202ed8e5689feb1bb

SHA256
0fdfe23cae936fb70b845b7af8e0b5140ddf41ac28722cbda3e8a007e3e0e3f5

SHA512
93fce7b3142768c9e31fafba5bae18a911847de3c22555662051b70d4434410f398bf008eb2947c1cda41514ad08ece1f50d05917001b7974d861d448ed68954

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\EAClient.dll

Filesize
8.3MB

MD5
15b27cb2d8dd2fa489d9d999ad2f3225

SHA1
849badfe19efdb67d57d5fc340a7a966c86e95bd

SHA256
f8e1d4663c13156a62f81010fd81d136c4362127955667c2fa1371383bc0837d

SHA512
9651a16770ca842d1551612aae865826f5fb0bd3c0833c9819e72ee7af2e722ecd64a82aa0db28535cb7de5443108379d7aeba6d3e58837c0459ba9a57a2546f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\EAProjectBridge.dll

Filesize
5.7MB

MD5
9b8d4fbca19b50773ff6567d58ddd587

SHA1
503a1752a884c09b290f4a798745e63b73a5399c

SHA256
832ce693d15a0a9af4d779d7a80a552a41607c12710102452ac3165a9dffe01f

SHA512
f98ca4639f12f5760a429177cba624e30a28fa8f951cfe2c3b483cc35621aca4b0fce0e99adc1cece72f6f822852bca1429779c28956781fd84b61934b5467d6

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\locale\fr_MA\is-FUQ1H.tmp

Filesize
88KB

MD5
1a52bd2381250e4ef68a411e3f70416a

SHA1
280de059b7ffb6be20890697e485921f977b959a

SHA256
4c1f429a49b1f0d839fac6729bcb7aa956a6547c91c6d8a8ea92265923985fe5

SHA512
3224c891f3e3603fd07bead33218837b6283dc35d71f7c1cb5bb71fa81bcba87bd81892b1062042a8ce2a6291680b9146d837ebe1600912865d4f05af8158049

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\locale\zz_ZZ\is-MJ12C.tmp

Filesize
73KB

MD5
d675e91aea7f0fec379ecda4fe44182e

SHA1
3c72fb9ee678b91cfed8d702077ae6f48247aae3

SHA256
83f04204cd78ad88287b1e44d2200745a0f59863754906bb358c41228c2b8798

SHA512
d971aa0db0307a23d5e21609fc5b995752a24d79f5d2d880b47cdc7123ba12359df8c1e7602d675e59152da58420354fa5e76973e71eb90abe0ddc5fbfaf8fbc

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MEE.dll

Filesize
1.2MB

MD5
7e1394b0689cd24b791d4fe73f5a6347

SHA1
f41a32d186adfe682f34f02b278e0047c3e47c10

SHA256
85339bab204d2a71172bd31c87ca85f67e024e145b81a2aef17b6a28887b90bd

SHA512
048046b4505d95bbd3c5bcd7c691e7c6527774c8a25c718d99fcdaec3307829d4ba607a483b8d31c7eda4f83f6d5d6ce92495bc814e3d5d786ed6320c9093548

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MLAssets\is-HO58R.tmp

Filesize
344B

MD5
2f4f57eff18062e994989da91f4086d1

SHA1
dacb16b5573f9cf7fb3762f169a1b52f79de3b3c

SHA256
22d18eae8b4a0091e1a8a50346c5f59901b33736df0a8fbbff4d7ba033a416cb

SHA512
e4b346d3def9a8b185a1ec0890a143cfe62ef73bf7cf7ee8a562a6cc31f7d74d63e438218af18e05387ff257b3a694f429010945e44f377e6853e4fef5d4eabf

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MLAssets\is-UOHDJ.tmp

Filesize
344B

MD5
803efabdcb80cc3f150be9e41f7b4b57

SHA1
0750a3092054536d88a9c3b430e8ddf71b134bf5

SHA256
332312e95be9df62848fe57f265f54e219f071cf218c28ea23151fed66d0d859

SHA512
354d9ca7dc2cfb349014f24e0fd008f024a083fdc3321d2e57c778e0eeacc27ef24663c937287903e26d147aa8e515261fde59af8b1e8f3bf057619f338a39d4

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MachineLearningUtilities.dll

Filesize
497KB

MD5
5207ceb8e80c3e378a1d94cde5cd81ac

SHA1
203b7e8a59fd18a7688fa23649ecdf0037a630bf

SHA256
4d4db9ff763eb4a4d5d18f7f55862f52c6758a90daa00f5f7d308aec630514be

SHA512
d2eb45700511a0d749450eb13972f73abde1dc1bf3f36219cf7aa0df55c5b35a796ef66f3f94cd4167b06279e82b159fbd16d59e6aec2fa594332aec77ab4880

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MediaFoundation.dll

Filesize
960KB

MD5
93d26d347e13336bea687b786a87e8b8

SHA1
cd876dee89795a269278a552c1345e11e0a97d65

SHA256
89e213d83470c3f3cbb6b2a6891b8d013aa96bb9e3150ba0fdbfb327e5b85a76

SHA512
5aae484a69f16f264082c8630099da510c374c759f03309575d70ef7aa31a5a9915e405b3f4d06e223b318191798bc00ada2217973434217812f52f5ca1e2d40

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MediaUtils.dll

Filesize
164KB

MD5
502be848a7912db4c5b89a3e6c3ba716

SHA1
b556d739d626e532b5beb8b734557e2df89bf5b1

SHA256
32ec4bb900a541ed68f5069d06c8a02e22bc790f2351f448231a770fccf43432

SHA512
740769f0383dc69ba301bd61749487c86df4ca4f1fecb65e1081c2e79008993b17e52b9d4a4583697cc86b47cd0a01fd40c828118d7d8327a0d4470dea3ee3a4

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-1M6O6.tmp

Filesize
2.6MB

MD5
276fcc886c896b4734c7030a82d39b73

SHA1
b0fc396ec072c5ce69ac4c1cbb166ecbebe8cc98

SHA256
992644b9c1e8ebff7aa028f8a542b1db44d6f04db1a590535d44b0520e14d723

SHA512
7c3466b42b1026aeaca4cb95403caa4c7c8d4fb2784aff139170c7575c80c026540cca902fe6d392ba6e331adcd2a36656a4e041f24fc62fe8de09acccdefd2f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\is-7S4M1.tmp

Filesize
2KB

MD5
5435f060331a523b9e5db9c9957756aa

SHA1
e0f07b59a0ac83b7cea1716cdae4a59aeafa396b

SHA256
91d7772e4a193e91a093d59451508cdb89448eaffb4febda26789777afbacf3d

SHA512
536e731672c1348222490d39099712c7bbcbf8d0c6be5d0f3517c10feb1b47d7942c18703e18c28f36774546a41f18d61fa8096e022a82947d43b11a2641d187

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\is-UR7GN.tmp

Filesize
2KB

MD5
e6dd3db4f8a582e30f07b77e801428f0

SHA1
d207e34278440fc9b47c6480a47fef13870ffff6

SHA256
a3fff66cd7217029792e7fce403cc658b0ea03b2d3a2860f57479c8ea6bc1372

SHA512
f58e27d7f36e05cb1d6277629ee2e3cc239b2ba73a75d1399a048191e4443dbb1360922b2cc0d36c3a19b04fcdb64f5dbbd0a838736dca658b9caf856031c5ea

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ProjectSupport.dll

Filesize
157KB

MD5
7c309d19b3cc9b7eca55e23f747e6416

SHA1
bb446d5894b913bce23b453358b9f8f920b573bc

SHA256
170c2bc6e952fdec57d08c77c7d7c8c2733144065d51f761920f32a59838efe6

SHA512
a4126723208cc791039305478be268416398e85c9abe46f35028ae65c904ec30e8564d34cbd6fe1cbcec2e4ef1b08e81f61ef88b7a54e99bc90aa65e6517f2d1

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\SweetPeaSupport.dll

Filesize
217KB

MD5
526b5d54be2e94e490a4671ef72ed328

SHA1
6dcd805bc6c01f6c9e78909c71fdf63ea33090fc

SHA256
a267bf6515bad3dd271783dec0579d8a68ca47cff7baffead7dd0954c45e2a8e

SHA512
b566a816e32b750399a96917efad869e180dcbf69eb35631228604bf418f39d2496e48cb903b365ceabad5bd08d5bd0627f1e27db725799a88dabeb0d893e207

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\U.dll

Filesize
993KB

MD5
fcfca759b60d207d8f048e12f3ff1d86

SHA1
b054d43aa7493eaaf843d2fdc8ec5233a9b6a909

SHA256
afe1bd7ed68886f7bfe8d6c351aaf0a971aca420367c6ab9a480ff443acd899e

SHA512
9600f4048dda52f57a1c88dc21a711217742609d5e9616c7cea5161aec58706e0a37af38f4a5e137b4f449716eba9e627dd930b3592f0a1bba31d26c3452034a

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\VideoFrame.dll

Filesize
607KB

MD5
80ab704f27cf8829662b48d8a108e9de

SHA1
859315fa62e5df6639f12fa778e1cbfdab22de87

SHA256
f40cb4635ec140ea8d1f6059c99f231c882b31562599e5ff25bfbf2bdadf5327

SHA512
b1dd081433f666315d9cdab94324229ff1b09554eeecbd69562d81d8f9a35dd2eab1c2c027892b904e1fe231cb469ca557a57e093c8b79f67849fbcabdb675b9

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\aedisplay.dll

Filesize
593KB

MD5
b447f1a17ab2278dc5802186ffffad1b

SHA1
59477c01b3fc8aae4f623afa17d0defe2d79fdaf

SHA256
8cff968c32d9c46c1beaff1426da5b783a1564462ecfc95615504a82260ab91d

SHA512
70b08ea7d80dad223dc1bf60231fe9367a9c45e3a592370040f0813b481f096408395cd76aa2f0a2be1a2be02ac666e37ff2762497bdf1318e39ce3e2d07d453

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\aelib.dll

Filesize
3.6MB

MD5
a3e8177a225a3864a044c785ad54d2f2

SHA1
3e585cab8eb5ae7577a351cba41ac2ee11a92f86

SHA256
f65c8393868bd976fa2385bd70e2e464fc79fc34f5073e7a5040d291d4b38d63

SHA512
c5cf2098a2a90cba32a59a82e2d90b35df088c0da83b5a7c64324a3832defc7f0ef9f3878f9b5d916e3aa19a3f5f4abb9da0bd00de682b11af66a07e725c8612

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ahclient.dll

Filesize
313KB

MD5
b9a7dd7f322d07db95616e5208838641

SHA1
46630fd8c25ea9cdb56325a7cf45572e5ab31bd1

SHA256
c26f9a1f0ea3e175c2d229baf369364af257083a3698cfb52398933bffbd3f10

SHA512
37083884beff6d8291207ef12e93c60b473c98f845e5633d0c0f456e803256a763f15cf2b9dbba862b5e8c036a073cebd26d3ace287bd37760032985ce89069f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\boost_filesystem.dll

Filesize
119KB

MD5
43a9f104b8ef1bb0e1086c8a72019db5

SHA1
3b03486c8668dc6424a8bb96c44015823e6c7319

SHA256
ce870666d1a505349abe4aad28260fee1469b75a8356dd513cea01288466135d

SHA512
cb4421a9562e5da15b60ad97c87a2b4c59e73c6b0b00ec57a27d01cc57ae2ddf1df2dd54ef63750c8ca6cf2ad3d913ab2ba788942024da1d1e07439f35e4a4a5

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\boost_program_options.dll

Filesize
347KB

MD5
507f86bfce2285aef52cad244bcb7251

SHA1
5a63d836718bd3735625cf6943cf15d4ba4bf168

SHA256
9c4e1ea196c2dcc5623e240acfa7d1f075622a9fd0559075e13e95fae1ffee3e

SHA512
c29a9b954d74161042aff3bf62224090ff0836a524f070c3b5a381a27a58c65c611ef95c13cddb6a8ae81a9a380f31e6eec84d5042d102246e6cfa0ff936499e

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\boost_threads.dll

Filesize
77KB

MD5
6af0e0311719a270534cc5b7a22d9189

SHA1
80b607509735ff17820c71b4e2c1f325c5637b21

SHA256
c922464998bd59e6d273a9cb55e29d2d1a0aad4ddfb76f6227f5e6ee2caf95f3

SHA512
ddfbde19f91a39e4274c7a6f6a6f2172b584731d9cad407ffe2f50999f617d498205e00a2aa4a9e4c5c6b836635f16150102e04bcf9b2f86b4f6989fcb12e3f5

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\images\thumbs\is-TH9MC.tmp

Filesize
6KB

MD5
14efcb232fe86257595d64bc2df6b75d

SHA1
659f8e6be9dfcf41a2f8d634010fc22c69862a4d

SHA256
bbefe78465090c6ec55757d596979e8b59f2cd7417b2f513ca8ab84eb2d45e5c

SHA512
80d411289380a61639757fa88072a563b998775656359c6ccd5195f2deb84c8bd18adf81305dfee586f3aba92aa43333ae99802c807c06c280e31d691b64dac4

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\en_IL\is-N8D70.tmp

Filesize
26B

MD5
c0ab735c82f43e1f4db2bfbff021f15b

SHA1
d8b781f3c63c7fd4745caca90d652c4b630a30b1

SHA256
7af32636e9ecfdf1e3814a6869cc718a42c884e724fb4363f0068752c77530f9

SHA512
3f6c699e6c55b64c4f544fc28d4a6302ffa118a0642bb4c23d7bcf73a6cbb52b4f710adbfd7c865c6c8e2081ca2a219e224765ec4138c2a421b272aaf98a072a

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\en_US\is-OBLJQ.tmp

Filesize
10KB

MD5
ad3a0179cf63b44cbcda21b81ea01a79

SHA1
1139584a16322da850b338a3fbe7b1f4f4baec18

SHA256
513a2c998c7f08c3dde497f5ef1e453440d31bc47fd3e2bee57eebb2f54b8d83

SHA512
c75548d88e23dafc0f675e14fb3dc9efc5a2b9b190a57b648ed2c8cc48b760da65a43dff4339f6c6e5960a21af3ee5cecea25ec7f528c14329f48645872c4ec2

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\fr_MA\is-M15R5.tmp

Filesize
29B

MD5
b36e87c45a0f04e734d5497f3e4f5d7c

SHA1
3b56b1411801365379ec2c6a0800e50dd543fb93

SHA256
c42d0117a10d85e1abbc3cc56203a5d80e2c21a1e3d1da4c260c6e3fb4eceab5

SHA512
3a42ce831fd3a5f7bb636fe069361996c6ac9becbc3bf7b19684ba613decfbf8d0dc777dbef639b486e3e6a70a24c484aa55fe20d7c1485303fc8a31553464ff

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\fr_MA\is-RCO67.tmp

Filesize
12KB

MD5
9387d0ed2744788b96a5943834045261

SHA1
5495984a89de521c88bde2e723e46fec02a545bc

SHA256
d764a166183c94b88795c4f40c143ce9f4be04d8237cc6f40ce1d10c98577477

SHA512
a4753a51f73ae1e9da391c7a2ee86ec32069fc4d0d315f4c9787ffd8ae93e6a9ec26df4440c3b3f1c1f911fe80e88e8eb645cbec2424ccbc0df04fe5c07cdaf7

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.susi-dva.extension\is-HR5EI.tmp

Filesize
41B

MD5
c08502997fc819570b793f6e81ce0495

SHA1
20f805f7c716f09950bbc2f7a9c803e3f1cf57b4

SHA256
6f4ece9eef5c4e518ad56a6f82d14e95f93e4e5d07b1cb8d22de8666d7ac3d7f

SHA512
abed6ed6e8fa6716921ac31213540fbf8caabcc7bf58ef8002c0ed2d63f51d79aa4f15007a8d9c7013bcc6f6e6bc4b87f9b7d717cce583e5873ab7107e37eb1e

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvacore.dll

Filesize
5.1MB

MD5
20890193f34f80f4f6dfafafb669ef71

SHA1
c8d0f327601b7d18e8ab20d378fe7d8c3934d06a

SHA256
a4b9af1f545915ba61f88ae265bfaf33e269d48a6c0e89484d442aadea50a693

SHA512
061af2a6c5850a2c0e8f1597f213c167d5c7b55b71d2aaf672513d79c606f64c810f50291cab7c32f4d42a71fbd565b0d13ccc52f5cdb6de1aeb912854432756

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvanet.dll

Filesize
985KB

MD5
b31b8b0cd75e8fa3675f276a09928b7e

SHA1
baf3aca89b20319fbbc278a7e212c5706b925d2f

SHA256
44a8521c1a166a2c21e4895b859081b1afe1b100e9962cdef2f40bc19479351e

SHA512
9fa466fa3fe8c819fdb477d7fd7faab33d44a0bf8503d77cd348a8fef63b7795b5e2d7e7da84d9e6401c860b468ff0a3aa893bd3424270c12d8117bbe695ee8b

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvaui.dll

Filesize
23.9MB

MD5
cdaad62486e06ad13fea0eb297167da0

SHA1
6e16fcc01bf5867b77d3a1c17c14a34b6d580148

SHA256
dfb26f32c7de8573c62e148b459268911090c213b41b25527fbe96d525a0d1be

SHA512
34c1e2fb823386a7548f129e668a29d09fe72ba87d18f0684dfbb3d6160ccc767737475c37e00cf7c430a64422e16b51b160148e13db9183aa0108e2114c6a0f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\msvcp140.dll

Filesize
609KB

MD5
3aece536e1e7957a3b1150c3a45b8d26

SHA1
714a130c6d3de4356a782f6d469430669030405c

SHA256
beee6ddee281c1884b9dbfa66be05380ca12858e91211bf182c4af0d734e3f44

SHA512
2ea958a4c8e7ad1f9ab61e5141194deab18f2c6972a8c39986a815b1ccb1b158028a61a81c4002f48bf52564a9bf8d8d4156417807838d8cd4c62af0ceb1fdd3

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\en_IL\is-GOBM3.tmp

Filesize
11KB

MD5
e9031e4ce52193bec6931c23f65fee11

SHA1
f712cd9b86cda8eb79a1ef0806501dde2d68c376

SHA256
ca30d8c103cb7ac0584b2249291396e4c5487c8aa6efeafbb133a65cd48f8851

SHA512
7b221cefacf3e1929f85edfea649edc1c219d3868ef5a36977a635726ff061364069e666b71d98fe41be4aa1605eb7e5317cd1987a976249bedeb7a7140ff11e

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\es_MX\is-89TVF.tmp

Filesize
11KB

MD5
4d50ae44fa238ea4aabe5d1f8f36fccf

SHA1
2af1026cf84382db7ac72d68683d21dfa0b5703c

SHA256
af0beb0b93b7509b41b34fe0a20e51ea626b7e3365b4668d1008cc80c9a2247e

SHA512
e339f7860a92f69da25a7d88e3dbc4e5d8191f68d281f07e03ae1ea97d95c2cd3a030acf6f1cf56e7fe4a3c5073087fc54498e8803ccd19870053df1c029064d

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\fr_MA\is-1F1L0.tmp

Filesize
12KB

MD5
0563790f85f836158734dc3d770f1b57

SHA1
477a32071883e563e897b109a13038d687f5633d

SHA256
72823c1df23d465aed6d43f034b6d2048b9b20c6a565ad890e35c9a16981ff01

SHA512
714795d5105ed6b990f3277661769589ddc92a04e5eaa8991a8f9da2d553d5e8a9bccde7b601d5b101a0a4a908510a7bcde033afb76e7c8967c117417f43836d

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\ui\authdialog\mac\is-71V1R.tmp

Filesize
425B

MD5
51a63d748b4f19a75c45ac6ef3595246

SHA1
453776f6de11b18314314d884efadf90f2e549cb

SHA256
e70e39e1fca76069432faacc9e6c654e91a39d9286f0406b13fab33d42f1a7dc

SHA512
87b43d7accd25240869a28cd9a611f1e67bccd4f112cbff5efd2daa3d7440232fd7d9f1bf28c06bfe4f91b60597e15de222a063277322e141c986d8ac00fda28

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\ui\authdialog\mac\is-FJJ8F.tmp

Filesize
497B

MD5
9ff1bade0d4b2445db4638cf7a9b8790

SHA1
e5ce76bc8ebed90dcff4aa5047717ed0c67e24b8

SHA256
268c3d515af1d44766d8a5059391f34ec7e1cba36ef184a91112b4b016056435

SHA512
22d558bbfb662a7a578fd5ad6e949941cd81b762618b87ef7e68fe2dc4212f627a2a82037a93da79fcb048c5c087ad11dd84a97d9bd265454d1b5fb7efeabbca

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\ui\authdialog\mac\is-NHS1I.tmp

Filesize
461B

MD5
3cf3f3fb1be27155d466b8456a1d5c0c

SHA1
18480fa646a673148d634488ed9b193b95a3c0a4

SHA256
fc525d5a585f7fa66de0bce0d368ea0907d0b60caf06a6dbb0e15e3b75e3b092

SHA512
ed6baa106696c95aa7b74a8d48edbed2d8acf3e3abc401cd01af48b88a2c63b9bba7f39d473126c9a9e8e1ae783aa07f93f595fbc76f755b665f6effc6182c51

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\vcruntime140.dll

Filesize
77KB

MD5
214933e81e444675a9188f8a0b2dddff

SHA1
2229a5139638063dca97c82928b3debd58a8e49e

SHA256
8c45c8d45419b1d71f086dc28d562a9c19fa42e6335e2b0c614a6899d93023fb

SHA512
b177184a39f56f995ded7c3f6e88ce6741f927896b53d2967a1c2990588f168270c40de9ac8fcaf47cf87d8992ad4056de87bc6f4253c5784868a0a1aae88f75

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wsRGB.icc

Filesize
2KB

MD5
7138e40a60af684356f08392adfda240

SHA1
1efa88bfec71dd2b33147816e60b66026ca6f8b0

SHA256
573e88957d248384d3e8b4a1d15b81976ac7fb776a534b8666376b220b2f524b

SHA512
7475e2b2dee709ff512766ebca6472a6f5f354198cadd0e6df64b292f12d4d556721749a31fe6e676574e4d6b5c9bfaca4e370907db9ab66fb794ce92c40619b

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wscRGB.icc

Filesize
64KB

MD5
000a612261925640cbe52da996824891

SHA1
d61dec11f4f6fe6dca6eaa6f2ec5ab66d8dd1b97

SHA256
a4f5e124bb220d0649714a89541bfd58edd01f9eb7b4b56c932ca59c951744c8

SHA512
d791221c99d4a7f02ef3c9dcdf1f38b146227aa90cef910362e586038c3baf56acdce4a24d679a187bde8adf1eaf4390a141562e183d9b94d5d896ea6c49f3c7

Download Submit
C:\Users\Admin\AppData\Local\Adobe\OOBE\temp_ins_lbs_wid

Filesize
38B

MD5
a81f45257c2fd1eaa464d97c288acd2f

SHA1
152f27933d9ea6312233ba3e0423dc3ae22f3bfb

SHA256
7a4daacb4351e5ccc1dacd2286e7d43c7d723db0f40c0144881526f0877bd0ac

SHA512
67f2fd283d6a9017a019bce8da4d38b74d7be7d1f95c3ed119ca1b7f9dd721323e0a73b27cb9c267139aab5bf8b1be137891effee54c74265b92bae54e75628e

Download Submit
C:\Users\Admin\AppData\Local\Adobe\OOBE\temp_lbs_wid

Filesize
38B

MD5
bb0f8502c8aa347d8747653b60849c9b

SHA1
d73285a560d7dfbb904a9459ef4d864ce7e1ba00

SHA256
33ee273fb6075cc9900fecd129408966fcb0ecaf9f697199544379a1a0a722cb

SHA512
b897179a5094950a7f274827705347f68ba3ded739cff7de05018a97c5ca6f549a81ba39d48e56daa9319876d5ccce3dcc83fd86634860d394d34f841d7660e0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
14KB

MD5
e5b4f4bb5a108588432ab44a84dcf9e0

SHA1
522f767c5c9cd4e48db240d7257ee093b1f68a4f

SHA256
2c68fef6dc8518fffe7f0a72e129d3dbea0f3210efa1dc9b83cb45120e8bb28c

SHA512
3702a34625588404ec84c142dbcda178f617797fe079edbbf31430246be6434543a01017bd13905468f1cc2e0323a5229a50dbdb8cdcb4d1914eb5d54ffe0ba7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\Disk Cache - Cclzuenw.noindex\b3\b3e10a43-f28d-ad9d-f6b8-03e5dd5a4c49.ADBE ICV.B30066F.AAAAADgEgAc=.aecache

Filesize
512KB

MD5
0dafb0ebdfe92a40b69e3a3e0a879c7b

SHA1
a6d0c974834b7a4da707cdaab3414e492fba25a6

SHA256
491973e4db3b7268571bdf582399dcd215b03228e8b354e3e93253404c3df730

SHA512
4b398dd359a06dcc627b8bdcaf05e37a731984a1e147a13d2d580620f951897642066b65d9ee1066f86bedb36ecb2278e139cefc92d537932ae2c107b75c8450

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\3d4563b3-179f-426e-662e-277c153bc7cb.run\__sentry-breadcrumb1

Filesize
4KB

MD5
ef8f0345627ff119f563a8c52ef77ebc

SHA1
4a48a07c2b571c5aed80fd7d61fe8344d6e524b0

SHA256
c0473144f12ae20413e7c0ffbcacd08dd99cb442a9374ac4ecc7a5f79a2740dd

SHA512
ea10e10b09738db1fadf49df3b062bdb6c43ae52fcb8eb00b382cd4f9df8752e0b1a04ffa3f3a977eac3326df2a05da0a7c9533fa870274920662d18254edb43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\3d4563b3-179f-426e-662e-277c153bc7cb.run\__sentry-breadcrumb1

Filesize
4KB

MD5
88690fa76cf469cd975352cc12af2839

SHA1
659a21508ffb961670c41e2887c2a7473dfc6363

SHA256
558f8f919f44e2d440af7748df47d0fdca4d319d383038f6bca2ef535dd69d9b

SHA512
5c34d85a5eaa85e32afd3cdd8df60365f80c08279e440823dd6a70693f3e29fa1b599d9fc41eefdd36272cbd08bb3117998c1fda438beef95d9ea3766650b2d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\3d4563b3-179f-426e-662e-277c153bc7cb.run\__sentry-event

Filesize
423B

MD5
7ab65511db1a1bcfadc2520d0f8a8792

SHA1
0c3055feabc80a835af99ae2181332c43dd6fab2

SHA256
976fbeb058d15746f66c97465c120bcba92b20c2ffc0c2bbf8a14e6eec4983d0

SHA512
777525188f26fc9dbbfd8d1e7d6d2c78b2ee038d428124be8f94dd74b1df9f2c303641bf98de0ee2c0514360bd2d8bba393ef99cda5fed8d82ffd461157cafc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\3d4563b3-179f-426e-662e-277c153bc7cb.run\__sentry-event

Filesize
438B

MD5
1385a835a3f1980e31ae3a8fb7473671

SHA1
eaa4631c0343501945a94d741ee1bfbecf12b4ca

SHA256
316b865b5bdb8368c3801177ebf985cdbb42f74fd1bcfd36544b5428290f1f37

SHA512
e4d6cd6adb51b972620dfa221e534be0cfeb6aa2a86336b05e6a469dc29b0b9c1bd990b33d15974aaeb3a40a6de1697b0b80f173fc02d7ff1308bc9d00494790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\3d4563b3-179f-426e-662e-277c153bc7cb.run\session.json

Filesize
211B

MD5
3bda6857f5f136b7c301d4193a378f1c

SHA1
0cfd1ddd1355c7ff33ff5ea348e119a914c05cc3

SHA256
1aec5ee704ef30cef0dee3ac2b32884362899528106bec0b2792fd10c16f3968

SHA512
23d5e502035449619c6f48f1be68477d7bc641f8bc573ac08f5686dab90c0d47bea146be60d87b6e7dcb7007e84bb6eedd4cbe43326b51e8bcd0f5dcf3d4861d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\Typesupport\AdobeFnt22.lst.5932

Filesize
107KB

MD5
e584eb94ba3c3a4c3902c60bb5f159f4

SHA1
25bd600ebd580fd31bbfc3c59cbaad4745610a2c

SHA256
e22f3358a143bb336691979b0a52fb140ffab099e841664c1f7c9b580f4f968d

SHA512
711ce7fcc2b7fd38eacf78ea78ee84dde75acceecf7d16c6f1b49038e0996a360316a227b59fdb0c346b3e22f8a4732abd20badc3e4355fd632aebb477786771

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\WAM.log

Filesize
14KB

MD5
1d5574ed76da570b872b7ef8968361da

SHA1
221febc77fcb8b60209651cc0d7546ac25bd4ec6

SHA256
919477d9424670fe8c88e3f816e37407fca3e3e87285ff51c20deb63b605d6f1

SHA512
c3c0bf2ad11641cc36b5317eefd7cc2cca54e9feb826950ecc8b535a2394533e3ede6589a5a8e749e650d175ef868252cfda76c20194a844e1b6335c530c03bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\GPUCache\data_1

Filesize
264KB

MD5
0edf6ace43a007577957cfbaa652c7be

SHA1
35d3b3899c595f730a03427429d2c1a9448cbe17

SHA256
155d719f64c09624073a4f9ba57df407afa70ccad953ba7f3dc4bd867959dda9

SHA512
24fb260ea70176793f5fc42e37c546f040839b329e059e875ba0f8a1131108a73f6e2bcec56f13fb6a86b402a3b04cea4dbcd9e8d924a4ad396bb409e91bdaa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\Network Persistent State

Filesize
178B

MD5
703b8384fbc9bbdb23ba7f712f8c7913

SHA1
277bbeddc9e20c10b003b5e71b23a30815fd82f6

SHA256
ced33a2fe945253495fe2e0c333c99e2053946ebc66a604bafe4946feaa9a9b2

SHA512
542630952a3be6f6b80ae7a6aed06120952eccaefc1f40397ec8c6bd4188a29365e1d3ff972c5a4555645eb7876d31ea21b2419272807deaef92361b3e283f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\TransportSecurity

Filesize
203B

MD5
9d0e521005ee7b371da2afdba183d469

SHA1
c4157822cef482248cc0e0aba020ad6180e62b39

SHA256
5d88bc384740ca18640aec1c064f478f301463f13919acbc2631a1b4bee90e43

SHA512
af87102567f5358a8a44cf7f6dfc816c8e3fac60412fe6478d7ec5c60646a4371e4c7856ef8de06398ec19227120bd4d471dd1370fb564e199c1166055116094

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\TransportSecurity

Filesize
203B

MD5
4aec7b8539008a1cf2511306ed75e434

SHA1
ac6979d4bda5b437a8a207e4e0d057d779126670

SHA256
6c82cb784cbf8fc9a209def1fc16db42440b3860d009ad6577c6b5e624a9983a

SHA512
b9231cd441b14e1582f12fe4db8f2656a20afc4b641e31c87632647f4452e10ebb9aa37a8ce9b4148aafb8c3f55c80f3fa7d840c37693c1a6030fd90af74797d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NKD0I.tmp\Setup.tmp

Filesize
3.1MB

MD5
f3b4d096d4cee3df1d9c8a1c45da95b5

SHA1
c61c6d61b77554dfb37b0ae84b1eb7f142888bbb

SHA256
9cea3c44bf11f95583b35b6f69085f9105168eb69bb6cb0cbd64fe21420bce1d

SHA512
04493cef582c86ec54badfaeac7abd595010025f3c92e1fe23e6a2b8d2441f2ab256a754be2b02954364c2de080a15bee37b5a653a62c1ce6b16b967a13efb50

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{3FA395DD-9B69-408C-A97B-4C4425801631}\CCDInstaller.js

Filesize
1.2MB

MD5
a8cca5b969784f356bcf8bbd0895b8cb

SHA1
bcedc0d7ed2e6ac55709f0b837a354c6ad7f9c97

SHA256
a641388d7b4c162c026606d4b099afc45db810edb39c8c5bddd087a1df840aa0

SHA512
7c9e9fc110ea0a5c51a15b5253c0dc2d47a490581dd4005925c3045d6f4e2ed0ff9cd427a9cc42db090153706283b1a6270c225bd3a161198c805db435375670

Download Submit
C:\Users\Admin\AppData\Local\Temp\{3FA395DD-9B69-408C-A97B-4C4425801631}\index.css

Filesize
860KB

MD5
c41b17e540568c9ffd76baeb550a3895

SHA1
9d4b48084f7d422bb407f535875a8d99939b1dd2

SHA256
a3ae7258dbf676b8cdcbd0890902e88a4a7fdecc6112513fd006ebdbad295863

SHA512
fce89f2ccc901de7b3d4b6003cbb0f961abb32f457bd17f4f9f82c840eeeef85153d409dc8dfedf4ed6cc3d73d3b11f93556ad66f87dd11b7546b55114b94de7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{3FA395DD-9B69-408C-A97B-4C4425801631}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 MC Prefs

Filesize
1KB

MD5
82532b9b14074f8fb97e241b713830dc

SHA1
85e82f923a4952dba32ef7c93a1418df7b975742

SHA256
9f2a6ddeb493d718631c32e5c5eec13082b6cd82100f2a52be7c45249c399e9c

SHA512
3ce2fac8f0195ba48f713c89ad7188f31bb970926478bde1a256490f87a01481dbaaa99382c40819114757729b768c5d5318a671f5ddb19c286483616912ecda

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 MC Prefs

Filesize
1KB

MD5
dae5f94f73e81ead36de9baad52e5e00

SHA1
792d027e4e8a59470956a3850ff888e964d5882f

SHA256
b46dd31319805e780c554afe67bd09ecb31b84f1002e9ae9e2ea36e39f10cd7e

SHA512
af0046c6010a675f2f5c9bb927c1e1736a9623a9da540a13df881e0d508da732a8c0a6008e7f764ad9b1b5e34cd22e65178a9bfc83d0a20b71fbbb3e0b9995a0

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 MC Prefs

Filesize
1KB

MD5
f18c39e59b1ee1028bb8428439621b5d

SHA1
36decd9a9ba9f8444add94270844056cb522c4c8

SHA256
328df672a1c730c62649d48e98b527d68705b4a34727ef4312586088220167c5

SHA512
41f5df65207ffb2bf96f4a555502b960bf39a33d1e2b29a74420e8e3426486b93979500bb7515d573819ba81a7ccc7951a2cdd3c49fde97ab3fd1ba0fd0f35bc

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 Prefs-paint.txt

Filesize
56B

MD5
65ed218dbba5e06c5bda5779ce171d90

SHA1
09c26a83a6be0780b19bf1d1ab58b941994e9ce8

SHA256
667b39871b81af559820541a11df3aadd11c8c135e6099125d9b58e8a1cba709

SHA512
b9346e8e14a47128f32590be67f983d24787ecc0c07f5f8b72de8936aa84f14c4606add91cceb2716017ad6e7c30d8aceaed314ebd80fe525bdc2c68c3ee87da

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Debug Database.txt

Filesize
7KB

MD5
6e0a48f72b10fb392755c232d51a54fd

SHA1
556c9f32b68d7e1bc33d9165eb275d446d9f411c

SHA256
a294e5db4d93d53685dcd4fc55f016a8b0b8904fd52a2d79794065ee01ffeb32

SHA512
ccd20c80e006932973b0d296b5c05b570c13dff930d493f0fd587de3ef5bb9d0f68ca5c99b10be0bac8161e9807d3f17352b0a4ab28491c9791dbd828de884e7

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Debug Database.txt

Filesize
6KB

MD5
de35fbed9ae821552a87fda54157699e

SHA1
57bf72ad72b2638eb9e9562add95cba44362c7db

SHA256
e621e00f616cd02f1edc112c94ed3fa93b640d513ab28d399f30b0378a968410

SHA512
72e492b7faf355bd720f85d8d7b0f3ebec96b749e283a6bf25584952ab033fa3af758a292be4275d7a334a04ad3efe222159335a008a5840622007f57b5e8857

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Debug Database.txt

Filesize
6KB

MD5
5340fa7b627f2e16955a1bb3db74fa3d

SHA1
db291f8b51254cf9784047c6fcf9ea5280824132

SHA256
5f3024c7a63a0340009ed2eefb178412af17450bc1b6874f7d6982a013c235bf

SHA512
79d1d9eadc3df961d52fad0fb4a8e9fb808a1d7a38eff0856a3fbff903da96fcdbecbe36ca7e92869170a178d3154a8aeb77eba91c8e477eda9847a9b6e0d075

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Common\Media Cache Files\f5374470-4472-48ec-9b5a-91441d92123d

Filesize
1B

MD5
02129bb861061d1a052c592e2dc6b383

SHA1
c032adc1ff629c9b66f22749ad667e6beadf144b

SHA256
4b68ab3847feda7d6c62c1fbcbeebfa35eab7351ed5e78f4ddadea5df64b8015

SHA512
3173f0564ab9462b0978a765c1283f96f05ac9e9f8361ee1006dc905c153d85bf0e4c45622e5e990abcf48fb5192ad34722e8d6a723278b39fef9e4f9fc62378

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
320b0c1e5aa89a041e13d1f532df3562

SHA1
c14df5af00661c3a83b27614fa66aa032720c15b

SHA256
edfd25ccfd596462f597f7944aa6289d5d8bce5cc1101fb9a545319a312ae53b

SHA512
641720ab027bc8b7539ea456e2de157a0bd2bd3be099326a955799b7c3fb05aa6ea4daa57b7b615f4a20a551b94242e825c5a079799653e0c6157a8d2bc569c2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
14KB

MD5
f8d812054338eb61dd6ba46c8fa86cdc

SHA1
e09605303fd3aae80a3027082d080c8418d70db3

SHA256
2e51e26aa71c1acb94d924d2f4967f00b471a069127012c9fd043c88fe1aa414

SHA512
6f0aa6f7e1df3e2c96e1829c98a0bd559fdaeb399bc9e5edee4f867343bec911e5c28264d197329f10ed8a5233aed1bd32aecde4dab45d6412026aea05b67023

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
14KB

MD5
d6d724c70d5b1bba8b4bbe49d2c4505c

SHA1
5df3e0ee6d0e675baa87c33be9dec35ddaf40e0e

SHA256
8a3d5b14ab840cff717cdbd1f108ae241ccc4b4ab88d0991c22ba4342ffa9f89

SHA512
016fc06ac75897f50039712f8eb19d9faa513d070b8487b7a7dad6c1161a3b462d4477fcd1d2176d1148b5abdba7ba205cac8e3ed01b7be8d9bbba063f5ae4af

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
14KB

MD5
ca72a25d7c24da17558431ae279e2af9

SHA1
f78ae6acd89869cffd17819d6de42107baeb101d

SHA256
a72dbecd15ee8ba3ba8c8cbd5c640e8f147c63c7b74176c23a4fefa4305d7454

SHA512
45bbf1a299caa51220a9a63b2d29b4c9fbdfcc4b8fda1d5bc4a05f0689f88f2c5d3ef8ddd7361a92fad471bf95a188c0b59fff3d8dd41ea148a17c37bbce7bc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
6KB

MD5
990635dede02a97661f78941771e8232

SHA1
4aab8d12b07f8b2aa3188720953f53439ba22616

SHA256
2ccae8b92831fc0b2e4437bd097324c3381e05b1cd587b71bcfa671eefd7d953

SHA512
5b24ea3e2f5c0169904fa726e91dca2ea728ab855601f47aadfc4525053e7347e94810f83ae63f2d69dfd93515d7c9c4afac3a072f9eca9f0f42a43e046db5b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
10KB

MD5
6cd16fdc68e3ec8815996189c49ccda2

SHA1
df0bd50aa2d643019b5a7e404ad35f9b65133782

SHA256
7862518bfb89f12209c076eb4d3b33c45fb6cb7947f865110ec672d810c702ba

SHA512
fa4b8f7a6eba9cf5678ea1ee1d9d776fd9a6f72f444c08f8c64423f4c35efe32fa2c5315fd8ec1450473f6659e656616287cecbd4f8f7e9f9294014a7bf1d333

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
17KB

MD5
395293f08b8450918314672cadfab286

SHA1
57d1b54c66aaf5d631f589458e091cf891519c2a

SHA256
9cc0112221c70b633c71a37e6a96eda1ebfaf4cdae211c56fc36b57008917bf8

SHA512
4239ee289df63ed16c27251e34147f2484f35c95748dec4ef027b58e3f1d0cc3782f7f3acc39e3c647bf3f15c3699f283cb8026217be990ef0aa556b8eb4eb82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
25KB

MD5
0177ce291c2f195a3f8f26e6c250dd3e

SHA1
d124dc83242d8dfe84a457ce7517e6053e466fb4

SHA256
a701b895f3e8aded3246c8d993aec56e530b739b0ad4dfb651fcb213a708d341

SHA512
c638293cda37da9cc3357e5ee254b641a6bba51e755c7f1886bc16714645544e1391afd7adb700d6cd14a3c329960ab474ac6b05a445e6369c4606fb9c24fe14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
27KB

MD5
d20fc453e4f47115076d641b904044fe

SHA1
fc17fb90a5e6f4c87e5b5bb3e48bf6b82a75e460

SHA256
05b589f6e20c75c10f71877e69ee542db1b0902a6a8b6bb2d2bc0c7aeaa9c203

SHA512
66a8746ec9e1e6012ccbbca0bce4ae4b92a5a564496ab6ffc1e51bb5dc87622176fadc573b5625ac0f5679d0cfa2cab5423614910a774e732e8ff3f4dc703969

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
418bdc368651e1edae6863a7311be904

SHA1
5e621bc3c648304af86a220be14363d683e4b1cc

SHA256
9a485a59e4f7a9541ed60c61968f5d48363f9f6f807b1e14b67acf7cce67d597

SHA512
5e549c239805566adcdc7b7c5ee8fc2fc759ae0f1859de91b792939d77122590a51b0f1bbca1be030ac0b130eef18698b92c1505a25efa4565dd8ab0aa87ad25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
17KB

MD5
4e9a7b1e974318491396d42652b8dcd3

SHA1
11e8494af3acc83df7185bcc31ff9c6f1bcc9dfe

SHA256
afb37a09e83c5fa9a4f7a872ba41572eada32782e7217db0f4edc3b4e8bdf8c1

SHA512
eb50f23abcb992dbd6c079501cd568c56eb5f85dfc2a74cb0287372a85dd5a519e2bef5bfea8971c71a28eb3203c7c2c5ce7d99f3c48070815bbd8097543857d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
45KB

MD5
4716cb608a0f3f4f0eff7fcbb0b0e3a8

SHA1
194c637084fe753046b6b3a2a33fc96d95272d8b

SHA256
bd30be5b508234aa129848da44319fda317d21d723c0a7221944f85925a2ea8e

SHA512
de5ca117c5386323e65b7f9a487c835f5bfde1a24825bdb8e1563aa9044f058a6c29a2eef66484645b1a2623d715595a1f6a8581b2d31457be9b03bc962da4b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
ea302a433840de6b58b533103d825ece

SHA1
12f4fb1c1a89a94a9059db50c1eab73327b8dcfd

SHA256
f4e4ccb2fa42e1490175dd16478107593d61cc6250d56f5ee16c5162012b3708

SHA512
3e9eaa988c2413adfea4ab0e9841f0c8e4c357ed424df56ab1875da3b0f66e7bf35f289464e4b8f59ef498d906d09fd9021027696e3e860da7ddb255459ef1cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
60KB

MD5
3dc8585db24a5ef04c16daf17f46c479

SHA1
a0c7e658121f2e4074f74b66a01a683e6f3d047c

SHA256
a6bc604ec264a7c5efa5b94d009489865cffd8d317b7b550812addfb914b1125

SHA512
71cfdb3311cc2c17ac39910c37fe29ec188efef91f3639e033e9e845f0dbd7b5902976f230779c42af0d7125918c27864a1c0a1a70cc75c5ef3623297c10bc51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\51f9a842-f101-467b-8e7b-292a5e007d96

Filesize
982B

MD5
3e0d9eefbf311043908926db56b26c50

SHA1
c0360f34a7c4ea031550ce9eb02fde2392817e99

SHA256
f3d158411c2e9df26942c059603e789df4228aa7dd2cd003b74521f421906cca

SHA512
fb08e2834e2dc7a0edbd62f4839d7ff97ecc2fac1ed9762eec729e79fd0c492e538b2d055c6d4a7687ec249cce4a8f71440cbd1cd8e61a24f4637579759b4be8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\7b24bd4c-e0a1-4efa-bd11-4ff8a6c04bbd

Filesize
25KB

MD5
c73bca9fd763270f0ee9f6bbcd63a3f7

SHA1
fe15e9e8597dc05f876541442e0669083d3391f7

SHA256
45a60dc249af48507f42c6063f11858daf7a1e4f30d1a724b664180c78cb9f8f

SHA512
67bf38bae91079662f7ed9834bb57c7d21c5c934cc9cbea108c9c28f17c9986965a3da37e38afe2af443a0a67a70eedfd56a1eb5d493ee92dfab28fad7f108ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\b93b7833-04b3-4868-bf03-87a632cf287b

Filesize
671B

MD5
4852855c4207a2d88788a995a4b0dc50

SHA1
5770a2e8cddff54d3ac35a62a829e3dac879efb4

SHA256
018fe9f29ad5707906c8cc0b90d70706a4f8013aec996188550a080abe93428c

SHA512
3e05df687c78f49f479ab97eb57ba63b23d892259d91d4e12fb4cda31113aa6a9aa243dba9bfb8d12a9c97b9877579b13861a4e49f4a811485c673cb100017ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js

Filesize
10KB

MD5
0bb4acd5f6625fa50f6d6b7dd3a4903f

SHA1
22274dc6ff32ba4f2448d333dc27c6afd400e9a5

SHA256
9c47b601a6720d0946e9d76e15723828b4102e3d9e5f270508efe37e52a4ec3f

SHA512
1fa384123a2275049305aa8d06f8508315eeb41779211a5edadc27d57d4f89ff1d7bd5988cd83298f32fd4438813f1722ac95d90b08de9b2425fb66a8d8cc0eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js

Filesize
11KB

MD5
fdacc88d3c3ab966cf48b8338bff4ad6

SHA1
a47b69f94d99d7f805b6bc8420828c3add005811

SHA256
09c2771578879c35910de4f18fd972ba578905ca442d0d6d2a63b3b257388704

SHA512
5ee752fa7ac57e9253e72f8a7401b4a9825a0786091525c189c23b7019656f752280af126ad13be287b9f686bb7da647f72ae14aa6a1728ad0b41ff9bfe7f987

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js

Filesize
11KB

MD5
609bfaee1afc29adf3a00901b813b2bc

SHA1
a0410eaad45859c4f6b24315e3055a8728166534

SHA256
68ea08c9a21c5bbfde2a5c7670ab050ef0a1742f176e4957268a4fa3d3135fd4

SHA512
0793f5a04dbcbb8ec888f9e518edb1ecc050c1bd16fcc00bf4459baf4d6693f69a1f5d5a02475f8687745b16c112fdab25fd9b89b03e93981f8f81eb52fbe1ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs.js

Filesize
10KB

MD5
178b00697c74ad197471ac737bbf4b68

SHA1
df3a50742ec541542028e81164225f385ca7a811

SHA256
dc70c6bf461f4465993ec78970d7fa0507c455bfe203bdb48946b86c873d7a74

SHA512
00931e64d650030cec2577854b933259bb90462b2d9b5451aa8f8c75e85ebbce997b2a2347cde9f4a9d144501fb776e38b36479fd7b984fc46c4d7dfa97c33ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs.js

Filesize
11KB

MD5
2c81f33af2b292ac6458d5b5b2d77544

SHA1
7639cc8852644de2c3f260849ddb213de7cf79b6

SHA256
0235f77923ea4df34e5ef570ec9a06b03e66ad987137b5ce8e8e674d99700403

SHA512
848d7ad82e8a120d99a3dc60624ef0ecdb88ca1c18e1e209510609719f4ca388dfa90f9d79ad331a3375454a0de8d79c47af19abd43bd95399e6819ac2fc83be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
11f28144148c6211ed3932c6ad485567

SHA1
90af015b36c3672bea39c899144d6c5bb21f9d2f

SHA256
5a47ee21464e4cabb56e172cf64965b67a9595a63269a6973741b22185dd0a5c

SHA512
d8ee4aed5cc0501cda7537c3b64e99871f6555c5d57e957d481b4b0aafb0fb37a5a549bd1e151053b0df58f806b933c4277018400027715b6ebdbf4c6a5d09bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
d7c61a1973b553cf27a0838957d78e78

SHA1
98187b959e3501a2f3f946a5df6d54e7b095e938

SHA256
eb2f28d568eb72cedd1de6c66161b975031462e0e32b15bae46472c26cbf9b30

SHA512
fe056f9992f2b1bd22b15da3b620a2a9120becea1e2758e54bd7783830242d0f2aadc2b16e29fbfded3948da2fd2277c34fbd02d370ca36e9d8d48ac7c23491d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
cce08dde8055f8005006399e31725643

SHA1
4e23e9de5b70a224cbbaf12fcd55856531fe82b7

SHA256
5b9ef404e21a1b20fd357534b7b5fb74cb3c85cbb82e7a5988c15cf616998fef

SHA512
758e661129a9b33f0551f7dcf0d5a87a2b1e0e627a66b869a6315690f52aa7e8f82cb19bf25fa10103957111b2e4911fc7391a2e15df87394c4a9e6b5a37dbf8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
36c0475d3643327abf5ec09eb6eb11a0

SHA1
a421ae8c16149deb822b457f0c5ef65d2721ff95

SHA256
6e017f58e6fddf0801ce17ff64225d29fb49c6aeffc26e7ee65334dd91ff7b10

SHA512
d5d99db823de237c54b0b5003da0bd34045ae09dd5524fef8a96c10974efa23bd44c9dbf8a87a2df60be6737c177f8fcc3409af0be626e621e40977102e9d2fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
695ed6db2e786db270a9c410f9288d08

SHA1
4c5601a34cb84c18ec93d4abeae11bb22a94488d

SHA256
0263f692e6fad76fb273f22f68d5fa19fce825154d0176a66a3fbcbea09cc4f1

SHA512
c3b40432517bd93f57aee69b62307ca7d9e631552129b12d97415da1aa8807e3b35c96767b9e30cddb5273aae6d3f2897bf79a74079253f79afeaa9e02911a1e

Download Submit
C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe

Filesize
2.4MB

MD5
aaa117386cb47343ff74c4da553d22c1

SHA1
4485a0abbf66211c0e210f27fbb03dd86d7cd58e

SHA256
5737635acfdbc4831002ff2777a8b4ec3c7e11a93825e58ad6981b066c840dc0

SHA512
20ae835a513e01512c47ef6fc1f6a0d64d86e4c67140da7a8717bba819d57328ae4c5a0568603c4e1f8aa08ae6de539008961cc3bc85091cd8f687bfdcb38fae

Download Submit
C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe

Filesize
2.1MB

MD5
6c1620e5ff6fe39252348b0a314586c5

SHA1
caf8b8b2cc7a95762ee9413b825d6b7d80b90e0b

SHA256
d0ca0c9b434c6d2c468548d4add127e83114bf0eb2afb3d2beb6777791798ff7

SHA512
05c0ab98043cb4ef7c76b424d04b497ba6aef79e0029ee111cd62d738df3ae6ad1bee324bc22f7b6433e21b26d72d93a155a8065663aed284be8a4b237810317

Download Submit
memory/116-10385-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/116-938-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/116-846-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/188-10465-0x0000000017150000-0x000000001718A000-memory.dmp

Filesize
232KB

Download
memory/188-10454-0x0000000004D20000-0x0000000004DA0000-memory.dmp

Filesize
512KB

Download
memory/188-10453-0x00000000036B0000-0x0000000003725000-memory.dmp

Filesize
468KB

Download
memory/188-10456-0x0000000004DE0000-0x0000000004E0A000-memory.dmp

Filesize
168KB

Download
memory/188-10463-0x0000000180000000-0x0000000182E02000-memory.dmp

Filesize
46.0MB

Download
memory/188-10462-0x0000000014C00000-0x0000000014F4F000-memory.dmp

Filesize
3.3MB

Download
memory/188-10461-0x0000000180000000-0x0000000182E02000-memory.dmp

Filesize
46.0MB

Download
memory/188-10455-0x0000000004DA0000-0x0000000004DD9000-memory.dmp

Filesize
228KB

Download
memory/188-10452-0x0000000003610000-0x00000000036AF000-memory.dmp

Filesize
636KB

Download
memory/188-10467-0x0000000018600000-0x0000000018634000-memory.dmp

Filesize
208KB

Download
memory/188-10466-0x0000000018570000-0x00000000185F2000-memory.dmp

Filesize
520KB

Download
memory/188-10457-0x0000000004E10000-0x0000000004E4C000-memory.dmp

Filesize
240KB

Download
memory/188-10464-0x00000000170F0000-0x0000000017142000-memory.dmp

Filesize
328KB

Download
memory/188-10458-0x0000000004E50000-0x0000000004F4A000-memory.dmp

Filesize
1000KB

Download
memory/188-10460-0x0000000005560000-0x0000000005660000-memory.dmp

Filesize
1024KB

Download
memory/188-10459-0x00000000054B0000-0x0000000005548000-memory.dmp

Filesize
608KB

Download
memory/1472-10565-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/1472-10570-0x0000000000D80000-0x0000000000D95000-memory.dmp

Filesize
84KB

Download
memory/1472-10566-0x0000000000700000-0x0000000000762000-memory.dmp

Filesize
392KB

Download
memory/1472-10569-0x0000000000D40000-0x0000000000D65000-memory.dmp

Filesize
148KB

Download
memory/1472-10577-0x0000000001320000-0x0000000001446000-memory.dmp

Filesize
1.1MB

Download
memory/1472-10575-0x00000000012B0000-0x0000000001309000-memory.dmp

Filesize
356KB

Download
memory/1472-10567-0x0000000000770000-0x00000000009D5000-memory.dmp

Filesize
2.4MB

Download
memory/1472-10574-0x0000000000F00000-0x0000000000FFA000-memory.dmp

Filesize
1000KB

Download
memory/1472-10573-0x0000000000E90000-0x0000000000ED9000-memory.dmp

Filesize
292KB

Download
memory/1472-10572-0x0000000000DE0000-0x0000000000E75000-memory.dmp

Filesize
596KB

Download
memory/1472-10571-0x0000000000DB0000-0x0000000000DD0000-memory.dmp

Filesize
128KB

Download
memory/1476-798-0x0000000000920000-0x00000000010A6000-memory.dmp

Filesize
7.5MB

Download
memory/1476-755-0x0000000000920000-0x00000000010A6000-memory.dmp

Filesize
7.5MB

Download
memory/2084-10377-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2084-3507-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2084-8306-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2084-8152-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2084-939-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2084-5996-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2084-4662-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2084-1326-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2084-1501-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/4248-842-0x0000000000920000-0x00000000010A6000-memory.dmp

Filesize
7.5MB

Download
memory/4248-806-0x0000000000920000-0x00000000010A6000-memory.dmp

Filesize
7.5MB

Download
memory/5336-10523-0x0000000000D50000-0x0000000000DA9000-memory.dmp

Filesize
356KB

Download
memory/5336-10524-0x0000000000DB0000-0x0000000000DC5000-memory.dmp

Filesize
84KB

Download
memory/5336-10525-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/5336-10526-0x0000000000DD0000-0x0000000000DF0000-memory.dmp

Filesize
128KB

Download
memory/5336-10527-0x0000000000E00000-0x0000000000E95000-memory.dmp

Filesize
596KB

Download
memory/5916-1182-0x000002573A9D0000-0x000002573A9D1000-memory.dmp

Filesize
4KB

Download
memory/5916-1183-0x000002573A9D0000-0x000002573A9D1000-memory.dmp

Filesize
4KB

Download
memory/5916-1184-0x000002573A9D0000-0x000002573A9D1000-memory.dmp

Filesize
4KB

Download
memory/5916-1194-0x000002573A9D0000-0x000002573A9D1000-memory.dmp

Filesize
4KB

Download
memory/5916-1193-0x000002573A9D0000-0x000002573A9D1000-memory.dmp

Filesize
4KB

Download
memory/5916-1192-0x000002573A9D0000-0x000002573A9D1000-memory.dmp

Filesize
4KB

Download
memory/5916-1191-0x000002573A9D0000-0x000002573A9D1000-memory.dmp

Filesize
4KB

Download
memory/5916-1190-0x000002573A9D0000-0x000002573A9D1000-memory.dmp

Filesize
4KB

Download
memory/5916-1189-0x000002573A9D0000-0x000002573A9D1000-memory.dmp

Filesize
4KB

Download
memory/5916-1188-0x000002573A9D0000-0x000002573A9D1000-memory.dmp

Filesize
4KB

Download