hxxps://drive[.]google[.]com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Resubmissions

03-12-2024 23:00

241203-2y3qaatrhm 7

03-12-2024 22:46

241203-2pxsnstnel 7

Analysis

max time kernel
681s
max time network
664s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
03-12-2024 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Checks computer location settings 2 TTPs 11 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CRWindowsClientService.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CRWindowsClientService.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 43 IoCs

pid	Process
2892	Setup.exe
1072	Setup.tmp
1564	AfterFX.exe
1816	crashpad_handler.exe
4836	AEGPUSniffer.exe
4120	dynamiclinkmanager.exe
4276	GPUSniffer.exe
4808	crashpad_handler.exe
4684	TeamProjectsLocalHub.exe
1852	CEPHtmlEngine.exe
5016	CEPHtmlEngine.exe
244	CEPHtmlEngine.exe
2000	CEPHtmlEngine.exe
2008	CEPHtmlEngine.exe
4720	CEPHtmlEngine.exe
1220	AfterFX.exe
1056	crashpad_handler.exe
2380	AEGPUSniffer.exe
4768	GPUSniffer.exe
3596	crashpad_handler.exe
3740	TeamProjectsLocalHub.exe
4964	CEPHtmlEngine.exe
3544	CEPHtmlEngine.exe
1004	CEPHtmlEngine.exe
1112	CEPHtmlEngine.exe
5016	CEPHtmlEngine.exe
656	CEPHtmlEngine.exe
984	AfterFX.exe
4796	CRWindowsClientService.exe
4708	AEGPUSniffer.exe
3132	GPUSniffer.exe
3268	CRWindowsClientService.exe
2224	CRLogTransport.exe
4552	CRLogTransport.exe
3532	CRLogTransport.exe
4788	CRLogTransport.exe
4976	CEPHtmlEngine.exe
2072	CEPHtmlEngine.exe
4328	CEPHtmlEngine.exe
1612	CEPHtmlEngine.exe
4848	CEPHtmlEngine.exe
3820	CEPHtmlEngine.exe
4836	CEPHtmlEngine.exe

Loads dropped DLL 64 IoCs

pid	Process
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe

Enumerates connected drives 3 TTPs 6 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	AfterFX.exe
File opened (read-only)	\??\F:	AfterFX.exe
File opened (read-only)	\??\D:	AfterFX.exe
File opened (read-only)	\??\F:	AfterFX.exe
File opened (read-only)	\??\D:	AfterFX.exe
File opened (read-only)	\??\F:	AfterFX.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
17	drive.google.com
18	drive.google.com
25	drive.google.com
34	drive.google.com
9	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Lumetri\LUTs\Legacy\is-P869V.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\ja_JP\is-MG54P.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\is-M5B6N.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Material\is-IIUJ8.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\is-OQ917.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\applications\IDSN\jsx\is-RN8TI.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-I38PP.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-GALF0.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls\is-50I1O.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Shapes\Elements\is-9NCN6.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Fill and Stroke\is-80N1K.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-RGVCS.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\boost_test.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\images\filetypes\is-803JH.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-5FH9F.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Scripts\is-2PBGB.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\typesupport\cmaps\is-GVCCU.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-M8G2U.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Lumetri\LUTs\Creative\is-IPG0B.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\it_IT\is-2ROCR.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-OSMEC.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\css\is-0RRDH.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\extensions\capture\is-LRPV0.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Curves and Spins\is-R84PM.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\is-JADF1.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\(Media Core plug-ins)\Common\is-C7HOG.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls\Styles\Base\images\is-28NV0.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Dialogs\images\is-9OMJG.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Transitions - Movement\is-RK9A1.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\is-Q2KO8.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls\Styles\Base\is-HO9I8.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\css\is-2SDQH.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\css\is-0BI71.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\css\is-K662P.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\resources\is-98BSD.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-505G0.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\is-58SP7.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\is-UVH2H.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-OEFN5.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Organic\is-O1H9I.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Material\is-FIKD0.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Curves and Spins\is-JQ5PR.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\(Media Core plug-ins)\Common\is-U4GEI.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.LABOR.LearningPanel\jsx\is-94EPI.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\css\is-7PTOE.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\is-BENS7.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\resources\fonts\is-5T9VG.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Image - Utilities\is-A94JR.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvaeve.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\Qt5Test.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\typesupport\cmaps\is-8PD0J.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\typesupport\cmaps\is-GRT75.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\typesupport\unicode\mappings\mac\is-64EFN.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Mechanical\is-SQ402.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-K7COB.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Format\is-778V5.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\images\is-M7FVO.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Material\is-M85BU.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\is-41L0O.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls\Private\is-3N9JM.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Imagine\is-4VGVH.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Multi-Line\is-3IJQJ.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Material\qtquickcontrols2materialstyleplugin.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-EL4J4.tmp	Setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\IconSize = "96"	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\CLSID = "{D517CC93-7066-4D06-A2AF-2F4298738C2A}"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 0100000000000000ffffffff	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\3\0\MRUListEx = 00000000ffffffff	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\3\0\0\0 = 7e00310000000000835958b911004465736b746f7000680009000400efbe57592672835958b92e000000060904000000020000000000000000003e0000000000431d8b004400650073006b0074006f007000000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370036003900000016000000	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByDirection = "1"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\3\0 = 7800310000000000575926721100557365727300640009000400efbe874f7748835910b82e000000fd0100000000010000000000000000003a00000000002e07080155007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Videos"	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Mode = "1"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08E3287F-3A5C-47E9-8179-A9E9221A5CDE}\InprocServer32\ = "C:\\Program Files\\Adobe\\Adobe After Effects 2022\\Support Files\\(Media Core plug-ins)\\Common\\DxMultiGraphBridge.prm"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	AfterFX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	AfterFX.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2319007114-3335580451-2147236418-1000\{57C816D4-DC01-40E0-B805-FE2D8892738E}	CEPHtmlEngine.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\SniffedFolderType = "Generic"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\3	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\InprocServer32\ = "C:\\Program Files\\Adobe\\Adobe After Effects 2022\\Support Files\\(Media Core plug-ins)\\Common\\DvFileWriter.prm"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\3\0	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\NodeSlot = "5"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\NodeSlot = "6"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	AfterFX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}	AfterFX.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2319007114-3335580451-2147236418-1000\{242805E2-39A4-43D5-BCA3-81C7414559CC}	CEPHtmlEngine.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\3\0\0	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\3\0\0\0\MRUListEx = ffffffff	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\3 = 19002f433a5c000000000000000000000000000000000000000000	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\ = "Dump"	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Generic"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\LogicalViewMode = "3"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\MRUListEx = ffffffff	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AfterFX.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	CEPHtmlEngine.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	CEPHtmlEngine.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	CEPHtmlEngine.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\AfterEffects 2022.rar:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2288	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1072	Setup.tmp
1072	Setup.tmp
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
4684	TeamProjectsLocalHub.exe
4684	TeamProjectsLocalHub.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
1564	AfterFX.exe
5016	CEPHtmlEngine.exe
5016	CEPHtmlEngine.exe
244	CEPHtmlEngine.exe
244	CEPHtmlEngine.exe
2000	CEPHtmlEngine.exe
2000	CEPHtmlEngine.exe
4720	CEPHtmlEngine.exe
4720	CEPHtmlEngine.exe
2008	CEPHtmlEngine.exe
2008	CEPHtmlEngine.exe
1220	AfterFX.exe
1220	AfterFX.exe
3740	TeamProjectsLocalHub.exe
3740	TeamProjectsLocalHub.exe
1220	AfterFX.exe
1220	AfterFX.exe
1220	AfterFX.exe
1220	AfterFX.exe
3544	CEPHtmlEngine.exe
3544	CEPHtmlEngine.exe
1004	CEPHtmlEngine.exe
1004	CEPHtmlEngine.exe
1112	CEPHtmlEngine.exe
1112	CEPHtmlEngine.exe
5016	CEPHtmlEngine.exe
5016	CEPHtmlEngine.exe
656	CEPHtmlEngine.exe
656	CEPHtmlEngine.exe
984	AfterFX.exe
984	AfterFX.exe
984	AfterFX.exe
984	AfterFX.exe
984	AfterFX.exe
984	AfterFX.exe
4328	CEPHtmlEngine.exe
4328	CEPHtmlEngine.exe
2072	CEPHtmlEngine.exe
2072	CEPHtmlEngine.exe
4848	CEPHtmlEngine.exe
4848	CEPHtmlEngine.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1564	AfterFX.exe
984	AfterFX.exe
2288	vlc.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	876	firefox.exe
Token: SeDebugPrivilege	876	firefox.exe
Token: SeDebugPrivilege	876	firefox.exe
Token: SeDebugPrivilege	876	firefox.exe
Token: SeDebugPrivilege	876	firefox.exe
Token: SeDebugPrivilege	876	firefox.exe
Token: SeRestorePrivilege	2596	7zG.exe
Token: 35	2596	7zG.exe
Token: SeSecurityPrivilege	2596	7zG.exe
Token: SeSecurityPrivilege	2596	7zG.exe
Token: SeDebugPrivilege	876	firefox.exe
Token: 33	2144	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2144	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
2596	7zG.exe
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp
1072	Setup.tmp

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
984	AfterFX.exe
984	AfterFX.exe
984	AfterFX.exe
984	AfterFX.exe
984	AfterFX.exe
984	AfterFX.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe
2288	vlc.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
876	firefox.exe
876	firefox.exe
876	firefox.exe
876	firefox.exe
1564	AfterFX.exe
1852	CEPHtmlEngine.exe
1564	AfterFX.exe
4964	CEPHtmlEngine.exe
4976	CEPHtmlEngine.exe
984	AfterFX.exe
984	AfterFX.exe
2288	vlc.exe
2288	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 876	5112	firefox.exe	80
PID 5112 wrote to memory of 876	5112	firefox.exe	80
PID 5112 wrote to memory of 876	5112	firefox.exe	80
PID 5112 wrote to memory of 876	5112	firefox.exe	80
PID 5112 wrote to memory of 876	5112	firefox.exe	80
PID 5112 wrote to memory of 876	5112	firefox.exe	80
PID 5112 wrote to memory of 876	5112	firefox.exe	80
PID 5112 wrote to memory of 876	5112	firefox.exe	80
PID 5112 wrote to memory of 876	5112	firefox.exe	80
PID 5112 wrote to memory of 876	5112	firefox.exe	80
PID 5112 wrote to memory of 876	5112	firefox.exe	80
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 380	876	firefox.exe	81
PID 876 wrote to memory of 904	876	firefox.exe	82
PID 876 wrote to memory of 904	876	firefox.exe	82
PID 876 wrote to memory of 904	876	firefox.exe	82
PID 876 wrote to memory of 904	876	firefox.exe	82
PID 876 wrote to memory of 904	876	firefox.exe	82
PID 876 wrote to memory of 904	876	firefox.exe	82
PID 876 wrote to memory of 904	876	firefox.exe	82
PID 876 wrote to memory of 904	876	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view"
1⤵
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view
  2⤵
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1864 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29ecf0e6-72d5-421c-925c-695fe76cefbf} 876 "\\.\pipe\gecko-crash-server-pipe.876" gpu
    3⤵
    PID:380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2404 -parentBuildID 20240401114208 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9fd14306-58aa-4255-aff1-4906aad934b6} 876 "\\.\pipe\gecko-crash-server-pipe.876" socket
    3⤵
    - Checks processor information in registry
    PID:904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3192 -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3156 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {296ec6d8-1143-4fed-9038-f78329bda212} 876 "\\.\pipe\gecko-crash-server-pipe.876" tab
    3⤵
    PID:2440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2856 -childID 2 -isForBrowser -prefsHandle 3632 -prefMapHandle 3652 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe05f5a4-8a5c-4a6f-96c8-88b30ab54f5e} 876 "\\.\pipe\gecko-crash-server-pipe.876" tab
    3⤵
    PID:1004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4684 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4780 -prefMapHandle 4776 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0b83255-3e1d-4513-98f1-6a2e9869957b} 876 "\\.\pipe\gecko-crash-server-pipe.876" utility
    3⤵
    - Checks processor information in registry
    PID:2960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 3 -isForBrowser -prefsHandle 5660 -prefMapHandle 5744 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92ff65e9-1b68-4e0d-a15b-8049fc5a0dae} 876 "\\.\pipe\gecko-crash-server-pipe.876" tab
    3⤵
    PID:2088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 4 -isForBrowser -prefsHandle 5764 -prefMapHandle 5732 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0a1f492-d3d5-4ee1-a144-229a60431d86} 876 "\\.\pipe\gecko-crash-server-pipe.876" tab
    3⤵
    PID:1552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5996 -childID 5 -isForBrowser -prefsHandle 5796 -prefMapHandle 5904 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5521f17-1c4d-4155-a8d0-31cb59e9ca1a} 876 "\\.\pipe\gecko-crash-server-pipe.876" tab
    3⤵
    PID:1940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6428 -childID 6 -isForBrowser -prefsHandle 6352 -prefMapHandle 6356 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e38fc1b8-ec16-4cc7-a46a-0011e136698b} 876 "\\.\pipe\gecko-crash-server-pipe.876" tab
    3⤵
    PID:224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2388

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AfterEffects 2022\" -spe -an -ai#7zMap31695:96:7zEvent588
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2596

C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2892
- C:\Users\Admin\AppData\Local\Temp\is-9LGIS.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-9LGIS.tmp\Setup.tmp" /SL5="$702B0,882176,0,C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:1072

C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe
"C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1564
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe" --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db" "--metrics-dir=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db" --url=https://o307710.ingest.sentry.io:443/api/5227323/minidump/?sentry_client=sentry.native/0.4.10&sentry_key=b757a395cf2c47dfbaa4bcf6186b45bb "--attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\ca2171a5-dde1-48b2-6845-64a0f8c7d219.run\__sentry-event" "--attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\ca2171a5-dde1-48b2-6845-64a0f8c7d219.run\__sentry-breadcrumb1" "--attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\ca2171a5-dde1-48b2-6845-64a0f8c7d219.run\__sentry-breadcrumb2" --initial-client-data=0xd14,0xd18,0xd1c,0xcec,0xd20,0x188848a0,0x188848c0,0x188848d8
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe"
  2⤵
  - Executes dropped EXE
  PID:4836
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamiclinkmanager.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamiclinkmanager.exe"
  2⤵
  - Executes dropped EXE
  PID:4120
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4684
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3740
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\GPUSniffer.exe
  -T 62 -H 810937894171564
  2⤵
  - Executes dropped EXE
  PID:4276
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db --attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db\abb15c62-6cdc-4441-e5f1-12976a1a7507.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db\abb15c62-6cdc-4441-e5f1-12976a1a7507.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db\abb15c62-6cdc-4441-e5f1-12976a1a7507.run\__sentry-breadcrumb2 --initial-client-data=0x4ac,0x4b0,0x4b4,0x484,0x4b8,0xb8948a0,0xb8948c0,0xb8948d8
    3⤵
    - Executes dropped EXE
    PID:4808
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\index.html" 64f4fbf6-ca0e-44ff-a520-6f7fe5977f49 1564 AEFT 22.0 com.adobe.DesignLibraries.angular 1 "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" "AE_CApplication_22.0" 1 WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= en_US 4280492835 100 1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1852
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=gpu-process --field-trial-handle=1680,3800499720599205823,12929023295898290335,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --params_ppid=AEFT --params_serverid=1564 --gpu-preferences=OAAAAAAAAADhAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=1744 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:5016
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1680,3800499720599205823,12929023295898290335,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=utility --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2088 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:244
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1680,3800499720599205823,12929023295898290335,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2132 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    PID:2000
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1680,3800499720599205823,12929023295898290335,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=1564 --params_extensionuuid=64f4fbf6-ca0e-44ff-a520-6f7fe5977f49 --params_windowid=983790 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2008
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1680,3800499720599205823,12929023295898290335,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=1564 --params_extensionuuid=64f4fbf6-ca0e-44ff-a520-6f7fe5977f49 --params_windowid=983790 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2408 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4720

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3b8 0x488
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2144

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\ece822c113494bdc90e2ce6b0927eaee /t 3340 /p 1564
1⤵
PID:1888

C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe
"C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe" "C:\Users\Admin\Desktop\Untitled Project copy.aep"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
PID:1220
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe" --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db" "--metrics-dir=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db" --url=https://o307710.ingest.sentry.io:443/api/5227323/minidump/?sentry_client=sentry.native/0.4.10&sentry_key=b757a395cf2c47dfbaa4bcf6186b45bb "--attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\8b5fb34e-b8b0-4ee7-9988-4b8c5d33de72.run\__sentry-event" "--attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\8b5fb34e-b8b0-4ee7-9988-4b8c5d33de72.run\__sentry-breadcrumb1" "--attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\8b5fb34e-b8b0-4ee7-9988-4b8c5d33de72.run\__sentry-breadcrumb2" --initial-client-data=0xcf8,0xcfc,0xd00,0xcd0,0xd04,0x182448a0,0x182448c0,0x182448d8
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe"
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\GPUSniffer.exe
  -T 62 -H 851845081111220
  2⤵
  - Executes dropped EXE
  PID:4768
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db --attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db\fd324458-678a-49d9-ccc9-865a19c43450.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db\fd324458-678a-49d9-ccc9-865a19c43450.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db\fd324458-678a-49d9-ccc9-865a19c43450.run\__sentry-breadcrumb2 --initial-client-data=0x49c,0x4a0,0x4a4,0x478,0x4a8,0xbd748a0,0xbd748c0,0xbd748d8
    3⤵
    - Executes dropped EXE
    PID:3596
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\index.html" b6241946-7e05-4862-afd3-665ff6ce32b4 1220 AEFT 22.0 com.adobe.DesignLibraries.angular 1 "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" "AE_CApplication_22.0" 1 WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= en_US 4280492835 100 1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4964
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=gpu-process --field-trial-handle=1680,5265807560372312817,14734735314391592099,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --params_ppid=AEFT --params_serverid=1220 --gpu-preferences=OAAAAAAAAADhAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=1684 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3544
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1680,5265807560372312817,14734735314391592099,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=utility --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2080 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1004
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1680,5265807560372312817,14734735314391592099,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2088 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1112
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1680,5265807560372312817,14734735314391592099,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=1220 --params_extensionuuid=b6241946-7e05-4862-afd3-665ff6ce32b4 --params_windowid=262704 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:656
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1680,5265807560372312817,14734735314391592099,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=1220 --params_extensionuuid=b6241946-7e05-4862-afd3-665ff6ce32b4 --params_windowid=262704 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2412 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5016

C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe
"C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:984
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" updatepvbpreference dummy
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:4796
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\crashlogs"
    3⤵
    - Executes dropped EXE
    PID:2224
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\dumps"
    3⤵
    - Executes dropped EXE
    PID:4552
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe"
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\GPUSniffer.exe
  -T 62 -H 89225691268984
  2⤵
  - Executes dropped EXE
  PID:3132
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRWindowsClientService.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" updatepvbpreference dummy
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:3268
  - - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
      "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\crashlogs"
      4⤵
      Executes dropped EXE
      PID:3532
  - - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe
      "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CRLogTransport.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files" "C:\Users\Admin\AppData\Roaming\Adobe\CRLogs\dumps"
      4⤵
      Executes dropped EXE
      PID:4788
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\index.html" 6b18933d-951f-42b5-92cb-d36d9c2eb060 984 AEFT 22.0 com.adobe.DesignLibraries.angular 1 "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" "AE_CApplication_22.0" 1 WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= en_US 4280492835 100 1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4976
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=gpu-process --field-trial-handle=1684,8061963868221296720,393400953588379387,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --params_ppid=AEFT --params_serverid=984 --gpu-preferences=OAAAAAAAAADhAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=1704 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2072
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1684,8061963868221296720,393400953588379387,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=utility --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2084 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4328
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1684,8061963868221296720,393400953588379387,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2092 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:1612
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1684,8061963868221296720,393400953588379387,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=984 --params_extensionuuid=6b18933d-951f-42b5-92cb-d36d9c2eb060 --params_windowid=328208 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:3820
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1684,8061963868221296720,393400953588379387,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=984 --params_extensionuuid=6b18933d-951f-42b5-92cb-d36d9c2eb060 --params_windowid=328208 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4848
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=gpu-process --field-trial-handle=1684,8061963868221296720,393400953588379387,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --params_ppid=AEFT --params_serverid=984 --gpu-preferences=OAAAAAAAAADpAAAwAAAAAAAAAAAAAAAAAABgAAAgAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=1204 /prefetch:2
    3⤵
    - Executes dropped EXE
    PID:4836

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\Comp 1.mov"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Adobe\caps\hdpim.db

Filesize
68KB

MD5
d6979b4794b15e3bc57ae5a84afbb92b

SHA1
a483617ad62b6903c4e68acc305000618af03982

SHA256
504c18904939228f7594cf24722c10089779774d022e44a4a87f3f08ada89c55

SHA512
0ece7a27579496aed1c9216826ea77c9ec38cd2da5a004b272431af2334ea22385caa80433295e07264ba6836b0a1b189be7a09a8ca826477890fd90c54b2d08

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ASLFoundation.dll

Filesize
456KB

MD5
815c858fe48e3b487139ad790d6086bf

SHA1
ae0f2a07c1beabdf87584f6e16b027783e56295e

SHA256
3b6e03d838cb72be322a74d7c2db79d820ba82eaf3c890765a07bbbe21aa044a

SHA512
3ee5678bc1b3393587c10e5a46ee79fe01c7c5af171293721944e779f71c44519a5fa8f222da13a1092328282d91c564486950cf4aeb8ffa00b4241f30466c98

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe

Filesize
1.2MB

MD5
782cd23f53637c6298b1fd849ae89440

SHA1
fea438d27ca9ad9dc293c5054452c00ee73b8492

SHA256
53b8ca0bdf6f16b2770ac0b3ef4f7d9d96ea660328407a31956b01617fc1a397

SHA512
c61fe1270c75a9fb5e11be45ba064d82bbd74a32859e888d1bbc6474c4ada95e0497760eb17ba3722f47ecce88c275f514f45c2030698d5dc112b94d45d30420

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFXLib.dll

Filesize
45.5MB

MD5
12346f5c85b4c9d208e02d5ce6ed87df

SHA1
c1f2b9edc65d56c2c4cc7e34f1b668d5ed180623

SHA256
f4ffb5cc7e790a42c0a625df35b091acd8a7c8d5cc935b5a168cd421eb59bcc9

SHA512
1699d0b11ebd9b2e452ae42ac2c1f84074a64d3a86f32ceb8ecb1585a3c9a359ae8e6613367227349802e151db67e80ff2f3ab40eead75b80c061df880214d36

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Backend.dll

Filesize
18.9MB

MD5
76ec2017cf08bbe72322bfea769a623b

SHA1
2d0604cfa431f4b0dce424c553584e7539b0c95e

SHA256
9ff123b4c20983066dbfbc26b8fe2df94d6ef6fedceb80680752d61e81062ed8

SHA512
f06efeb269baab2da845cd2346d1c9c917640e41a072d8fe24114e5caa0f907295e3a53daedb21ab727d843807c9a8ce33c8a683d47f10dd0e45ed90b8b77cc1

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\locales\is-SGU2M.tmp

Filesize
553KB

MD5
9e64f617c7278342dce87dd3bac112a6

SHA1
0c58bdd98c69b0f73578a56311aa22bc85f70d87

SHA256
6f117db8d19641253877c928fb4e3a8710f4380ba66b0d8f883a79c1e64b8edb

SHA512
40ac1fb74009921c32cec922d0efe55ff061dab9b647ada2ee28c8da986ff0b017fceaf9f04885a38b8aab02cce1618600ba473d89e6731306189b422ff9cd81

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CodecSupport.dll

Filesize
2.7MB

MD5
19c2ecf80bc4b84b43ec36c57a52cb94

SHA1
00c56f8c661376c88b579d56f922810467196b72

SHA256
8a52106f072bca00c74c093b7b902c7a3d305fde53add61829ba9b05bf82333f

SHA512
0e86ae79e110c382de36dba77a03c834c5dcf9a6debf535edfa33db11153aa7b813f7ea88c8eb0d6487472dcc2a9e08cbe15cd136f55216622f0cb5b88245e7d

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\DisplaySurface.dll

Filesize
1.3MB

MD5
2bd3bbd8cfd1b6c31b3278a0a0c667c8

SHA1
2e7c58ba732bf6248d318e9202ed8e5689feb1bb

SHA256
0fdfe23cae936fb70b845b7af8e0b5140ddf41ac28722cbda3e8a007e3e0e3f5

SHA512
93fce7b3142768c9e31fafba5bae18a911847de3c22555662051b70d4434410f398bf008eb2947c1cda41514ad08ece1f50d05917001b7974d861d448ed68954

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\EAClient.dll

Filesize
8.3MB

MD5
15b27cb2d8dd2fa489d9d999ad2f3225

SHA1
849badfe19efdb67d57d5fc340a7a966c86e95bd

SHA256
f8e1d4663c13156a62f81010fd81d136c4362127955667c2fa1371383bc0837d

SHA512
9651a16770ca842d1551612aae865826f5fb0bd3c0833c9819e72ee7af2e722ecd64a82aa0db28535cb7de5443108379d7aeba6d3e58837c0459ba9a57a2546f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\EAProjectBridge.dll

Filesize
5.7MB

MD5
9b8d4fbca19b50773ff6567d58ddd587

SHA1
503a1752a884c09b290f4a798745e63b73a5399c

SHA256
832ce693d15a0a9af4d779d7a80a552a41607c12710102452ac3165a9dffe01f

SHA512
f98ca4639f12f5760a429177cba624e30a28fa8f951cfe2c3b483cc35621aca4b0fce0e99adc1cece72f6f822852bca1429779c28956781fd84b61934b5467d6

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\locale\fr_MA\is-62MJE.tmp

Filesize
88KB

MD5
1a52bd2381250e4ef68a411e3f70416a

SHA1
280de059b7ffb6be20890697e485921f977b959a

SHA256
4c1f429a49b1f0d839fac6729bcb7aa956a6547c91c6d8a8ea92265923985fe5

SHA512
3224c891f3e3603fd07bead33218837b6283dc35d71f7c1cb5bb71fa81bcba87bd81892b1062042a8ce2a6291680b9146d837ebe1600912865d4f05af8158049

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\locale\zz_ZZ\is-K7KR5.tmp

Filesize
73KB

MD5
d675e91aea7f0fec379ecda4fe44182e

SHA1
3c72fb9ee678b91cfed8d702077ae6f48247aae3

SHA256
83f04204cd78ad88287b1e44d2200745a0f59863754906bb358c41228c2b8798

SHA512
d971aa0db0307a23d5e21609fc5b995752a24d79f5d2d880b47cdc7123ba12359df8c1e7602d675e59152da58420354fa5e76973e71eb90abe0ddc5fbfaf8fbc

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MEE.dll

Filesize
1.2MB

MD5
7e1394b0689cd24b791d4fe73f5a6347

SHA1
f41a32d186adfe682f34f02b278e0047c3e47c10

SHA256
85339bab204d2a71172bd31c87ca85f67e024e145b81a2aef17b6a28887b90bd

SHA512
048046b4505d95bbd3c5bcd7c691e7c6527774c8a25c718d99fcdaec3307829d4ba607a483b8d31c7eda4f83f6d5d6ce92495bc814e3d5d786ed6320c9093548

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MLAssets\is-8PDT1.tmp

Filesize
344B

MD5
803efabdcb80cc3f150be9e41f7b4b57

SHA1
0750a3092054536d88a9c3b430e8ddf71b134bf5

SHA256
332312e95be9df62848fe57f265f54e219f071cf218c28ea23151fed66d0d859

SHA512
354d9ca7dc2cfb349014f24e0fd008f024a083fdc3321d2e57c778e0eeacc27ef24663c937287903e26d147aa8e515261fde59af8b1e8f3bf057619f338a39d4

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MLAssets\is-NH06R.tmp

Filesize
344B

MD5
2f4f57eff18062e994989da91f4086d1

SHA1
dacb16b5573f9cf7fb3762f169a1b52f79de3b3c

SHA256
22d18eae8b4a0091e1a8a50346c5f59901b33736df0a8fbbff4d7ba033a416cb

SHA512
e4b346d3def9a8b185a1ec0890a143cfe62ef73bf7cf7ee8a562a6cc31f7d74d63e438218af18e05387ff257b3a694f429010945e44f377e6853e4fef5d4eabf

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MSVCP140.dll

Filesize
609KB

MD5
3aece536e1e7957a3b1150c3a45b8d26

SHA1
714a130c6d3de4356a782f6d469430669030405c

SHA256
beee6ddee281c1884b9dbfa66be05380ca12858e91211bf182c4af0d734e3f44

SHA512
2ea958a4c8e7ad1f9ab61e5141194deab18f2c6972a8c39986a815b1ccb1b158028a61a81c4002f48bf52564a9bf8d8d4156417807838d8cd4c62af0ceb1fdd3

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MachineLearningUtilities.dll

Filesize
497KB

MD5
5207ceb8e80c3e378a1d94cde5cd81ac

SHA1
203b7e8a59fd18a7688fa23649ecdf0037a630bf

SHA256
4d4db9ff763eb4a4d5d18f7f55862f52c6758a90daa00f5f7d308aec630514be

SHA512
d2eb45700511a0d749450eb13972f73abde1dc1bf3f36219cf7aa0df55c5b35a796ef66f3f94cd4167b06279e82b159fbd16d59e6aec2fa594332aec77ab4880

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MediaFoundation.dll

Filesize
960KB

MD5
93d26d347e13336bea687b786a87e8b8

SHA1
cd876dee89795a269278a552c1345e11e0a97d65

SHA256
89e213d83470c3f3cbb6b2a6891b8d013aa96bb9e3150ba0fdbfb327e5b85a76

SHA512
5aae484a69f16f264082c8630099da510c374c759f03309575d70ef7aa31a5a9915e405b3f4d06e223b318191798bc00ada2217973434217812f52f5ca1e2d40

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MediaUtils.dll

Filesize
164KB

MD5
502be848a7912db4c5b89a3e6c3ba716

SHA1
b556d739d626e532b5beb8b734557e2df89bf5b1

SHA256
32ec4bb900a541ed68f5069d06c8a02e22bc790f2351f448231a770fccf43432

SHA512
740769f0383dc69ba301bd61749487c86df4ca4f1fecb65e1081c2e79008993b17e52b9d4a4583697cc86b47cd0a01fd40c828118d7d8327a0d4470dea3ee3a4

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-38UCE.tmp

Filesize
2.6MB

MD5
276fcc886c896b4734c7030a82d39b73

SHA1
b0fc396ec072c5ce69ac4c1cbb166ecbebe8cc98

SHA256
992644b9c1e8ebff7aa028f8a542b1db44d6f04db1a590535d44b0520e14d723

SHA512
7c3466b42b1026aeaca4cb95403caa4c7c8d4fb2784aff139170c7575c80c026540cca902fe6d392ba6e331adcd2a36656a4e041f24fc62fe8de09acccdefd2f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\is-607DI.tmp

Filesize
2KB

MD5
e6dd3db4f8a582e30f07b77e801428f0

SHA1
d207e34278440fc9b47c6480a47fef13870ffff6

SHA256
a3fff66cd7217029792e7fce403cc658b0ea03b2d3a2860f57479c8ea6bc1372

SHA512
f58e27d7f36e05cb1d6277629ee2e3cc239b2ba73a75d1399a048191e4443dbb1360922b2cc0d36c3a19b04fcdb64f5dbbd0a838736dca658b9caf856031c5ea

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\is-CSBR4.tmp

Filesize
2KB

MD5
5435f060331a523b9e5db9c9957756aa

SHA1
e0f07b59a0ac83b7cea1716cdae4a59aeafa396b

SHA256
91d7772e4a193e91a093d59451508cdb89448eaffb4febda26789777afbacf3d

SHA512
536e731672c1348222490d39099712c7bbcbf8d0c6be5d0f3517c10feb1b47d7942c18703e18c28f36774546a41f18d61fa8096e022a82947d43b11a2641d187

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ProjectSupport.dll

Filesize
157KB

MD5
7c309d19b3cc9b7eca55e23f747e6416

SHA1
bb446d5894b913bce23b453358b9f8f920b573bc

SHA256
170c2bc6e952fdec57d08c77c7d7c8c2733144065d51f761920f32a59838efe6

SHA512
a4126723208cc791039305478be268416398e85c9abe46f35028ae65c904ec30e8564d34cbd6fe1cbcec2e4ef1b08e81f61ef88b7a54e99bc90aa65e6517f2d1

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\SweetPeaSupport.dll

Filesize
217KB

MD5
526b5d54be2e94e490a4671ef72ed328

SHA1
6dcd805bc6c01f6c9e78909c71fdf63ea33090fc

SHA256
a267bf6515bad3dd271783dec0579d8a68ca47cff7baffead7dd0954c45e2a8e

SHA512
b566a816e32b750399a96917efad869e180dcbf69eb35631228604bf418f39d2496e48cb903b365ceabad5bd08d5bd0627f1e27db725799a88dabeb0d893e207

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\U.dll

Filesize
993KB

MD5
fcfca759b60d207d8f048e12f3ff1d86

SHA1
b054d43aa7493eaaf843d2fdc8ec5233a9b6a909

SHA256
afe1bd7ed68886f7bfe8d6c351aaf0a971aca420367c6ab9a480ff443acd899e

SHA512
9600f4048dda52f57a1c88dc21a711217742609d5e9616c7cea5161aec58706e0a37af38f4a5e137b4f449716eba9e627dd930b3592f0a1bba31d26c3452034a

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\VideoFrame.dll

Filesize
607KB

MD5
80ab704f27cf8829662b48d8a108e9de

SHA1
859315fa62e5df6639f12fa778e1cbfdab22de87

SHA256
f40cb4635ec140ea8d1f6059c99f231c882b31562599e5ff25bfbf2bdadf5327

SHA512
b1dd081433f666315d9cdab94324229ff1b09554eeecbd69562d81d8f9a35dd2eab1c2c027892b904e1fe231cb469ca557a57e093c8b79f67849fbcabdb675b9

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\aedisplay.dll

Filesize
593KB

MD5
b447f1a17ab2278dc5802186ffffad1b

SHA1
59477c01b3fc8aae4f623afa17d0defe2d79fdaf

SHA256
8cff968c32d9c46c1beaff1426da5b783a1564462ecfc95615504a82260ab91d

SHA512
70b08ea7d80dad223dc1bf60231fe9367a9c45e3a592370040f0813b481f096408395cd76aa2f0a2be1a2be02ac666e37ff2762497bdf1318e39ce3e2d07d453

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\aelib.dll

Filesize
3.6MB

MD5
a3e8177a225a3864a044c785ad54d2f2

SHA1
3e585cab8eb5ae7577a351cba41ac2ee11a92f86

SHA256
f65c8393868bd976fa2385bd70e2e464fc79fc34f5073e7a5040d291d4b38d63

SHA512
c5cf2098a2a90cba32a59a82e2d90b35df088c0da83b5a7c64324a3832defc7f0ef9f3878f9b5d916e3aa19a3f5f4abb9da0bd00de682b11af66a07e725c8612

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ahclient.dll

Filesize
313KB

MD5
b9a7dd7f322d07db95616e5208838641

SHA1
46630fd8c25ea9cdb56325a7cf45572e5ab31bd1

SHA256
c26f9a1f0ea3e175c2d229baf369364af257083a3698cfb52398933bffbd3f10

SHA512
37083884beff6d8291207ef12e93c60b473c98f845e5633d0c0f456e803256a763f15cf2b9dbba862b5e8c036a073cebd26d3ace287bd37760032985ce89069f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\boost_filesystem.dll

Filesize
119KB

MD5
43a9f104b8ef1bb0e1086c8a72019db5

SHA1
3b03486c8668dc6424a8bb96c44015823e6c7319

SHA256
ce870666d1a505349abe4aad28260fee1469b75a8356dd513cea01288466135d

SHA512
cb4421a9562e5da15b60ad97c87a2b4c59e73c6b0b00ec57a27d01cc57ae2ddf1df2dd54ef63750c8ca6cf2ad3d913ab2ba788942024da1d1e07439f35e4a4a5

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\boost_program_options.dll

Filesize
347KB

MD5
507f86bfce2285aef52cad244bcb7251

SHA1
5a63d836718bd3735625cf6943cf15d4ba4bf168

SHA256
9c4e1ea196c2dcc5623e240acfa7d1f075622a9fd0559075e13e95fae1ffee3e

SHA512
c29a9b954d74161042aff3bf62224090ff0836a524f070c3b5a381a27a58c65c611ef95c13cddb6a8ae81a9a380f31e6eec84d5042d102246e6cfa0ff936499e

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\boost_threads.dll

Filesize
77KB

MD5
6af0e0311719a270534cc5b7a22d9189

SHA1
80b607509735ff17820c71b4e2c1f325c5637b21

SHA256
c922464998bd59e6d273a9cb55e29d2d1a0aad4ddfb76f6227f5e6ee2caf95f3

SHA512
ddfbde19f91a39e4274c7a6f6a6f2172b584731d9cad407ffe2f50999f617d498205e00a2aa4a9e4c5c6b836635f16150102e04bcf9b2f86b4f6989fcb12e3f5

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\images\thumbs\is-3DLVO.tmp

Filesize
6KB

MD5
14efcb232fe86257595d64bc2df6b75d

SHA1
659f8e6be9dfcf41a2f8d634010fc22c69862a4d

SHA256
bbefe78465090c6ec55757d596979e8b59f2cd7417b2f513ca8ab84eb2d45e5c

SHA512
80d411289380a61639757fa88072a563b998775656359c6ccd5195f2deb84c8bd18adf81305dfee586f3aba92aa43333ae99802c807c06c280e31d691b64dac4

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\en_IL\is-23RJQ.tmp

Filesize
26B

MD5
c0ab735c82f43e1f4db2bfbff021f15b

SHA1
d8b781f3c63c7fd4745caca90d652c4b630a30b1

SHA256
7af32636e9ecfdf1e3814a6869cc718a42c884e724fb4363f0068752c77530f9

SHA512
3f6c699e6c55b64c4f544fc28d4a6302ffa118a0642bb4c23d7bcf73a6cbb52b4f710adbfd7c865c6c8e2081ca2a219e224765ec4138c2a421b272aaf98a072a

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\en_US\is-ENQPB.tmp

Filesize
10KB

MD5
ad3a0179cf63b44cbcda21b81ea01a79

SHA1
1139584a16322da850b338a3fbe7b1f4f4baec18

SHA256
513a2c998c7f08c3dde497f5ef1e453440d31bc47fd3e2bee57eebb2f54b8d83

SHA512
c75548d88e23dafc0f675e14fb3dc9efc5a2b9b190a57b648ed2c8cc48b760da65a43dff4339f6c6e5960a21af3ee5cecea25ec7f528c14329f48645872c4ec2

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\fr_MA\is-IR6UA.tmp

Filesize
12KB

MD5
9387d0ed2744788b96a5943834045261

SHA1
5495984a89de521c88bde2e723e46fec02a545bc

SHA256
d764a166183c94b88795c4f40c143ce9f4be04d8237cc6f40ce1d10c98577477

SHA512
a4753a51f73ae1e9da391c7a2ee86ec32069fc4d0d315f4c9787ffd8ae93e6a9ec26df4440c3b3f1c1f911fe80e88e8eb645cbec2424ccbc0df04fe5c07cdaf7

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\fr_MA\is-J8S0U.tmp

Filesize
29B

MD5
b36e87c45a0f04e734d5497f3e4f5d7c

SHA1
3b56b1411801365379ec2c6a0800e50dd543fb93

SHA256
c42d0117a10d85e1abbc3cc56203a5d80e2c21a1e3d1da4c260c6e3fb4eceab5

SHA512
3a42ce831fd3a5f7bb636fe069361996c6ac9becbc3bf7b19684ba613decfbf8d0dc777dbef639b486e3e6a70a24c484aa55fe20d7c1485303fc8a31553464ff

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.susi-dva.extension\is-OJ2OU.tmp

Filesize
41B

MD5
c08502997fc819570b793f6e81ce0495

SHA1
20f805f7c716f09950bbc2f7a9c803e3f1cf57b4

SHA256
6f4ece9eef5c4e518ad56a6f82d14e95f93e4e5d07b1cb8d22de8666d7ac3d7f

SHA512
abed6ed6e8fa6716921ac31213540fbf8caabcc7bf58ef8002c0ed2d63f51d79aa4f15007a8d9c7013bcc6f6e6bc4b87f9b7d717cce583e5873ab7107e37eb1e

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvaaudiodsp.dll

Filesize
4.8MB

MD5
a26981abf36ec66e37ee0964cc6d1f2a

SHA1
18f683c9fc43655679608c83195d75897551e9a8

SHA256
aa6f1cfbfa7ffcbdcad84ab6abb18de3d38b6de382641a249f1f765cfe0415d7

SHA512
9035df795efa570c21c3a54c9f5ca68412eadab705009edf6dc8b42f065f657fda6ff07dd0e4d0143214f57b20cc8653b21c5ad589495525bbc31b5b66304d55

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvacapsule.dll

Filesize
708KB

MD5
13c13394942e6adacac1ecd51f5013ef

SHA1
055a47ed5bc1a2d32a400023a6f099015cbe45d4

SHA256
7a29f1b7baaf79c1640e16bf2478b53603c90e0608b09966bde551ceb67ec922

SHA512
29d8f71fc179ded6a57cc2b505adccd5924c996b64edeb31642728bc3fd8b0bcb4ba3f6a0d8f7d0e9f2774476f36dd25dfbc295bfd8c0c4ebcf7e3fafd32a4c1

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvacore.dll

Filesize
5.1MB

MD5
20890193f34f80f4f6dfafafb669ef71

SHA1
c8d0f327601b7d18e8ab20d378fe7d8c3934d06a

SHA256
a4b9af1f545915ba61f88ae265bfaf33e269d48a6c0e89484d442aadea50a693

SHA512
061af2a6c5850a2c0e8f1597f213c167d5c7b55b71d2aaf672513d79c606f64c810f50291cab7c32f4d42a71fbd565b0d13ccc52f5cdb6de1aeb912854432756

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvacrashreporter.dll

Filesize
375KB

MD5
8acabbd3d0ca8c2926dda3c0337ed408

SHA1
918b7794209ae1762b492128acb9191414e62193

SHA256
df835e3497e955f2d3ea05a43cf7c99683ca069991cb9dbe68b87957ed224248

SHA512
2446eb834aeb62a427a2a38c53fdb96ae2025245d3ad89c3e9d26fd78118d1233d2322a4c11760faff2e9f6c57cd879dafb4f965fa2a1b5dfecc30ffcacd3477

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvanet.dll

Filesize
985KB

MD5
b31b8b0cd75e8fa3675f276a09928b7e

SHA1
baf3aca89b20319fbbc278a7e212c5706b925d2f

SHA256
44a8521c1a166a2c21e4895b859081b1afe1b100e9962cdef2f40bc19479351e

SHA512
9fa466fa3fe8c819fdb477d7fd7faab33d44a0bf8503d77cd348a8fef63b7795b5e2d7e7da84d9e6401c860b468ff0a3aa893bd3424270c12d8117bbe695ee8b

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvaui.dll

Filesize
23.9MB

MD5
cdaad62486e06ad13fea0eb297167da0

SHA1
6e16fcc01bf5867b77d3a1c17c14a34b6d580148

SHA256
dfb26f32c7de8573c62e148b459268911090c213b41b25527fbe96d525a0d1be

SHA512
34c1e2fb823386a7548f129e668a29d09fe72ba87d18f0684dfbb3d6160ccc767737475c37e00cf7c430a64422e16b51b160148e13db9183aa0108e2114c6a0f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\en_IL\is-TEDSA.tmp

Filesize
11KB

MD5
e9031e4ce52193bec6931c23f65fee11

SHA1
f712cd9b86cda8eb79a1ef0806501dde2d68c376

SHA256
ca30d8c103cb7ac0584b2249291396e4c5487c8aa6efeafbb133a65cd48f8851

SHA512
7b221cefacf3e1929f85edfea649edc1c219d3868ef5a36977a635726ff061364069e666b71d98fe41be4aa1605eb7e5317cd1987a976249bedeb7a7140ff11e

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\es_MX\is-AE8UR.tmp

Filesize
11KB

MD5
4d50ae44fa238ea4aabe5d1f8f36fccf

SHA1
2af1026cf84382db7ac72d68683d21dfa0b5703c

SHA256
af0beb0b93b7509b41b34fe0a20e51ea626b7e3365b4668d1008cc80c9a2247e

SHA512
e339f7860a92f69da25a7d88e3dbc4e5d8191f68d281f07e03ae1ea97d95c2cd3a030acf6f1cf56e7fe4a3c5073087fc54498e8803ccd19870053df1c029064d

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\fr_MA\is-B4Q36.tmp

Filesize
12KB

MD5
0563790f85f836158734dc3d770f1b57

SHA1
477a32071883e563e897b109a13038d687f5633d

SHA256
72823c1df23d465aed6d43f034b6d2048b9b20c6a565ad890e35c9a16981ff01

SHA512
714795d5105ed6b990f3277661769589ddc92a04e5eaa8991a8f9da2d553d5e8a9bccde7b601d5b101a0a4a908510a7bcde033afb76e7c8967c117417f43836d

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\ui\authdialog\mac\is-4OOR5.tmp

Filesize
461B

MD5
3cf3f3fb1be27155d466b8456a1d5c0c

SHA1
18480fa646a673148d634488ed9b193b95a3c0a4

SHA256
fc525d5a585f7fa66de0bce0d368ea0907d0b60caf06a6dbb0e15e3b75e3b092

SHA512
ed6baa106696c95aa7b74a8d48edbed2d8acf3e3abc401cd01af48b88a2c63b9bba7f39d473126c9a9e8e1ae783aa07f93f595fbc76f755b665f6effc6182c51

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\ui\authdialog\mac\is-D6UIF.tmp

Filesize
497B

MD5
9ff1bade0d4b2445db4638cf7a9b8790

SHA1
e5ce76bc8ebed90dcff4aa5047717ed0c67e24b8

SHA256
268c3d515af1d44766d8a5059391f34ec7e1cba36ef184a91112b4b016056435

SHA512
22d558bbfb662a7a578fd5ad6e949941cd81b762618b87ef7e68fe2dc4212f627a2a82037a93da79fcb048c5c087ad11dd84a97d9bd265454d1b5fb7efeabbca

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\ui\authdialog\mac\is-SKT6E.tmp

Filesize
425B

MD5
51a63d748b4f19a75c45ac6ef3595246

SHA1
453776f6de11b18314314d884efadf90f2e549cb

SHA256
e70e39e1fca76069432faacc9e6c654e91a39d9286f0406b13fab33d42f1a7dc

SHA512
87b43d7accd25240869a28cd9a611f1e67bccd4f112cbff5efd2daa3d7440232fd7d9f1bf28c06bfe4f91b60597e15de222a063277322e141c986d8ac00fda28

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\vcruntime140.dll

Filesize
77KB

MD5
214933e81e444675a9188f8a0b2dddff

SHA1
2229a5139638063dca97c82928b3debd58a8e49e

SHA256
8c45c8d45419b1d71f086dc28d562a9c19fa42e6335e2b0c614a6899d93023fb

SHA512
b177184a39f56f995ded7c3f6e88ce6741f927896b53d2967a1c2990588f168270c40de9ac8fcaf47cf87d8992ad4056de87bc6f4253c5784868a0a1aae88f75

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wsRGB.icc

Filesize
2KB

MD5
f3fcaf5be4fbc4420becbf3d6ac34afc

SHA1
8fe90755096c1665ff483e5d5b68537fa0d0ddca

SHA256
9d9a2b73e291f2e4e9613bf6ddf3ec9c6904c18bfadfaf9f107280e6b237a4ad

SHA512
8b5ccd6c496fbed4f81ec31b822f346fa6e00060c0fbc1db703b1371a8bebf361bc5254d9f9f83ce24c3a9ad670ea33673cfb2eb7ab8c8d726af0c6055a0b673

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wscRGB.icc

Filesize
64KB

MD5
8efbc17e84925739a2603c3add8757de

SHA1
9d24197138b796ecbd2748417a1f9a78fcc8a2cf

SHA256
45ecc2c1d7014bd3eb9d2ab5df532c6fd1d3845414ce1d76a2abdc13aedce462

SHA512
08a5a762c504f0bdc7fefac79497ce83a33a645a458c79fcb8471393df618604b96e3061a4e8f134f04383457e7983858e3815f38a5e2e660ee9c4f24f94681d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dom8snqr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\Disk Cache - Cclzuenw.noindex\09\09ff7916-227c-60f3-52c4-0accd63f2cb1.ADBE ICV.B30066F.AAAAADgEgAc=.aecache

Filesize
512KB

MD5
9846c1c7bc09149db6c34a60932bf122

SHA1
d2a5edbeef84be2186a42bff675da2411c3dbcf2

SHA256
55a92829d06dcd37b2dc3e74bc9f31d1dc4b9bcc6f6b2b110e9c047440c8238b

SHA512
d580189e3597c4969369358f3d6b58bd4003e05b5d36d3089e72776408f8c33ea07da1ffc59cac40fab3b4b43803f03657d321d226802f91d3d79e82d229b692

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\Disk Cache - Cclzuenw.noindex\27\275727f7-d37c-9779-13b4-cba437cc26b9.ADBE ICV.B30066F.AAAAADgEgAc=.aecache

Filesize
32KB

MD5
620441b95861c59587bcf0f26d19fb57

SHA1
b0618c5c867d1adde42b167e618316d215e4a581

SHA256
3ec09626540601eabaceed665291644af42af9bf5e67fa0e663d916b2bf3a71f

SHA512
b145aed29ce7b25caa9ffe4fc8894d996c3c9e8055e76d757f1d8c6de21aea835f53a1bc4f50fad5c81d3b14cf2b0fad0a2774871ef0d0132601751f96520254

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\Disk Cache - Cclzuenw.noindex\5b\5bcb18d9-c6bd-15cc-4cc9-bba1d2a4aa6c.ADBE ICV.B30066F.AAAAADgEgAc=.aecache

Filesize
7.9MB

MD5
39262b2c3fde5da1053b30c144f076ff

SHA1
2a40c377b51a67d1e5c00820496619b46798f15b

SHA256
99a5133f72a0f79ce3ce9442ca756f2bb7ee469cc37981ddae3a0e97b57881b8

SHA512
64bf6c93e8306d2053fa8babd3c791279c4f9a5343328292ca57ff9abb056d148d7515a9c76d679b379fded3af368b3a06c2602981b1ee141329591ecc8b88eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\Disk Cache - Cclzuenw.noindex\68\68628dfa-3a37-1cad-6893-c9090edfd855.ADBE ICV.B30066F.AAAAADgEgAc=.aecache

Filesize
512KB

MD5
ec9f2345656b5674534ca6b936053a55

SHA1
898e3c47425ed98286d2a56171da9ff115155faf

SHA256
09d7f9391932d4d464850749dbe1155b87576df8b69c04824b344804ebeb2a20

SHA512
da65634929339314e0d1abd633e163a90a8fffe0b8b1bb69b066483564e8982fefa1ae70ab3ea5cb7e0cc76d423399e02577006dd9cc8cc61b9547a3f75d9e5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\8b5fb34e-b8b0-4ee7-9988-4b8c5d33de72.run\__sentry-breadcrumb1

Filesize
4KB

MD5
9b2cdcef9e949182d8543d9e4cbab204

SHA1
a0bc6e9715d7ca2e69e668ef9348119efd0e2498

SHA256
5624c6260b796a16670667747a1cf2d7011ff9fe34e86dbf8b515413f9f83391

SHA512
c882b71402c3e49924d4f1233e9d4f246822f4baf5c46441a9cd2e3cd5a33691e63924e0e281cb550b4ba7f6c39255a754439ff743a0c3aa483f98dbcf90679d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\8b5fb34e-b8b0-4ee7-9988-4b8c5d33de72.run\__sentry-event

Filesize
323B

MD5
fe4f7c53f7deb060346fc67297871795

SHA1
0146f18c487b2939c1c5e3854853541557a060c0

SHA256
98b7c8ecadb878827e14966c956b7b96450132a53efeb3b4462e88dcecc643ff

SHA512
ccf8fdc533e18ebe01a05d88ea142653a6dc7746bcfc9b6270ef2eccdcc4c54f03c64395f13b469f900556ea97eee7bf7f54a062bc6e3eefa9037bf569e3f981

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\8b5fb34e-b8b0-4ee7-9988-4b8c5d33de72.run\__sentry-event

Filesize
438B

MD5
3c5ae79ce062d11e7a9178dc3ded9d71

SHA1
42f9dd2b05c008dcb9d32b1a4b372f6f1decaa34

SHA256
686dc2c19c193915912dd80a05dbd7528981929f1135d8d9cf616a7af6e89e25

SHA512
a3705a4a6111dca1c18daa10f98e6bbe15e78ee4d1d8042fb78f902acd0c9a034171bd4ab6f120ea067c251207c06ba9b8fdcd067ffff541241274ca892aa78e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\8b5fb34e-b8b0-4ee7-9988-4b8c5d33de72.run\__sentry-event

Filesize
457B

MD5
7929fb4f2f51ca8a9953170c8d5c25dc

SHA1
13e79e1543e64386c09248a9266b11db69bbe3d7

SHA256
aaaf8d6842dd933d6eec9730e154e1c3e61beeb8a9301e2ea3ef9b9653a2b5d7

SHA512
58c84f9b88a9006057e2f0344d1c1c98ba5abbf3f9ed8e07462e1a5f14b95d64fa3da78126ed7f9d9a2e6548aa80135fb76d8f0f39d66a9a1c61b8d9648d6272

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\8b5fb34e-b8b0-4ee7-9988-4b8c5d33de72.run\__sentry-event

Filesize
462B

MD5
109606f3fa05019ed4542d99c932c210

SHA1
d1695d78dd339d365be661e8ede4abe3774d7b09

SHA256
8e8922881d0415abf8948ac80f76086a63181b355acf8cea9d1ba1608c965326

SHA512
186d2fb831ced61e8cdbdf3f0ab4abff64eed021cac75185c113d6aa4bd86a05c741d096c0a83a788b946ec75801b9587a62e3ee910350cafd1e907bd98ee86a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\8b5fb34e-b8b0-4ee7-9988-4b8c5d33de72.run\session.json

Filesize
223B

MD5
939707c09dd45c3a09685101626d9bd9

SHA1
60c4883e4d5a3b2e0ae45c2df15ec9478227754c

SHA256
5eb93de64607f7678bf0edfcb37aeccfd9c97b844ddb88520eef56268747e277

SHA512
ef583edd4bfe2ea3244da622194745e9f11f8c59c041e5b6790ad83d723f6fbc133b93c3120767fb1318204dbca77153ef1811a5f739d80934ba3587c508c7aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\ca2171a5-dde1-48b2-6845-64a0f8c7d219.run\__sentry-breadcrumb1

Filesize
4KB

MD5
96c6ef19027e655448dd4bebb179397f

SHA1
7320da9eb16ed40e76a616dd9f03da57b8df9db7

SHA256
8961154a8c039eec5193b6bda036141bbc9d5a50fcfcad71ef9985b05731bb1a

SHA512
084f196982de5935b21998e5f0a211909f115058557699553be86aaa7fc0c6599fbcdf71f7920a2cd7fd9d1e38a06cc2299bcb820737c58745ac3449b597af13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\ca2171a5-dde1-48b2-6845-64a0f8c7d219.run\__sentry-event

Filesize
423B

MD5
7ab65511db1a1bcfadc2520d0f8a8792

SHA1
0c3055feabc80a835af99ae2181332c43dd6fab2

SHA256
976fbeb058d15746f66c97465c120bcba92b20c2ffc0c2bbf8a14e6eec4983d0

SHA512
777525188f26fc9dbbfd8d1e7d6d2c78b2ee038d428124be8f94dd74b1df9f2c303641bf98de0ee2c0514360bd2d8bba393ef99cda5fed8d82ffd461157cafc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\ca2171a5-dde1-48b2-6845-64a0f8c7d219.run\__sentry-event

Filesize
438B

MD5
1385a835a3f1980e31ae3a8fb7473671

SHA1
eaa4631c0343501945a94d741ee1bfbecf12b4ca

SHA256
316b865b5bdb8368c3801177ebf985cdbb42f74fd1bcfd36544b5428290f1f37

SHA512
e4d6cd6adb51b972620dfa221e534be0cfeb6aa2a86336b05e6a469dc29b0b9c1bd990b33d15974aaeb3a40a6de1697b0b80f173fc02d7ff1308bc9d00494790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\ca2171a5-dde1-48b2-6845-64a0f8c7d219.run\__sentry-event

Filesize
457B

MD5
7eaf7cc6975a5cdcefcb9f630203d617

SHA1
260510086e0378efae789879de7ea962704f7670

SHA256
4e287008eb262d30305320f9ef7c7436b88b65f60cfc4293115b990dc1f1d9f8

SHA512
31e5f9a7a0a35140624a2f011305ba539f6a624d1df4e2417876422664c3c6bfd6209f40ca514215f0c94dc1182aee7b96d77852d5dbc329155a4ecdf4d97aeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\ca2171a5-dde1-48b2-6845-64a0f8c7d219.run\__sentry-event

Filesize
462B

MD5
423cd87ce66a02d414e899cc34849129

SHA1
d28a85044111e0a3d6bdbae16a59fa7fb6312d7c

SHA256
0138d4e99b7822824793049af3fec1327037e8b8481d07233fd742f9a78bfe62

SHA512
87c9427170c6f96b7dc8751827280501b0b41248a4239b80dd926a97bca957efa02c3cd3664cd6aca759c3b2599785ff944e7e093462eb1d2eae0866e26314e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\ca2171a5-dde1-48b2-6845-64a0f8c7d219.run\session.json

Filesize
212B

MD5
bf750b6cd72be2ae7b6119c1f1b482d0

SHA1
1879d68266320a93f99c2cd6ff6b7ecaaab7a3cb

SHA256
c899adaab6b147088509ccd6682c908ee51a486f50ded88fab85b01bbb7cd5f8

SHA512
369cf5556a4496f45df8764899fdce13312282a7088edcdcbed08175eaecbca0b12970af44ed522f9d16d9d696ecc3be1d08c0c4e20eaa27c611bb93159fef8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\ca2171a5-dde1-48b2-6845-64a0f8c7d219.run\session.json

Filesize
211B

MD5
a34e530de08581a2bdbfa8ace6a26d65

SHA1
f38eeeb5e389a1793f2aa0492013b1ee3e8bc899

SHA256
950fc4005827904f945bca17ba298e1d4c46677b64ab0f3fd20939af233bec0a

SHA512
ac2923a82cbcded5636fffc7bcc667213cc68015a5dc9d97961aea0a826f00fd2dcf369f8cc73b93c9d375ae1b11dedae7fc70c3f4d180b55fee5d2000e85cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\ca2171a5-dde1-48b2-6845-64a0f8c7d219.run\session.json

Filesize
212B

MD5
0908c6f9ff12918349ee0731854203e0

SHA1
97f6649dc6e037cdda5559132f4a29cae2efca67

SHA256
541e041ffc01dac8598558fcaa5cfbcd6e6026d61aaed46145b7ff214a3d8453

SHA512
11b1ee6379afca8c012f467de0741625e3f4277917c99351ee2594173bcd5d1e7f2ca6c58830f52d6077656d17fc9714ef3688842c82ab74f43a9f73827ce9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\Typesupport\AdobeFnt22.lst.984

Filesize
107KB

MD5
e584eb94ba3c3a4c3902c60bb5f159f4

SHA1
25bd600ebd580fd31bbfc3c59cbaad4745610a2c

SHA256
e22f3358a143bb336691979b0a52fb140ffab099e841664c1f7c9b580f4f968d

SHA512
711ce7fcc2b7fd38eacf78ea78ee84dde75acceecf7d16c6f1b49038e0996a360316a227b59fdb0c346b3e22f8a4732abd20badc3e4355fd632aebb477786771

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db\fd324458-678a-49d9-ccc9-865a19c43450.run\__sentry-event

Filesize
332B

MD5
928495b82189d9f90f81fb4c6689bcb7

SHA1
929ad4e3ae323057d0438ae7f227c0512a304a18

SHA256
e78f7db0ca05e5fa8ccee81ecf1fa72befb95aae4f37b425179e6ae40c6b4d0b

SHA512
c148b134235e04deb34e5093cf1c2a38659c79ad9c090b6fe58bc7d3210b6c133c82599c18611cdb20e1ba1bb5dcfe8d07626dbde02cf987d8012b939d998d9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\Network Persistent State

Filesize
178B

MD5
703b8384fbc9bbdb23ba7f712f8c7913

SHA1
277bbeddc9e20c10b003b5e71b23a30815fd82f6

SHA256
ced33a2fe945253495fe2e0c333c99e2053946ebc66a604bafe4946feaa9a9b2

SHA512
542630952a3be6f6b80ae7a6aed06120952eccaefc1f40397ec8c6bd4188a29365e1d3ff972c5a4555645eb7876d31ea21b2419272807deaef92361b3e283f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\TransportSecurity

Filesize
199B

MD5
64f051a32bc7add42bd681aff3afd846

SHA1
79a5d6bf1c1efd68a90f142d2632a86e8529fea3

SHA256
24f5c0513a3d3f8ccbb3c26863bea310a13e1afe829a62f9c6aa4a6f2e857d12

SHA512
fe9ee4e218d393021ca989fa29bdd0bafabf71dd223cab87fe567cb2bd3c65e4178862bf315d87b9df056b1fa3b3225ae3533c778e627728b718136e4078ce09

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\TransportSecurity

Filesize
203B

MD5
3b2f1835fb75b7c1ff37ea53b123d5b7

SHA1
506e7afe3554e754c3ea4b2acc977bf94309e1b4

SHA256
ee09ccc7b85a1b1591de012415f70c58bed99ec56e185bc88a90a974b313120c

SHA512
bc965aba399d1428c97228a1866fb3287b48b0bae53a75eceaa07b2ed269b17384cae146e223f30eed22a0ecd5c3077045eff13311672abd75833ed12bb9cfb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-9LGIS.tmp\Setup.tmp

Filesize
3.1MB

MD5
f3b4d096d4cee3df1d9c8a1c45da95b5

SHA1
c61c6d61b77554dfb37b0ae84b1eb7f142888bbb

SHA256
9cea3c44bf11f95583b35b6f69085f9105168eb69bb6cb0cbd64fe21420bce1d

SHA512
04493cef582c86ec54badfaeac7abd595010025f3c92e1fe23e6a2b8d2441f2ab256a754be2b02954364c2de080a15bee37b5a653a62c1ce6b16b967a13efb50

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 MC Prefs

Filesize
1KB

MD5
82532b9b14074f8fb97e241b713830dc

SHA1
85e82f923a4952dba32ef7c93a1418df7b975742

SHA256
9f2a6ddeb493d718631c32e5c5eec13082b6cd82100f2a52be7c45249c399e9c

SHA512
3ce2fac8f0195ba48f713c89ad7188f31bb970926478bde1a256490f87a01481dbaaa99382c40819114757729b768c5d5318a671f5ddb19c286483616912ecda

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 MC Prefs

Filesize
1KB

MD5
dae5f94f73e81ead36de9baad52e5e00

SHA1
792d027e4e8a59470956a3850ff888e964d5882f

SHA256
b46dd31319805e780c554afe67bd09ecb31b84f1002e9ae9e2ea36e39f10cd7e

SHA512
af0046c6010a675f2f5c9bb927c1e1736a9623a9da540a13df881e0d508da732a8c0a6008e7f764ad9b1b5e34cd22e65178a9bfc83d0a20b71fbbb3e0b9995a0

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 MC Prefs

Filesize
1KB

MD5
f18c39e59b1ee1028bb8428439621b5d

SHA1
36decd9a9ba9f8444add94270844056cb522c4c8

SHA256
328df672a1c730c62649d48e98b527d68705b4a34727ef4312586088220167c5

SHA512
41f5df65207ffb2bf96f4a555502b960bf39a33d1e2b29a74420e8e3426486b93979500bb7515d573819ba81a7ccc7951a2cdd3c49fde97ab3fd1ba0fd0f35bc

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 Prefs-indep-output.txt

Filesize
319KB

MD5
79f1add541242372a92d869d09cd97af

SHA1
2133d582166781523737a9b4316cbcabcabd5003

SHA256
b79bae458ca7f2c0b70d235835447799bb4f92a73a5eb71a9ed35992a43e4a76

SHA512
716922ea33ee42984357f85f3ba32135655d4e03f77e2b086a266693b70173483e917c14a1dca2b5117636b63f121a7c11d8e6a02c15210337391f394201e4d1

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 Prefs-indep-render.txt

Filesize
31KB

MD5
ac260ed3f73bdb0b536a768c58f65c1e

SHA1
e6e2998f35d7e214dd6dd10aaacd57dee0d02db9

SHA256
8c5d6761ce7873e3a4d5f80f94b50da7870d4ddde7b40e7cde7ea386e63a1b7d

SHA512
2c83e47d660607b69f9469d71d7a197407ff8c3c2fefdd7657f1db19f43e7b39e64153623d3c90a33e2f4c39cf65de0982bfe5ded31326053d6c3da09936e9a2

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 Prefs-paint.txt

Filesize
56B

MD5
65ed218dbba5e06c5bda5779ce171d90

SHA1
09c26a83a6be0780b19bf1d1ab58b941994e9ce8

SHA256
667b39871b81af559820541a11df3aadd11c8c135e6099125d9b58e8a1cba709

SHA512
b9346e8e14a47128f32590be67f983d24787ecc0c07f5f8b72de8936aa84f14c4606add91cceb2716017ad6e7c30d8aceaed314ebd80fe525bdc2c68c3ee87da

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 Prefs-paint.txt

Filesize
4KB

MD5
fd8abdae8877a1363301ab7dc7bc41aa

SHA1
c6d86da1c3967886b86e60addeefa5851b7fe3c5

SHA256
de85389cb8d93f667948eb28b03f734159c71abdf00272c6c1f341cbe6e7bc54

SHA512
4354f4dbb9eb403744fcf792e5a23d2475564d59b9dc82d90601ca89ee61748bc5c3278c5b1f553b663c41406aed650f3214e4dd79bfd6dc11edf3d43df574a1

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Debug Database.txt

Filesize
7KB

MD5
6e0a48f72b10fb392755c232d51a54fd

SHA1
556c9f32b68d7e1bc33d9165eb275d446d9f411c

SHA256
a294e5db4d93d53685dcd4fc55f016a8b0b8904fd52a2d79794065ee01ffeb32

SHA512
ccd20c80e006932973b0d296b5c05b570c13dff930d493f0fd587de3ef5bb9d0f68ca5c99b10be0bac8161e9807d3f17352b0a4ab28491c9791dbd828de884e7

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Debug Database.txt

Filesize
6KB

MD5
de35fbed9ae821552a87fda54157699e

SHA1
57bf72ad72b2638eb9e9562add95cba44362c7db

SHA256
e621e00f616cd02f1edc112c94ed3fa93b640d513ab28d399f30b0378a968410

SHA512
72e492b7faf355bd720f85d8d7b0f3ebec96b749e283a6bf25584952ab033fa3af758a292be4275d7a334a04ad3efe222159335a008a5840622007f57b5e8857

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Debug Database.txt

Filesize
6KB

MD5
77407e9f1b3dbdacc8bbbf7ac57d1ac7

SHA1
b7b3d70348a763ad19248c545d3d979371fd31f1

SHA256
372a35cb612a35ed8e107bdcdd8982d0689a14a3890ef5517bcbc3ba73bcf208

SHA512
c1b2e469c1c21a8bbc3c07bc567da2b7a3a62afb0fa09586a55c89ad02e52d7ef2d1eec8ba4bfd6b4a33ab4836b6e0e82775154167556f9649f7c3b32114b066

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Common\f590df29-b68f-4ef7-97aa-7833aeac0a43

Filesize
1B

MD5
02129bb861061d1a052c592e2dc6b383

SHA1
c032adc1ff629c9b66f22749ad667e6beadf144b

SHA256
4b68ab3847feda7d6c62c1fbcbeebfa35eab7351ed5e78f4ddadea5df64b8015

SHA512
3173f0564ab9462b0978a765c1283f96f05ac9e9f8361ee1006dc905c153d85bf0e4c45622e5e990abcf48fb5192ad34722e8d6a723278b39fef9e4f9fc62378

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9E7PBY83SB7J0TVRB514.temp

Filesize
11KB

MD5
ee95e25fe295d6eabcf98043ced94409

SHA1
1e09d3b06e50eb0894da845b9f5acf07b7f2ffc6

SHA256
7ce2799526517ab712b9cb5fb4d412c3b4bfb18dd3c1654ce975afbcdb9d445b

SHA512
14d92a02e85d0b4c3c55ef8f5a552e7bcfe2c72b76c8cf31c671980f095e59f12643ce1ce48310453ded090086f62c6b41958716d9cd7053cdcefd9aeee33b63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
6KB

MD5
26c8b2342ad6d2a4e5bf076e987e8078

SHA1
a577c091a63ae398970651d2eea897dd70170079

SHA256
5ba8079bd8c2b55f6a5cffca1906081185813455c80794247784745e2d248fb9

SHA512
4c3bdfbe34a5c48169590b967ed89625fd24a32eb035f37abb4289d4342ac05b04c68dedb6e132ce9312bd5af8cc1740a3571a6807a93adaddda54240e21e65a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
7KB

MD5
e073a7355013d27e001249448fc4bec2

SHA1
d0f66847c535450ee89d27c8da1888bfa49392dd

SHA256
da4ad1f33049c445262762ffe9943edfb664a0829cdf10198c0ceb38bf6a656a

SHA512
c70eda9d8255f566b7db2043d8e8308cda3c8abacd89de9d112636049ba7fede73855f0238dbf506e7fbb121a94708476915bdc9e9738d7edfecd2c4d47951c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
17KB

MD5
d959ee755c665f57c0024ea8a391172a

SHA1
92c1393253c51326bc698aab54c642083de11b41

SHA256
b5b1cf8c945b8590b437abb5b4e687286bdad32f61d4b69365048ed49239467e

SHA512
b7ea66e41828348b3f3e9644bbfeee7ba89cfb15ba8fea6535f8a28b8c393c69698b66a0f5dee8fcb7f2fb8f6bd2c750f9ec3af0ba010d6b0fb9b316052eb9cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
25KB

MD5
a7e594955f395fe75e3902ee2c2425ae

SHA1
a9529c17cfb99052dd533b2f7f16029a09c6a7da

SHA256
5ddac5eea1f35efb25217fc7022653595eacfe94eb358130ff9331f17844de23

SHA512
2e29ab55df3a1ef7059266163e138fc757fac717920649a8e2af04012bbb6f168b1b384f6ab806c4640ae86c6c4315bdf7d5813fd1472af0ceaebf3d680defaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
27KB

MD5
7790e72b7cfbbdc9b963b66bbbd98ad0

SHA1
146b0258f936bcd175a8ffa29c28c443b002dffa

SHA256
62f54abd693d23b67d363f8dbb3ce91bc671a4866345277de77a679729135066

SHA512
1874c57917a003fe9715a274a939141751c89589ce3774cd76ec00048877a84bca6efe5ac6c673d9361084b58878f66015a4ed8e006cefaf668245e58d989469

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d8fbf25e4142721815155ec004785d75

SHA1
b6e3ac256eac5695e522e09d40568505ea88d37e

SHA256
f50e1b4e5d2b6418f0dbec42ca9cc4ab1193f886c9fb1197257325cecc18e2af

SHA512
266a9480e49e37fc8dc60fd44ecc5506a0818a98fc60624eb5df7f002738c223166f6c8750e804e64241c44ebd757a5310ce6a697df592463025e067ef5ab189

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
3d6fe03e75a6889905ea1cd5b8856e8e

SHA1
909fbce38298f589b251f817734234192e20822f

SHA256
42f94c877f8b69fceb10d123cfbefcfd920367b3213fb7c13848b1ab33b4d24b

SHA512
ef48513522e4407a69b19a332bea510bcaad46339a0530b2f82bdf7bf40d9e91fb200199726e903cb7391d8e1200a1237729246f5e84c15ef1e2b1fc66b9f504

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
1acb687e16a79d2048f1bde3752d247f

SHA1
dfb9a6ec5951343adbad27d4a35c0a7247982c16

SHA256
f443d9fbfc236a0f95f49f8f78cec95d86e09de8238f2fb05e5da45d676065e3

SHA512
10fd27ace11c0a0355cc4ea5a3b8f583498a79e75c9c22fc592e310aa9a7bd73de050428df67c32eb4797dad9b55f88aa19e55e0d4c681ecf316d14dacdc803c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\1a978a89-07a6-49b6-b3df-36352ef66e52

Filesize
982B

MD5
0cd6bfe00cd551ffcf1b7c418de247d7

SHA1
18d37eb4db545e18a27d91c330c30efe5af86afc

SHA256
12f2efd0289c918c30be9a54b538d4f02e9166b57654e4723b235037a9bfb571

SHA512
ba28171b1720455dbf8889ebed5f9e6320c58998ab5934234e50c1dcbd40959b0fa639b91fde56e331a53ab8d6c0ea025d9e9e0c3bb9bd46fa685f13affbd716

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\69925bd5-61c5-43f3-aea1-d512988f5850

Filesize
26KB

MD5
19e2b6df6b112753522f31c548aadaa8

SHA1
a6ba5a586b339fd3c0a3de6b2391789061731b5f

SHA256
3e8f48f60c7f58f867ceb21563c8751b92a708f5abbe14e60825a6ae1361996c

SHA512
218c3fc4ba5e5cea37717d40b1fb59a651903ce1612925621f6b0f7189ea5d549157d0ea1577eb3fb985318132de94cf2c1c983c121650672647587f5b5da88e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\9430bc53-8105-4bc7-8625-2c2e6ed4ee0d

Filesize
671B

MD5
910907bc2ddf6b9aa7056f9f26fbe5cc

SHA1
f0f60c4f7f6785bbc5b55ca8126b1a405dc92094

SHA256
7b0cebf1a8daa927f871553c113138d2d8ff36cff80064848c461d941757352b

SHA512
bac4ae87a7a832f814d823f45a59c62f7c09ee29a4533d62725aa65ca89dcd74b7b058bfbd7ccec7f9a89526fb4a669a9e974b3be4a4d3869f27d3edc3ad59c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js

Filesize
12KB

MD5
cd988bcd417721363fa222a483ceaf57

SHA1
4bdb1cd1683f7af62f8d4c5380ac6cc5b363f973

SHA256
20c137574776d6ce17f9bab389017505b9b4bff619e794dcfaab1ab3d303ab06

SHA512
14fbe58311d251df5a241034a2a5cc3fad59ca2e19520a4df09e1e996865fe343e06d8b0ec53426b3a353261fee4f7438a70c667591d31e7e3297ea07439d820

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js

Filesize
10KB

MD5
9d97950c0292a5f757ee3acfe68575c4

SHA1
70d0b102985fb393ebe7fe217096629d9a20ecac

SHA256
1dda398be2055aa521c711c1d26cd95fce26d7bdf814040a87a3e92f920b176e

SHA512
e36c874799108bfbbc9d4afa08f0ef0b3591e14744af05801151a73988c120e0ddeceb37e40eb910328109287f1636ad9ffa6290c1795500a6381fb141889959

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs.js

Filesize
10KB

MD5
3e7359f901b06a81fdaf72bd98e94552

SHA1
b58c0eb67185c0746d1439d21a566092226d5e75

SHA256
b551e790272fdfdb0117da1b49693a88fdb3b52e5f67809768cb9ef5caca44fa

SHA512
e66156179617c43b42cc7903eade958010af0c04f6a850f944747218ef26afe5a767ed0d453d816533e0f8b5bda12ee21404a48a3b7929b28bf5cef168310488

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs.js

Filesize
11KB

MD5
8963bfb3a787fad7ad458f55980c49a4

SHA1
82c49a5a250a0f469503fcfe7feb65703645bea2

SHA256
7d6d5a49a95c94788300eff1a80571c4a37ec3a8b097ad8b3cb3d413c8d7f21c

SHA512
639720a63fe26b55880ac81ffffb4eb33b24a1a55758fa5c5fb6a97ec11c28c8ffd19bb5f7c0ff8fb991c6bcd1b2d9dc47412f5219352c284b04e60cbec759fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
9811cfc52ab709b2ad4f7b6df3404f24

SHA1
1c37e18dcdbaf0aa95c524ecc2b7612db9c22558

SHA256
c7298c521a5e481a9deb3b649967288eb6da7bb60250d77d262fb0cf950a577a

SHA512
924d2c6d9508a86189555faeddb5b4a68caeec1a59da581903741e1d0798bc2815ae12ba9e322a66e0d9c6bec4513bf5e1be0c5bdeed031eddea3c56f1f4374c

Download Submit
C:\Users\Admin\Desktop\Comp 1.mov

Filesize
1024KB

MD5
ff7d8078961915d14fa57f00227fe02d

SHA1
d0714390bbc9fa6f718f79a4367f852607664042

SHA256
017e669079caffe72d799eb0d823b47f544b147b11077050a6ceaca654e6c4e9

SHA512
d93e571892bb2fe1a3f01bc929ff803528e28d34536029a9402f0f4e71e31a49828c23ccfe525d493f12c920bd6d73d545987aac65c98d82cd5edf73e98e86bf

Download Submit
C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe

Filesize
2.1MB

MD5
6c1620e5ff6fe39252348b0a314586c5

SHA1
caf8b8b2cc7a95762ee9413b825d6b7d80b90e0b

SHA256
d0ca0c9b434c6d2c468548d4add127e83114bf0eb2afb3d2beb6777791798ff7

SHA512
05c0ab98043cb4ef7c76b424d04b497ba6aef79e0029ee111cd62d738df3ae6ad1bee324bc22f7b6433e21b26d72d93a155a8065663aed284be8a4b237810317

Download Submit
memory/1072-799-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1072-1128-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1072-800-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1072-1440-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1072-658-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1072-3484-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1072-6471-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1072-10242-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1072-4937-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1072-9463-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1564-10312-0x00000000184E0000-0x0000000018532000-memory.dmp

Filesize
328KB

Download
memory/1564-10309-0x0000000180000000-0x0000000182E02000-memory.dmp

Filesize
46.0MB

Download
memory/1564-10316-0x0000000018850000-0x000000001888B000-memory.dmp

Filesize
236KB

Download
memory/1564-10301-0x0000000002500000-0x000000000259F000-memory.dmp

Filesize
636KB

Download
memory/1564-10304-0x0000000004D80000-0x0000000004DAA000-memory.dmp

Filesize
168KB

Download
memory/1564-10308-0x00000000054C0000-0x0000000005558000-memory.dmp

Filesize
608KB

Download
memory/1564-10307-0x0000000004E60000-0x0000000004F5A000-memory.dmp

Filesize
1000KB

Download
memory/1564-10303-0x0000000004D00000-0x0000000004D80000-memory.dmp

Filesize
512KB

Download
memory/1564-10310-0x000000000F440000-0x000000000F78F000-memory.dmp

Filesize
3.3MB

Download
memory/1564-10314-0x0000000018540000-0x00000000185C2000-memory.dmp

Filesize
520KB

Download
memory/1564-10311-0x0000000180000000-0x0000000182E02000-memory.dmp

Filesize
46.0MB

Download
memory/1564-10305-0x0000000004DC0000-0x0000000004DF9000-memory.dmp

Filesize
228KB

Download
memory/1564-10313-0x0000000016F80000-0x0000000016FBA000-memory.dmp

Filesize
232KB

Download
memory/1564-10302-0x0000000003660000-0x00000000036D5000-memory.dmp

Filesize
468KB

Download
memory/1564-10315-0x00000000185D0000-0x0000000018604000-memory.dmp

Filesize
208KB

Download
memory/1564-10306-0x0000000004E10000-0x0000000004E4C000-memory.dmp

Filesize
240KB

Download
memory/2892-796-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2892-10243-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2892-653-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2892-651-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/4120-10423-0x0000000000ED0000-0x0000000000F65000-memory.dmp

Filesize
596KB

Download
memory/4120-10428-0x00000000013B0000-0x0000000001409000-memory.dmp

Filesize
356KB

Download
memory/4120-10429-0x0000000001420000-0x0000000001546000-memory.dmp

Filesize
1.1MB

Download
memory/4120-10427-0x0000000001110000-0x00000000013A8000-memory.dmp

Filesize
2.6MB

Download
memory/4120-10421-0x0000000000E80000-0x0000000000E95000-memory.dmp

Filesize
84KB

Download
memory/4120-10426-0x00000000010B0000-0x00000000010F9000-memory.dmp

Filesize
292KB

Download
memory/4120-10419-0x0000000000820000-0x0000000000882000-memory.dmp

Filesize
392KB

Download
memory/4120-10425-0x0000000000FA0000-0x000000000109A000-memory.dmp

Filesize
1000KB

Download
memory/4120-10424-0x0000000000EB0000-0x0000000000ED0000-memory.dmp

Filesize
128KB

Download
memory/4120-10422-0x0000000000E50000-0x0000000000E75000-memory.dmp

Filesize
148KB

Download
memory/4120-10420-0x0000000000890000-0x0000000000AF5000-memory.dmp

Filesize
2.4MB

Download
memory/4120-10418-0x00000000007F0000-0x000000000081C000-memory.dmp

Filesize
176KB

Download
memory/4120-10430-0x0000000001590000-0x0000000001631000-memory.dmp

Filesize
644KB

Download
memory/4276-10443-0x00000000027B0000-0x0000000002845000-memory.dmp

Filesize
596KB

Download
memory/4276-10431-0x0000000000410000-0x0000000000469000-memory.dmp

Filesize
356KB

Download
memory/4276-10436-0x0000000001EB0000-0x0000000001EF7000-memory.dmp

Filesize
284KB

Download
memory/4276-10442-0x0000000002500000-0x0000000002798000-memory.dmp

Filesize
2.6MB

Download
memory/4276-10441-0x00000000024A0000-0x00000000024E9000-memory.dmp

Filesize
292KB

Download
memory/4276-10440-0x0000000002390000-0x000000000248A000-memory.dmp

Filesize
1000KB

Download
memory/4276-10439-0x0000000002360000-0x0000000002375000-memory.dmp

Filesize
84KB

Download
memory/4276-10438-0x0000000002220000-0x0000000002346000-memory.dmp

Filesize
1.1MB

Download
memory/4276-10435-0x00000000018A0000-0x00000000018CF000-memory.dmp

Filesize
188KB

Download
memory/4276-10434-0x00000000014F0000-0x000000000158F000-memory.dmp

Filesize
636KB

Download
memory/4276-10432-0x0000000001150000-0x00000000011C5000-memory.dmp

Filesize
468KB

Download
memory/4276-10437-0x0000000001F10000-0x0000000001F27000-memory.dmp

Filesize
92KB

Download
memory/4836-10377-0x0000000000DE0000-0x0000000000E75000-memory.dmp

Filesize
596KB

Download
memory/4836-10376-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/4836-10375-0x0000000000D60000-0x0000000000DB9000-memory.dmp

Filesize
356KB

Download
memory/4836-10378-0x0000000000DC0000-0x0000000000DD5000-memory.dmp

Filesize
84KB

Download
memory/4836-10379-0x0000000000E80000-0x0000000000EA0000-memory.dmp

Filesize
128KB

Download