hxxps://drive[.]google[.]com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Analysis

max time kernel
698s
max time network
695s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
30/01/2025, 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view

Score

7^/10

discovery persistence privilege_escalation upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe
Key value queried	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\Control Panel\International\Geo\Nation	CEPHtmlEngine.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 27 IoCs

pid	Process
2888	Setup.exe
1592	Setup.tmp
3704	Creative_Cloud_Set-Up.exe
1136	Setup.exe
1784	Setup.tmp
3820	AfterFX.exe
212	crashpad_handler.exe
1908	AEGPUSniffer.exe
2060	dynamiclinkmanager.exe
2448	GPUSniffer.exe
2080	crashpad_handler.exe
1760	TeamProjectsLocalHub.exe
1468	CEPHtmlEngine.exe
3888	CEPHtmlEngine.exe
3488	CEPHtmlEngine.exe
4268	CEPHtmlEngine.exe
4220	CEPHtmlEngine.exe
4000	CEPHtmlEngine.exe
6112	Setup.exe
3688	Setup.tmp
5204	Setup.exe
5232	Setup.tmp
5364	Setup.exe
5408	Setup.tmp
5452	Creative_Cloud_Set-Up.exe
920	Creative_Cloud_Set-Up.exe
5072	Creative_Cloud_Set-Up.exe

Loads dropped DLL 64 IoCs

pid	Process
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	AfterFX.exe
File opened (read-only)	\??\D:	AfterFX.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
5	drive.google.com

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000023caf-9818.dat	upx
behavioral1/memory/3704-9820-0x00000000004F0000-0x0000000000C76000-memory.dmp	upx
behavioral1/memory/3704-9860-0x00000000004F0000-0x0000000000C76000-memory.dmp	upx
behavioral1/memory/5452-11380-0x00000000004F0000-0x0000000000C76000-memory.dmp	upx
behavioral1/memory/920-11418-0x00000000004F0000-0x0000000000C76000-memory.dmp	upx
behavioral1/memory/5072-11467-0x00000000004F0000-0x0000000000C76000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\EngineAssets\Fonts\is-R3B3N.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\is-8OH1G.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Multi-Line\is-K9Q33.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Rotation\is-JA094.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\eaurl.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\css\is-5FS92.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-0JHDV.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-C2N8F.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-SV62U.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-EOG1G.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-KJ1DB.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-GT319.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtGraphicalEffects\is-06MF6.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\resources\fonts\is-6FKKB.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\boost_atomic.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\bin\Qt5QuickWidgets.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQml\Models.2\modelsplugin.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\is-UVBJJ.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\locales\is-6GNCA.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\EngineAssets\Meshes\Manipulators\is-T4CKG.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\CSXS\is-810LO.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-HQAF3.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ACE.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Material\is-THECD.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\typesupport\unicode\mappings\mac\is-468RM.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-TPETV.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-L8THQ.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-CK69U.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-EFE91.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls\Styles\Base\is-3T65R.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Imagine\is-POVD9.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\lec.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Fusion\is-B5PTM.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\Material\is-A40PD.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\mkl_intel_thread.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-IV8CV.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-M21BG.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\pdflsupport\Fonts\is-3L4UF.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\images\is-K4NS9.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PNG\is-QBMMT.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Paths\is-GPG5H.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\is-PSECB.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\locales\is-1K88B.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-S7O4K.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\sl_SI\is-83E65.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\is-SPOKI.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Extras\is-DO7HR.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-41I9G.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-DMB8S.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\DirectX\DisplaySurface\is-E08QV.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AdbePM.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvascripting.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-75TP1.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-B82A3.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\resources\is-6L302.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\pdflsupport\Fonts\is-PKLCK.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Transitions - Wipes\is-14ENK.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\images\thumbs\is-CC7C5.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\cursors\is-90QP4.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\locale\fr_CA\is-9M5PH.tmp	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Presets\Text\Miscellaneous\is-5IRMB.tmp	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamic-torqnative.dll	Setup.tmp
File opened for modification	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AdobePDFSettings.dll	Setup.tmp
File created	C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\js\is-VDK5G.tmp	Setup.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

pid	pid_target	Process	procid_target
1816	3704	WerFault.exe	125
4520	5452	WerFault.exe	156
3548	920	WerFault.exe	162
3456	5072	WerFault.exe	173

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Creative_Cloud_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Creative_Cloud_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Creative_Cloud_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Creative_Cloud_Set-Up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Creative_Cloud_Set-Up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Creative_Cloud_Set-Up.exe = "11001"	Creative_Cloud_Set-Up.exe

Modifies registry class 50 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\CLSID = "{D517CC93-7066-4D06-A2AF-2F4298738C2A}"	AfterFX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08E3287F-3A5C-47E9-8179-A9E9221A5CDE}	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	AfterFX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D517CC93-7066-4D06-A2AF-2F4298738C2A}	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\FriendlyName = "Dump"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	AfterFX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	AfterFX.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-70482961-775596374-3727440602-1000\{1F661C0C-A72E-4EAD-895F-CD15373AB76D}	CEPHtmlEngine.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\InprocServer32	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\InprocServer32\ = "C:\\Program Files\\Adobe\\Adobe After Effects 2022\\Support Files\\(Media Core plug-ins)\\Common\\DvFileWriter.prm"	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\InprocServer32\ThreadingModel = "Both"	AfterFX.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D517CC93-7066-4D06-A2AF-2F4298738C2A}	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08E3287F-3A5C-47E9-8179-A9E9221A5CDE}\ = "Multigraph Bridge Controller"	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08E3287F-3A5C-47E9-8179-A9E9221A5CDE}\InprocServer32\ = "C:\\Program Files\\Adobe\\Adobe After Effects 2022\\Support Files\\(Media Core plug-ins)\\Common\\DxMultiGraphBridge.prm"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	AfterFX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08E3287F-3A5C-47E9-8179-A9E9221A5CDE}\InprocServer32	AfterFX.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\FilterData = 020000000000200001000000000000003070693300000000000000000100000000000000000000003074793300000000380000003800000000000000000000000000000000000000	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{08E3287F-3A5C-47E9-8179-A9E9221A5CDE}\InprocServer32\ThreadingModel = "Both"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3"	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	AfterFX.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}\ = "Dump"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AfterFX.exe
Key created	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Documents"	AfterFX.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	AfterFX.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AfterFX.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-70482961-775596374-3727440602-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AfterFX.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D517CC93-7066-4D06-A2AF-2F4298738C2A}	AfterFX.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4744	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4332	msedge.exe
4332	msedge.exe
1496	msedge.exe
1496	msedge.exe
3476	identity_helper.exe
3476	identity_helper.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
2196	msedge.exe
2196	msedge.exe
1592	Setup.tmp
1592	Setup.tmp
3704	Creative_Cloud_Set-Up.exe
3704	Creative_Cloud_Set-Up.exe
3704	Creative_Cloud_Set-Up.exe
3704	Creative_Cloud_Set-Up.exe
3704	Creative_Cloud_Set-Up.exe
3704	Creative_Cloud_Set-Up.exe
3704	Creative_Cloud_Set-Up.exe
3704	Creative_Cloud_Set-Up.exe
3704	Creative_Cloud_Set-Up.exe
3704	Creative_Cloud_Set-Up.exe
3704	Creative_Cloud_Set-Up.exe
3704	Creative_Cloud_Set-Up.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe
3820	AfterFX.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4336	OpenWith.exe
4744	vlc.exe
3244	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeRestorePrivilege	1468	7zG.exe
Token: 35	1468	7zG.exe
Token: SeSecurityPrivilege	1468	7zG.exe
Token: SeSecurityPrivilege	1468	7zG.exe
Token: SeIncreaseQuotaPrivilege	3704	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	3704	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	3704	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	3704	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	3704	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	3704	Creative_Cloud_Set-Up.exe
Token: 33	4516	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4516	AUDIODG.EXE
Token: SeIncreaseQuotaPrivilege	5452	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	5452	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	5452	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	5452	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	920	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	920	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	920	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	920	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	5072	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	5072	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	5072	Creative_Cloud_Set-Up.exe
Token: SeIncreaseQuotaPrivilege	5072	Creative_Cloud_Set-Up.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
1496	msedge.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe
4744	vlc.exe

Suspicious use of SetWindowsHookEx 26 IoCs

pid	Process
4336	OpenWith.exe
4336	OpenWith.exe
4336	OpenWith.exe
4336	OpenWith.exe
4336	OpenWith.exe
4336	OpenWith.exe
4336	OpenWith.exe
4336	OpenWith.exe
4336	OpenWith.exe
4336	OpenWith.exe
4336	OpenWith.exe
4336	OpenWith.exe
4336	OpenWith.exe
4744	vlc.exe
3244	OpenWith.exe
3704	Creative_Cloud_Set-Up.exe
3704	Creative_Cloud_Set-Up.exe
3820	AfterFX.exe
1468	CEPHtmlEngine.exe
3820	AfterFX.exe
5452	Creative_Cloud_Set-Up.exe
5452	Creative_Cloud_Set-Up.exe
920	Creative_Cloud_Set-Up.exe
920	Creative_Cloud_Set-Up.exe
5072	Creative_Cloud_Set-Up.exe
5072	Creative_Cloud_Set-Up.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 2168	1496	msedge.exe	85
PID 1496 wrote to memory of 2168	1496	msedge.exe	85
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4936	1496	msedge.exe	86
PID 1496 wrote to memory of 4332	1496	msedge.exe	87
PID 1496 wrote to memory of 4332	1496	msedge.exe	87
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88
PID 1496 wrote to memory of 1956	1496	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1lI-IL0gg8WoRTc-3cazYsUkFjjstyCRX/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff960a246f8,0x7ff960a24708,0x7ff960a24718
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3160 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,10886755216722876047,10732854253395993265,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4336
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\AfterEffects 2022.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4744

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3744

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AfterEffects 2022\" -ad -an -ai#7zMap24991:96:7zEvent5627
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3244

C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2888
- C:\Users\Admin\AppData\Local\Temp\is-TSU60.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-TSU60.tmp\Setup.tmp" /SL5="$160290,882176,0,C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1592

C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3704
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 2600
  2⤵
  - Program crash
  PID:1816

C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1136
- C:\Users\Admin\AppData\Local\Temp\is-7V3OA.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-7V3OA.tmp\Setup.tmp" /SL5="$4028C,882176,0,C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3704 -ip 3704
1⤵
PID:5024

C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe
"C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3820
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe" --no-rate-limit "--database=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db" "--metrics-dir=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db" --url=https://o307710.ingest.sentry.io:443/api/5227323/minidump/?sentry_client=sentry.native/0.4.10&sentry_key=b757a395cf2c47dfbaa4bcf6186b45bb "--attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\b020fc3d-fbc4-4bfb-6c45-582a0ecf203f.run\__sentry-event" "--attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\b020fc3d-fbc4-4bfb-6c45-582a0ecf203f.run\__sentry-breadcrumb1" "--attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\b020fc3d-fbc4-4bfb-6c45-582a0ecf203f.run\__sentry-breadcrumb2" --initial-client-data=0xcfc,0xd00,0xd04,0xcd4,0xd08,0x17fc48a0,0x17fc48c0,0x17fc48d8
  2⤵
  - Executes dropped EXE
  PID:212
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe"
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamiclinkmanager.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamiclinkmanager.exe"
  2⤵
  - Executes dropped EXE
  PID:2060
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\TeamProjectsLocalHub.exe"
    3⤵
    - Executes dropped EXE
    PID:1760
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\GPUSniffer.exe
  -T 62 -H 804175820553820
  2⤵
  - Executes dropped EXE
  PID:2448
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db --metrics-dir=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db --attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db\36cdd6eb-6469-4705-9533-662c08c1d4bb.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db\36cdd6eb-6469-4705-9533-662c08c1d4bb.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Temp\Adobe\GPUSniffer\22.0\SentryIO-db\36cdd6eb-6469-4705-9533-662c08c1d4bb.run\__sentry-breadcrumb2 --initial-client-data=0x4a0,0x4a4,0x4a8,0x47c,0x4ac,0xbb948a0,0xbb948c0,0xbb948d8
    3⤵
    - Executes dropped EXE
    PID:2080
- C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
  "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\index.html" 57103a74-5a22-41d3-9d6e-a7ee4f2c0153 3820 AEFT 22.0 com.adobe.DesignLibraries.angular 1 "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" "AE_CApplication_22.0" 1 WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= en_US 4280492835 100 1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1468
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=gpu-process --field-trial-handle=1712,6853996233894316459,17142412950789884174,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --params_ppid=AEFT --params_serverid=3820 --gpu-preferences=OAAAAAAAAADhAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAABQAAABAAAAAAAAAAAAAAAAYAAAAQAAAAAAAAAAEAAAAFAAAAEAAAAAAAAAABAAAABgAAAA== --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=1728 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    PID:3888
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1712,6853996233894316459,17142412950789884174,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=utility --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2092 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:3488
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1712,6853996233894316459,17142412950789884174,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --lang=en --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --mojo-platform-channel-handle=2120 /prefetch:8
    3⤵
    - Executes dropped EXE
    PID:4268
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1712,6853996233894316459,17142412950789884174,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=3820 --params_extensionuuid=57103a74-5a22-41d3-9d6e-a7ee4f2c0153 --params_windowid=66534 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2420 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:4220
- - C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe
    "C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\CEPHtmlEngine.exe" --type=renderer --no-sandbox --enable-nodejs --mixed-context --disable-accelerated-video-decode --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --disable-threaded-scrolling --field-trial-handle=1712,6853996233894316459,17142412950789884174,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --enable-nodejs --mixed-context --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\CEPHtmlEngine11-AEFT-22.0-com.adobe.DesignLibraries.angular.log" --log-severity=error --params_ppid=AEFT --params_ppversion=22.0 --params_extensionid=com.adobe.DesignLibraries.angular --params_loglevel=1 --params_serverid=3820 --params_extensionuuid=57103a74-5a22-41d3-9d6e-a7ee4f2c0153 --params_windowid=66534 --node-module-dir="C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries" --params_commandline=WyItLWhpZ2gtZHBpLXN1cHBvcnQ9MSIsIi0tZW5hYmxlLW5vZGVqcyIsIi0tbWl4ZWQtY29udGV4dCIsIi0tZGlzYWJsZS1hY2NlbGVyYXRlZC12aWRlby1kZWNvZGUiLCItLWRpc2FibGUtdGhyZWFkZWQtc2Nyb2xsaW5nIiwiLS1kaXNhYmxlLXBpbmNoIl0= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:4000

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4516

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\dd7381f671424f6788670490a630d512 /t 4448 /p 3820
1⤵
PID:5832

C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6112
- C:\Users\Admin\AppData\Local\Temp\is-EPCEF.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-EPCEF.tmp\Setup.tmp" /SL5="$2040C,882176,0,C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:3688

C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5204
- C:\Users\Admin\AppData\Local\Temp\is-B0P24.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-B0P24.tmp\Setup.tmp" /SL5="$4032C,882176,0,C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5232

C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5364
- C:\Users\Admin\AppData\Local\Temp\is-7N6PR.tmp\Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-7N6PR.tmp\Setup.tmp" /SL5="$5032C,882176,0,C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:5408

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\AfterEffects 2022\Readme.txt
1⤵
PID:5628

C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5452
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 2380
  2⤵
  - Program crash
  PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5452 -ip 5452
1⤵
PID:2412

C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:920
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 2508
  2⤵
  - Program crash
  PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 920 -ip 920
1⤵
PID:3652

C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe
"C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5072
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 1932
  2⤵
  - Program crash
  PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5072 -ip 5072
1⤵
PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Adobe\caps\hdpim.db

Filesize
68KB

MD5
d6979b4794b15e3bc57ae5a84afbb92b

SHA1
a483617ad62b6903c4e68acc305000618af03982

SHA256
504c18904939228f7594cf24722c10089779774d022e44a4a87f3f08ada89c55

SHA512
0ece7a27579496aed1c9216826ea77c9ec38cd2da5a004b272431af2334ea22385caa80433295e07264ba6836b0a1b189be7a09a8ca826477890fd90c54b2d08

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AEGPUSniffer.exe

Filesize
88KB

MD5
2bbbb19177275633b987a982a1a4b583

SHA1
fb51fa814fd79113955d08c093f7382591b8c555

SHA256
eb523412ab9594a827f9a8034daea1b0973007c4f245686ef56d9846136cb58a

SHA512
e7bba439e14de99c57f1c350e3a4ee0a57f38850034146b119b57ae875470d66dfd90fb48e9c374eeb0c39099ea7417810c4ac6d4a041fe9d313ed579996927b

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ASLFoundation.dll

Filesize
456KB

MD5
815c858fe48e3b487139ad790d6086bf

SHA1
ae0f2a07c1beabdf87584f6e16b027783e56295e

SHA256
3b6e03d838cb72be322a74d7c2db79d820ba82eaf3c890765a07bbbe21aa044a

SHA512
3ee5678bc1b3393587c10e5a46ee79fe01c7c5af171293721944e779f71c44519a5fa8f222da13a1092328282d91c564486950cf4aeb8ffa00b4241f30466c98

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFX.exe

Filesize
1.2MB

MD5
782cd23f53637c6298b1fd849ae89440

SHA1
fea438d27ca9ad9dc293c5054452c00ee73b8492

SHA256
53b8ca0bdf6f16b2770ac0b3ef4f7d9d96ea660328407a31956b01617fc1a397

SHA512
c61fe1270c75a9fb5e11be45ba064d82bbd74a32859e888d1bbc6474c4ada95e0497760eb17ba3722f47ecce88c275f514f45c2030698d5dc112b94d45d30420

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\AfterFXLib.dll

Filesize
45.5MB

MD5
12346f5c85b4c9d208e02d5ce6ed87df

SHA1
c1f2b9edc65d56c2c4cc7e34f1b668d5ed180623

SHA256
f4ffb5cc7e790a42c0a625df35b091acd8a7c8d5cc935b5a168cd421eb59bcc9

SHA512
1699d0b11ebd9b2e452ae42ac2c1f84074a64d3a86f32ceb8ecb1585a3c9a359ae8e6613367227349802e151db67e80ff2f3ab40eead75b80c061df880214d36

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Backend.dll

Filesize
18.9MB

MD5
76ec2017cf08bbe72322bfea769a623b

SHA1
2d0604cfa431f4b0dce424c553584e7539b0c95e

SHA256
9ff123b4c20983066dbfbc26b8fe2df94d6ef6fedceb80680752d61e81062ed8

SHA512
f06efeb269baab2da845cd2346d1c9c917640e41a072d8fe24114e5caa0f907295e3a53daedb21ab727d843807c9a8ce33c8a683d47f10dd0e45ed90b8b77cc1

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CEPHtmlEngine\locales\is-1ML1F.tmp

Filesize
553KB

MD5
9e64f617c7278342dce87dd3bac112a6

SHA1
0c58bdd98c69b0f73578a56311aa22bc85f70d87

SHA256
6f117db8d19641253877c928fb4e3a8710f4380ba66b0d8f883a79c1e64b8edb

SHA512
40ac1fb74009921c32cec922d0efe55ff061dab9b647ada2ee28c8da986ff0b017fceaf9f04885a38b8aab02cce1618600ba473d89e6731306189b422ff9cd81

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\CodecSupport.dll

Filesize
2.7MB

MD5
19c2ecf80bc4b84b43ec36c57a52cb94

SHA1
00c56f8c661376c88b579d56f922810467196b72

SHA256
8a52106f072bca00c74c093b7b902c7a3d305fde53add61829ba9b05bf82333f

SHA512
0e86ae79e110c382de36dba77a03c834c5dcf9a6debf535edfa33db11153aa7b813f7ea88c8eb0d6487472dcc2a9e08cbe15cd136f55216622f0cb5b88245e7d

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\DisplaySurface.dll

Filesize
1.3MB

MD5
2bd3bbd8cfd1b6c31b3278a0a0c667c8

SHA1
2e7c58ba732bf6248d318e9202ed8e5689feb1bb

SHA256
0fdfe23cae936fb70b845b7af8e0b5140ddf41ac28722cbda3e8a007e3e0e3f5

SHA512
93fce7b3142768c9e31fafba5bae18a911847de3c22555662051b70d4434410f398bf008eb2947c1cda41514ad08ece1f50d05917001b7974d861d448ed68954

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\EAClient.dll

Filesize
8.3MB

MD5
15b27cb2d8dd2fa489d9d999ad2f3225

SHA1
849badfe19efdb67d57d5fc340a7a966c86e95bd

SHA256
f8e1d4663c13156a62f81010fd81d136c4362127955667c2fa1371383bc0837d

SHA512
9651a16770ca842d1551612aae865826f5fb0bd3c0833c9819e72ee7af2e722ecd64a82aa0db28535cb7de5443108379d7aeba6d3e58837c0459ba9a57a2546f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\EAProjectBridge.dll

Filesize
5.7MB

MD5
9b8d4fbca19b50773ff6567d58ddd587

SHA1
503a1752a884c09b290f4a798745e63b73a5399c

SHA256
832ce693d15a0a9af4d779d7a80a552a41607c12710102452ac3165a9dffe01f

SHA512
f98ca4639f12f5760a429177cba624e30a28fa8f951cfe2c3b483cc35621aca4b0fce0e99adc1cece72f6f822852bca1429779c28956781fd84b61934b5467d6

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\GPUSniffer.exe

Filesize
73KB

MD5
4fc25859dca18b10c05d95e771ee5b7c

SHA1
eec5fd0c235e1a1b3b1566ce47cf51a8424fc7f1

SHA256
ffe261f970a8e9063aac16a5512c7366f342a47ac2e7312b98852b0ce9244d3d

SHA512
79e4275112ecf0e1bd9034b0dacd1a10b57849214d0a1a0d4728d9f298aef22be8ba1e540317190244815fafe2fdf281010ee22b752205f2e8a2bad347a16fb3

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\locale\fr_MA\is-6R7O9.tmp

Filesize
88KB

MD5
1a52bd2381250e4ef68a411e3f70416a

SHA1
280de059b7ffb6be20890697e485921f977b959a

SHA256
4c1f429a49b1f0d839fac6729bcb7aa956a6547c91c6d8a8ea92265923985fe5

SHA512
3224c891f3e3603fd07bead33218837b6283dc35d71f7c1cb5bb71fa81bcba87bd81892b1062042a8ce2a6291680b9146d837ebe1600912865d4f05af8158049

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Libraries\locale\zz_ZZ\is-115HD.tmp

Filesize
73KB

MD5
d675e91aea7f0fec379ecda4fe44182e

SHA1
3c72fb9ee678b91cfed8d702077ae6f48247aae3

SHA256
83f04204cd78ad88287b1e44d2200745a0f59863754906bb358c41228c2b8798

SHA512
d971aa0db0307a23d5e21609fc5b995752a24d79f5d2d880b47cdc7123ba12359df8c1e7602d675e59152da58420354fa5e76973e71eb90abe0ddc5fbfaf8fbc

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MLAssets\is-GOF27.tmp

Filesize
344B

MD5
2f4f57eff18062e994989da91f4086d1

SHA1
dacb16b5573f9cf7fb3762f169a1b52f79de3b3c

SHA256
22d18eae8b4a0091e1a8a50346c5f59901b33736df0a8fbbff4d7ba033a416cb

SHA512
e4b346d3def9a8b185a1ec0890a143cfe62ef73bf7cf7ee8a562a6cc31f7d74d63e438218af18e05387ff257b3a694f429010945e44f377e6853e4fef5d4eabf

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MLAssets\is-PCP8N.tmp

Filesize
344B

MD5
803efabdcb80cc3f150be9e41f7b4b57

SHA1
0750a3092054536d88a9c3b430e8ddf71b134bf5

SHA256
332312e95be9df62848fe57f265f54e219f071cf218c28ea23151fed66d0d859

SHA512
354d9ca7dc2cfb349014f24e0fd008f024a083fdc3321d2e57c778e0eeacc27ef24663c937287903e26d147aa8e515261fde59af8b1e8f3bf057619f338a39d4

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MSVCP140.dll

Filesize
609KB

MD5
3aece536e1e7957a3b1150c3a45b8d26

SHA1
714a130c6d3de4356a782f6d469430669030405c

SHA256
beee6ddee281c1884b9dbfa66be05380ca12858e91211bf182c4af0d734e3f44

SHA512
2ea958a4c8e7ad1f9ab61e5141194deab18f2c6972a8c39986a815b1ccb1b158028a61a81c4002f48bf52564a9bf8d8d4156417807838d8cd4c62af0ceb1fdd3

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MachineLearningUtilities.dll

Filesize
497KB

MD5
5207ceb8e80c3e378a1d94cde5cd81ac

SHA1
203b7e8a59fd18a7688fa23649ecdf0037a630bf

SHA256
4d4db9ff763eb4a4d5d18f7f55862f52c6758a90daa00f5f7d308aec630514be

SHA512
d2eb45700511a0d749450eb13972f73abde1dc1bf3f36219cf7aa0df55c5b35a796ef66f3f94cd4167b06279e82b159fbd16d59e6aec2fa594332aec77ab4880

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MediaFoundation.dll

Filesize
960KB

MD5
93d26d347e13336bea687b786a87e8b8

SHA1
cd876dee89795a269278a552c1345e11e0a97d65

SHA256
89e213d83470c3f3cbb6b2a6891b8d013aa96bb9e3150ba0fdbfb327e5b85a76

SHA512
5aae484a69f16f264082c8630099da510c374c759f03309575d70ef7aa31a5a9915e405b3f4d06e223b318191798bc00ada2217973434217812f52f5ca1e2d40

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\MediaUtils.dll

Filesize
164KB

MD5
502be848a7912db4c5b89a3e6c3ba716

SHA1
b556d739d626e532b5beb8b734557e2df89bf5b1

SHA256
32ec4bb900a541ed68f5069d06c8a02e22bc790f2351f448231a770fccf43432

SHA512
740769f0383dc69ba301bd61749487c86df4ca4f1fecb65e1081c2e79008993b17e52b9d4a4583697cc86b47cd0a01fd40c828118d7d8327a0d4470dea3ee3a4

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\PTX\is-B0CRH.tmp

Filesize
2.6MB

MD5
276fcc886c896b4734c7030a82d39b73

SHA1
b0fc396ec072c5ce69ac4c1cbb166ecbebe8cc98

SHA256
992644b9c1e8ebff7aa028f8a542b1db44d6f04db1a590535d44b0520e14d723

SHA512
7c3466b42b1026aeaca4cb95403caa4c7c8d4fb2784aff139170c7575c80c026540cca902fe6d392ba6e331adcd2a36656a4e041f24fc62fe8de09acccdefd2f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\is-HF79A.tmp

Filesize
2KB

MD5
e6dd3db4f8a582e30f07b77e801428f0

SHA1
d207e34278440fc9b47c6480a47fef13870ffff6

SHA256
a3fff66cd7217029792e7fce403cc658b0ea03b2d3a2860f57479c8ea6bc1372

SHA512
f58e27d7f36e05cb1d6277629ee2e3cc239b2ba73a75d1399a048191e4443dbb1360922b2cc0d36c3a19b04fcdb64f5dbbd0a838736dca658b9caf856031c5ea

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\Plug-ins\Effects\mochaAE\MochaAE.bundle\Contents\Win64\mochaui\qml\QtQuick\Controls.2\designer\is-MP38I.tmp

Filesize
2KB

MD5
5435f060331a523b9e5db9c9957756aa

SHA1
e0f07b59a0ac83b7cea1716cdae4a59aeafa396b

SHA256
91d7772e4a193e91a093d59451508cdb89448eaffb4febda26789777afbacf3d

SHA512
536e731672c1348222490d39099712c7bbcbf8d0c6be5d0f3517c10feb1b47d7942c18703e18c28f36774546a41f18d61fa8096e022a82947d43b11a2641d187

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ProjectSupport.dll

Filesize
157KB

MD5
7c309d19b3cc9b7eca55e23f747e6416

SHA1
bb446d5894b913bce23b453358b9f8f920b573bc

SHA256
170c2bc6e952fdec57d08c77c7d7c8c2733144065d51f761920f32a59838efe6

SHA512
a4126723208cc791039305478be268416398e85c9abe46f35028ae65c904ec30e8564d34cbd6fe1cbcec2e4ef1b08e81f61ef88b7a54e99bc90aa65e6517f2d1

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\SweetPeaSupport.dll

Filesize
217KB

MD5
526b5d54be2e94e490a4671ef72ed328

SHA1
6dcd805bc6c01f6c9e78909c71fdf63ea33090fc

SHA256
a267bf6515bad3dd271783dec0579d8a68ca47cff7baffead7dd0954c45e2a8e

SHA512
b566a816e32b750399a96917efad869e180dcbf69eb35631228604bf418f39d2496e48cb903b365ceabad5bd08d5bd0627f1e27db725799a88dabeb0d893e207

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\VideoFrame.dll

Filesize
607KB

MD5
80ab704f27cf8829662b48d8a108e9de

SHA1
859315fa62e5df6639f12fa778e1cbfdab22de87

SHA256
f40cb4635ec140ea8d1f6059c99f231c882b31562599e5ff25bfbf2bdadf5327

SHA512
b1dd081433f666315d9cdab94324229ff1b09554eeecbd69562d81d8f9a35dd2eab1c2c027892b904e1fe231cb469ca557a57e093c8b79f67849fbcabdb675b9

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ahclient.dll

Filesize
313KB

MD5
b9a7dd7f322d07db95616e5208838641

SHA1
46630fd8c25ea9cdb56325a7cf45572e5ab31bd1

SHA256
c26f9a1f0ea3e175c2d229baf369364af257083a3698cfb52398933bffbd3f10

SHA512
37083884beff6d8291207ef12e93c60b473c98f845e5633d0c0f456e803256a763f15cf2b9dbba862b5e8c036a073cebd26d3ace287bd37760032985ce89069f

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\images\thumbs\is-DBO3V.tmp

Filesize
6KB

MD5
14efcb232fe86257595d64bc2df6b75d

SHA1
659f8e6be9dfcf41a2f8d634010fc22c69862a4d

SHA256
bbefe78465090c6ec55757d596979e8b59f2cd7417b2f513ca8ab84eb2d45e5c

SHA512
80d411289380a61639757fa88072a563b998775656359c6ccd5195f2deb84c8bd18adf81305dfee586f3aba92aa43333ae99802c807c06c280e31d691b64dac4

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\en_IL\is-2VGBB.tmp

Filesize
26B

MD5
c0ab735c82f43e1f4db2bfbff021f15b

SHA1
d8b781f3c63c7fd4745caca90d652c4b630a30b1

SHA256
7af32636e9ecfdf1e3814a6869cc718a42c884e724fb4363f0068752c77530f9

SHA512
3f6c699e6c55b64c4f544fc28d4a6302ffa118a0642bb4c23d7bcf73a6cbb52b4f710adbfd7c865c6c8e2081ca2a219e224765ec4138c2a421b272aaf98a072a

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\en_US\is-2I7C3.tmp

Filesize
10KB

MD5
ad3a0179cf63b44cbcda21b81ea01a79

SHA1
1139584a16322da850b338a3fbe7b1f4f4baec18

SHA256
513a2c998c7f08c3dde497f5ef1e453440d31bc47fd3e2bee57eebb2f54b8d83

SHA512
c75548d88e23dafc0f675e14fb3dc9efc5a2b9b190a57b648ed2c8cc48b760da65a43dff4339f6c6e5960a21af3ee5cecea25ec7f528c14329f48645872c4ec2

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\fr_MA\is-GGFGQ.tmp

Filesize
12KB

MD5
9387d0ed2744788b96a5943834045261

SHA1
5495984a89de521c88bde2e723e46fec02a545bc

SHA256
d764a166183c94b88795c4f40c143ce9f4be04d8237cc6f40ce1d10c98577477

SHA512
a4753a51f73ae1e9da391c7a2ee86ec32069fc4d0d315f4c9787ffd8ae93e6a9ec26df4440c3b3f1c1f911fe80e88e8eb645cbec2424ccbc0df04fe5c07cdaf7

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.ccx.start\locale\fr_MA\is-L8UJU.tmp

Filesize
29B

MD5
b36e87c45a0f04e734d5497f3e4f5d7c

SHA1
3b56b1411801365379ec2c6a0800e50dd543fb93

SHA256
c42d0117a10d85e1abbc3cc56203a5d80e2c21a1e3d1da4c260c6e3fb4eceab5

SHA512
3a42ce831fd3a5f7bb636fe069361996c6ac9becbc3bf7b19684ba613decfbf8d0dc777dbef639b486e3e6a70a24c484aa55fe20d7c1485303fc8a31553464ff

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\com.adobe.susi-dva.extension\is-A2O6D.tmp

Filesize
41B

MD5
c08502997fc819570b793f6e81ce0495

SHA1
20f805f7c716f09950bbc2f7a9c803e3f1cf57b4

SHA256
6f4ece9eef5c4e518ad56a6f82d14e95f93e4e5d07b1cb8d22de8666d7ac3d7f

SHA512
abed6ed6e8fa6716921ac31213540fbf8caabcc7bf58ef8002c0ed2d63f51d79aa4f15007a8d9c7013bcc6f6e6bc4b87f9b7d717cce583e5873ab7107e37eb1e

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvacore.dll

Filesize
5.1MB

MD5
20890193f34f80f4f6dfafafb669ef71

SHA1
c8d0f327601b7d18e8ab20d378fe7d8c3934d06a

SHA256
a4b9af1f545915ba61f88ae265bfaf33e269d48a6c0e89484d442aadea50a693

SHA512
061af2a6c5850a2c0e8f1597f213c167d5c7b55b71d2aaf672513d79c606f64c810f50291cab7c32f4d42a71fbd565b0d13ccc52f5cdb6de1aeb912854432756

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dvanet.dll

Filesize
985KB

MD5
b31b8b0cd75e8fa3675f276a09928b7e

SHA1
baf3aca89b20319fbbc278a7e212c5706b925d2f

SHA256
44a8521c1a166a2c21e4895b859081b1afe1b100e9962cdef2f40bc19479351e

SHA512
9fa466fa3fe8c819fdb477d7fd7faab33d44a0bf8503d77cd348a8fef63b7795b5e2d7e7da84d9e6401c860b468ff0a3aa893bd3424270c12d8117bbe695ee8b

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\dynamiclinkmanager.exe

Filesize
427KB

MD5
bf2d8e7acf67b2937583adab65a72ee3

SHA1
6d306282c27acd18ed3d8c4643ecaaaeaceef7ff

SHA256
2d59992ec95a56c56176761a0bf4d46adb9d65fb0512ad317d57c2e4bc62253a

SHA512
9f627ee0ee60cd0bc99fb02b2ebfc1979c64777057331e18a3c55f93eff195c1b6667fed76b513c11a8a6412350599a741dffb10b0bb6e2075642d9edec333d1

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\is-8HDQ7.tmp

Filesize
9.9MB

MD5
01edb1580a7015b5440ad0cb4afd0d14

SHA1
8fc04fde7fb09d68d60cfddee0b309fbafb00c1c

SHA256
c5f9a62ecc982a52777c96d96aee791373f0a132c4ec291891d76ddcf2ec2fa9

SHA512
54b7229cd9b7b6f658847ce9e730bb4db21034957ef6352451a79d228a0c606a5534a3bd05a2c229fc633be8d13bc41c07c17ff4d7cbd762a0f3b8488a09f555

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\en_IL\is-0ECCA.tmp

Filesize
11KB

MD5
e9031e4ce52193bec6931c23f65fee11

SHA1
f712cd9b86cda8eb79a1ef0806501dde2d68c376

SHA256
ca30d8c103cb7ac0584b2249291396e4c5487c8aa6efeafbb133a65cd48f8851

SHA512
7b221cefacf3e1929f85edfea649edc1c219d3868ef5a36977a635726ff061364069e666b71d98fe41be4aa1605eb7e5317cd1987a976249bedeb7a7140ff11e

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\es_MX\is-PJTIH.tmp

Filesize
11KB

MD5
4d50ae44fa238ea4aabe5d1f8f36fccf

SHA1
2af1026cf84382db7ac72d68683d21dfa0b5703c

SHA256
af0beb0b93b7509b41b34fe0a20e51ea626b7e3365b4668d1008cc80c9a2247e

SHA512
e339f7860a92f69da25a7d88e3dbc4e5d8191f68d281f07e03ae1ea97d95c2cd3a030acf6f1cf56e7fe4a3c5073087fc54498e8803ccd19870053df1c029064d

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\locale\fr_MA\is-7UP9B.tmp

Filesize
12KB

MD5
0563790f85f836158734dc3d770f1b57

SHA1
477a32071883e563e897b109a13038d687f5633d

SHA256
72823c1df23d465aed6d43f034b6d2048b9b20c6a565ad890e35c9a16981ff01

SHA512
714795d5105ed6b990f3277661769589ddc92a04e5eaa8991a8f9da2d553d5e8a9bccde7b601d5b101a0a4a908510a7bcde033afb76e7c8967c117417f43836d

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\ui\authdialog\mac\is-0LM89.tmp

Filesize
461B

MD5
3cf3f3fb1be27155d466b8456a1d5c0c

SHA1
18480fa646a673148d634488ed9b193b95a3c0a4

SHA256
fc525d5a585f7fa66de0bce0d368ea0907d0b60caf06a6dbb0e15e3b75e3b092

SHA512
ed6baa106696c95aa7b74a8d48edbed2d8acf3e3abc401cd01af48b88a2c63b9bba7f39d473126c9a9e8e1ae783aa07f93f595fbc76f755b665f6effc6182c51

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\ui\authdialog\mac\is-47UVH.tmp

Filesize
497B

MD5
9ff1bade0d4b2445db4638cf7a9b8790

SHA1
e5ce76bc8ebed90dcff4aa5047717ed0c67e24b8

SHA256
268c3d515af1d44766d8a5059391f34ec7e1cba36ef184a91112b4b016056435

SHA512
22d558bbfb662a7a578fd5ad6e949941cd81b762618b87ef7e68fe2dc4212f627a2a82037a93da79fcb048c5c087ad11dd84a97d9bd265454d1b5fb7efeabbca

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\ngl\resources\ui\authdialog\mac\is-FCS3J.tmp

Filesize
425B

MD5
51a63d748b4f19a75c45ac6ef3595246

SHA1
453776f6de11b18314314d884efadf90f2e549cb

SHA256
e70e39e1fca76069432faacc9e6c654e91a39d9286f0406b13fab33d42f1a7dc

SHA512
87b43d7accd25240869a28cd9a611f1e67bccd4f112cbff5efd2daa3d7440232fd7d9f1bf28c06bfe4f91b60597e15de222a063277322e141c986d8ac00fda28

Download Submit
C:\Program Files\Adobe\Adobe After Effects 2022\Support Files\vcruntime140.dll

Filesize
77KB

MD5
214933e81e444675a9188f8a0b2dddff

SHA1
2229a5139638063dca97c82928b3debd58a8e49e

SHA256
8c45c8d45419b1d71f086dc28d562a9c19fa42e6335e2b0c614a6899d93023fb

SHA512
b177184a39f56f995ded7c3f6e88ce6741f927896b53d2967a1c2990588f168270c40de9ac8fcaf47cf87d8992ad4056de87bc6f4253c5784868a0a1aae88f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9bfb45e464f029b27cd825568bc06765

SHA1
a4962b4fd45004732f071e16977522709ab0ce60

SHA256
ceb8f1b0aaa1ba575c3704e73fd77edf932d68c8be902b33f1ba3b1d130cd139

SHA512
f87cce8bb5489b56027f5a285b948b639a1c7b0f213a111f057235177e5bffc537627c82586736704e398a0185cf2ad8ba8cdee788531fb753a2d08f16e906c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae2a8f2ebc841509f7b978edf590d3cd

SHA1
91358152e27c0165334913228005540756c35bd3

SHA256
631550765e3db02be0709748c0634a2cfdab711cea94f5890854d0c1dfbcb214

SHA512
e52180dd175f1e6ff72d76400085869387cd70da33919de219a04dc26871e8421e93b22e7c59125c19c6ee54a8a8f742d796ac68ea9077c9dab5f03b80967d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
3080509caa07981f75b3e4d056765002

SHA1
ea7be751a8b6f94f75b4a038d3d1336ba164f649

SHA256
5d4f057aa27c115a877f61aa6a1f7f66963e908ef81b604c27af609e19d028ad

SHA512
e5fd69d0ba752fcb402b1895670c6cc59cafb5258224633e3611282548251297ecd286b76d97a62aeeefcd5459904ad45d0fb638cbfd0ebcaf5a3249b8682e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
39fda5366867b6216574c8e335c2cf0f

SHA1
7241960b036be15f6ed81d3db05041bee5f12837

SHA256
60bed63144c04f265e744b5ca8702665907d186f70ea29fa502ce0fb8bc0c806

SHA512
c2bb2610c81518e508770282ca70afa25b97d1be1d24e1c221c25822d53589d4e32f5b5fd8b19d4fd756373e8ecfd7735403d5354909d10e4de682d7390731ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0bdcd31444f42bf0ddf20dfe590bf00b

SHA1
3dcb24e64ed7e3a22824f1d93ab55ddcb03ffa0b

SHA256
6f8ec5cd2b2a7f6e2242bffdd8206105289a5773ee8610e155545547404b7f99

SHA512
9a96c0109e4fdf4437bcd7b11cc724d2ae736d5bbd15bce1f6ab0055e76086653d112913c8b14db4f02a13579d71f8e4d3e77e266ceac3c44bb310e44cb2dc44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f8520b7a4f540be0bf756bdb43d0922c

SHA1
1a65bdf822bfa2c925b3d697210b3e346424f5ba

SHA256
212fdaba1d31a150df02475fae32abf924d966fb5482f644610dfb1e4fe62843

SHA512
f43ee9efa44702c829e0b8805823f4159a80c7787f57a6f7e796be28bea665287de8a0ef50760d7779eee0c7cb8d404a24ebc77e4b7ffd20a03160929acfa650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cb9ca70cdd67ccd6a7171a2b049b0025

SHA1
981a4270d1903f84c23338fb6a220e4a1ee9d12f

SHA256
fb48f6dc8b8d3695dfdacef95a7fa30801b0b6e3c59d3ec1b956ab794d775a71

SHA512
787e03775ab54751cb1359eb59949a128fda4d36bde8feae8b08a5c4efd457cf14025541ba6d9456622dc70ba3be1a6feb339cb945eff577353c48bcd18be8e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eafef882c2b39c7cfdaeba98b7e3bd99

SHA1
4d83e71a1e9e1f45d4d1043948bc29ce4a79c8e1

SHA256
d4bde7169f0b373fe9ea7b0997b75ebe6d14f9a1631bdafdcdf22dd05e4d28d6

SHA512
f436110c4aa1e21b272e625d4a110dde3cb0b42d793487b04d5e783b790f6204ab0e665097e5fe8eec442bfa0425c5713219cc1a9fd0476539f0b47eb2c9a9c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1925bf8ec11d76228435b59e6fdc0743

SHA1
8a61dd6ba39aa477e8c3f1a4a235357fc027b567

SHA256
ed574ad4fda19edfa8212504d557e418fe959bcc530d6bfdc5e219eb70717278

SHA512
d324ea587783c6d3721b2301f9d05e6dca6302c41dc7e1d1f984c5017868872370bb3e1e9054fda46b056625418dffb37733cc172b6a5c024ae10393b47ef417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1a3792fc4b77dd7829ddbb563b8dcc3b

SHA1
5a0ce47ab8f4d0df1518f3bc310771c7bb371a05

SHA256
b1b86fed2dc6e8f865567ed9eb2fa1c3ce4dc0dc50cfc27ac4517a3963fd2417

SHA512
be62b14ba0f2ce51f7990b03da0047bba15a20db246ddff3bf6ab83b794dc02764a5cf7a03422ed9a11b60281c3c847bf2222ec8a668f8015c759dd27db6720b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
80236a9efab222db2e64f6af561fa1b4

SHA1
572c36dbe2172f8f277dbe07d8109d5cef6ece5e

SHA256
de58d3fcbed6e6b132db7a588676620a4e3201b623f3ef8983f95b223951494f

SHA512
a0c78c802637242241938f8efa8beff0278e81536dab7e468d87c8c50885b581d2cca061d2075a6fc16908babfdc88ac09407b0c40cc61673490773908ec7687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fdebc83822c2ae4d5f67fa16a176ad51

SHA1
18ff52af6b2090a30eecbbb1ec34877e7d123190

SHA256
d76424dd7f434b65c3e089204250339990fd7fa128cedd4c618e30b2db88a82d

SHA512
a660c0b304fc505ff31d30f0d69a4bad2ac68e2c91821cb0f012869817f8158f5e5d46d385b85dd9bed814b486b593a6de99ab4dcf79237a4928bc538a5e9065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d7113761418f4e7b5411a0b1c693851

SHA1
811de43db793bc0ba9fd2070eb1e0d28772a3c34

SHA256
9a1d8c7dfcce38c5e933860659b9a289b5d127db12d053835056f5e6459d18c4

SHA512
f7f3aff03a73fbc3f4b3e46045052d829ecf31749aa97e479612c87d663fa57780c31a36b0313a44e0f7330c2529350ec69ac5c71f6372e5e5c580df14fc1fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b2b9b30018589a6402d999ac111b1def

SHA1
e3dec1357a1f549e9151bb18cf305f539c6825b0

SHA256
364c9af72c393251d9c45baaa5cd3b818ac7960f312a0b5baf9095615634f4fe

SHA512
83e1ce878affbc71aeef0708a0ebdfaee42726064658cce5c9c2722c71076cd82211e536b2febf9cc2951eef05b04bfb42d9c8567360adce22470e4f9d07eecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66334ec1f4cd7137e961baaf586b71bf

SHA1
dc3203ad913d64fe48cb30fef2b88f554201903b

SHA256
24b3968ea35b03f3fc83731fdf8fc05b98d66ca6ec7de7c68a21f1671ca6e20d

SHA512
6ec87af6a3e8ab36cbc25b87043852bfb44c1064449636ec07b1c26ab0f295fd17a77041667d89428aa7905a09611e38ba5d86ea051f17997c86b203e97c879c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4e38e23599d702586a76c641911e7d83

SHA1
18dc788bd1c7dbb5509f25dae4871d43108d5cf5

SHA256
bd6d9d254d2eb07976ab5f5c3bd1d140f39d616da94ef1300c2309a82abbc024

SHA512
ee05b995e3f2158eace55b3bb588a94ef89dac9b131eb8741ab8ca65b343f74773b09f48e8b201b9ea97f542f3ff3020c3d96d81b6c984cd7983eb8316da490a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ccc819cefc8b5ab1197f55ddfaa68cf4

SHA1
e51ee85c81071e324190db18f54c671aa778714f

SHA256
40ea36b883aa06f74c762c20b6193bee471739b8b3409936d62617ff247d1a4a

SHA512
d880f327d5d985c7584659828db9d7a653093cdc6c7e7eea499f50e643ae3bf3bbbb7d2d2c7730699b2017de52d2f3c3b1c32b289a824791a88faa238b5dc92a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5e8536fe9d73dcab03b312ff2a0d5c2a

SHA1
b9234676334bc18288ad47405f2275b91706caa4

SHA256
e72a5a01a5d4f681671833ae22d63ad947a7307ec2cb63d0d2efe89141475afb

SHA512
9e0d0ac41b407155ee25c1fca74cddaa1f9daa0ee58d1b02790f5f63c75787c37fe405a80a2094cf1c2f4e8732f5c4ef11780762651132e505d4ab15d29a96a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\b020fc3d-fbc4-4bfb-6c45-582a0ecf203f.run\__sentry-breadcrumb1

Filesize
4KB

MD5
2b078c201df783a5e997cb60e2c83bb6

SHA1
0320b1ec96e721f3c074f059521a55da2d501720

SHA256
02e123f9d21f031cd437a0e674a03949c4989a47ecb414d8dde2af1db87f3aad

SHA512
d4a078e1327b74559b2b5cbe06fcb08f09add30c109ba0ecdce791414c11bcf4b3769d1b88f10268b9a6040aa633a5d459aebc2b04f8ee475d3272ed697bed68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\b020fc3d-fbc4-4bfb-6c45-582a0ecf203f.run\__sentry-event

Filesize
423B

MD5
d2bff2fc058237c6b4717e63fd1c6cf5

SHA1
b40011681aafe8289983eeb107ed94e7c33a0a3c

SHA256
3078c0e0d3ddd1e3c2eb5853ff04cad8ae849fc69c73ab8914bd46056f80c5da

SHA512
fef2f605972b9be7b29718af300cec7160d87a72886aaddb193cfe26e1e399f2c4afa584500c2747ed2153bb54ee2842296b5a9bb2b1b932ff3256922b2f9a39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\b020fc3d-fbc4-4bfb-6c45-582a0ecf203f.run\__sentry-event

Filesize
438B

MD5
951a96a1dfc0a635cad2795baccfd663

SHA1
f21485aeda771e0ec31ff40a3a7ed5007a234db7

SHA256
4bb09f0672f8d376e4c784176e21242d59652ef9fff5139c432da43482c5daca

SHA512
ab78f0af6146acb2c09a5303de4d9db82b26474882c799f7b430e9eb3cda7d20c722dcb455fe38553c73d5f3e29b8f8b5a67e2c2c168f40e7fb1c6726fde4569

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\b020fc3d-fbc4-4bfb-6c45-582a0ecf203f.run\__sentry-event

Filesize
447B

MD5
54f1ea339cdd00d0f77184ce778a76aa

SHA1
d9709b0a412112d84601243493e6475ddcff308e

SHA256
1c26bd51aa4cc11a48f33d4599a301c5354ac539b994cc12d63106910879896b

SHA512
35b1d513a4f1d6806b0c4432f95f0f24bdc63e0c96cc762d760029f6eedbf85aabf17221158a5a70cf51b7e1f70ea6609162d9364ccb77f8557017cdfa0881c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\b020fc3d-fbc4-4bfb-6c45-582a0ecf203f.run\__sentry-event

Filesize
457B

MD5
7bf50287fec1ce5c09ae4baf03493604

SHA1
e0ffe2982e23b07dacc3d145a376f580a49570bc

SHA256
85121ec4eec162d25c721f08a3a1aebd90dc5099cddf0ba23b993133f9a11bb1

SHA512
7ce9c9db66ec458d5a32aa1ce4578aeaef4e844d576c3f46e6234cf3522a5a3051fa3251ae6ab671d86caafef6949bc04fdd2aad947a1df4816c72bc761f4c3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\b020fc3d-fbc4-4bfb-6c45-582a0ecf203f.run\__sentry-event

Filesize
462B

MD5
2746a8b07704bf6f7fe715a19c4c38b4

SHA1
a55baee23c85428e5286c23aa4144d9a030fa758

SHA256
ea0cddae8be41ad7dcd037323ebdf13f3c6c0fed656d90a1be5d7cdabb264c14

SHA512
ee07fa52548420a0ba50515323f0428531277c97e3cfcfa695104b6c07629e301b0c13d5498aab8f8570372a719218550134598b09879787c9a4c0200cb43c33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe\After Effects\22.0\SentryIO-db\b020fc3d-fbc4-4bfb-6c45-582a0ecf203f.run\session.json

Filesize
212B

MD5
b21ea0bea5691423372388c8c2011e12

SHA1
11d64f447758d38d9967c0351164a1447c430d56

SHA256
3dc8186a7c4bfdb9f677bf343354d9319ea84eed4d8c2d24c0431ec4d273e371

SHA512
80f9b133c5ffa5c41500a08aa7f232de11c083318ab412d8967da87f84e411b1ee4c44f0da0697a6f730d2f2024fda65dc838848b14fa5503a7fa0e3b9ab6956

Download Submit
C:\Users\Admin\AppData\Local\Temp\cep_cache\AEFT_22.0_com.adobe.DesignLibraries.angular\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat30.tmp

Filesize
140KB

MD5
e204643042591aeec2043c5eae255099

SHA1
ba5f2f94740400f540befc89f1c4d022a26faa84

SHA256
7f58f56a7a353f8fc78ec2757394a7c7f28165e6bbf2a37d6a6e48e845874f3e

SHA512
7196c5b8e88100a08eb296be7570df4d045268ad6bab1c45ebaa9063aa9b46b8896886e24a9f861e322b167dd95e18d5a18abb76f1bb01c8bc85c36bead855ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat31.tmp

Filesize
139KB

MD5
dfce51814cf6d2f42375f948602cd99d

SHA1
766e162ff305343010b67fbaa28b36af277c5b34

SHA256
7a8a945586a1d21d2922cb4aed9e28d872129f6c396ac69f47ef3e32ea972ba0

SHA512
2c9489c18719ad29928e86a9e631e080b024c882a77a582f40f4f86f625de9b08ad3c09710d5ee32b5cae5284fd960f412f05290bdb3b4709f097b269b99ce21

Download Submit
C:\Users\Admin\AppData\Local\Temp\datFFB1.tmp

Filesize
103KB

MD5
fa794ec12d353c26805ff53821331fc2

SHA1
cbc6658badeda2ad9b0d2e03a0a35ff7fbba542a

SHA256
cfdbd8a2aa463c11e483dc10c480acd274e9786632f5571a3970e8a20a2d8237

SHA512
1161afdbf6fc9b74421031fe6e139587f291ffaec03cae4aa76c1a86e10a69c7b1602ecbfbf60287ce8ed926377ad159992cde605ba98e75b212e971b7e14f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\datFFC2.tmp

Filesize
140KB

MD5
d070306a9062178afdfa98fcc06d2525

SHA1
ba299b83eb0a3499820fddcf305af0ddbda3e5d0

SHA256
8f5ccdfd3da9185d4ad262ec386ebb64b3eb6c0521ec5bd1662cec04e1e0f895

SHA512
7c69e576b01642ecd7dd5fe9531f90608fa9ade9d98a364bcc81ccd0da4daef55fd0babc6cb35bff2963274d09ef0cd2f9bce8839040776577b4e6a86eb5add5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A5NUQ.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TSU60.tmp\Setup.tmp

Filesize
3.1MB

MD5
f3b4d096d4cee3df1d9c8a1c45da95b5

SHA1
c61c6d61b77554dfb37b0ae84b1eb7f142888bbb

SHA256
9cea3c44bf11f95583b35b6f69085f9105168eb69bb6cb0cbd64fe21420bce1d

SHA512
04493cef582c86ec54badfaeac7abd595010025f3c92e1fe23e6a2b8d2441f2ab256a754be2b02954364c2de080a15bee37b5a653a62c1ce6b16b967a13efb50

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6806525A-EB8F-42B7-8F2F-6AB760186AAF}\index.css

Filesize
860KB

MD5
c41b17e540568c9ffd76baeb550a3895

SHA1
9d4b48084f7d422bb407f535875a8d99939b1dd2

SHA256
a3ae7258dbf676b8cdcbd0890902e88a4a7fdecc6112513fd006ebdbad295863

SHA512
fce89f2ccc901de7b3d4b6003cbb0f961abb32f457bd17f4f9f82c840eeeef85153d409dc8dfedf4ed6cc3d73d3b11f93556ad66f87dd11b7546b55114b94de7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C78B2762-B4FF-4A8D-9784-57EA09A8E346}\CCDInstaller.js

Filesize
1.2MB

MD5
a8cca5b969784f356bcf8bbd0895b8cb

SHA1
bcedc0d7ed2e6ac55709f0b837a354c6ad7f9c97

SHA256
a641388d7b4c162c026606d4b099afc45db810edb39c8c5bddd087a1df840aa0

SHA512
7c9e9fc110ea0a5c51a15b5253c0dc2d47a490581dd4005925c3045d6f4e2ed0ff9cd427a9cc42db090153706283b1a6270c225bd3a161198c805db435375670

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C78B2762-B4FF-4A8D-9784-57EA09A8E346}\index.html

Filesize
426B

MD5
a28ab17b18ff254173dfeef03245efd0

SHA1
c6ce20924565644601d4e0dd0fba9dde8dea5c77

SHA256
886c0ab69e6e9d9d5b5909451640ea587accfcdf11b8369cad8542d1626ac375

SHA512
9371a699921b028bd93c35f9f2896d9997b906c8aba90dd4279abba0ae1909a8808a43bf829584e552ccfe534b2c991a5a7e3e3de7618343f50b1c47cff269d6

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 MC Prefs

Filesize
1KB

MD5
82532b9b14074f8fb97e241b713830dc

SHA1
85e82f923a4952dba32ef7c93a1418df7b975742

SHA256
9f2a6ddeb493d718631c32e5c5eec13082b6cd82100f2a52be7c45249c399e9c

SHA512
3ce2fac8f0195ba48f713c89ad7188f31bb970926478bde1a256490f87a01481dbaaa99382c40819114757729b768c5d5318a671f5ddb19c286483616912ecda

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Adobe After Effects 22.0 Prefs-paint.txt

Filesize
56B

MD5
65ed218dbba5e06c5bda5779ce171d90

SHA1
09c26a83a6be0780b19bf1d1ab58b941994e9ce8

SHA256
667b39871b81af559820541a11df3aadd11c8c135e6099125d9b58e8a1cba709

SHA512
b9346e8e14a47128f32590be67f983d24787ecc0c07f5f8b72de8936aa84f14c4606add91cceb2716017ad6e7c30d8aceaed314ebd80fe525bdc2c68c3ee87da

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\After Effects\22.0\Debug Database.txt

Filesize
6KB

MD5
89d02a55e41e2aef9dba8f76a9b39cdc

SHA1
c1ed879f2e8c67732ce74e2cddbc91609de6ffe9

SHA256
8eb9af8d14f03f9c5c8935eecf995370edfc71fa7210fcd76c7cff90c5c51bf7

SHA512
a4a63162af792a04881b1ada84da91b29c3d78282f29789886e33c00731f049d41bad9b7c657a126cc1f2ddc4c8d4626e33f36de508bcce1ca4b5b93b307bf34

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Common\Motion Graphics Templates\AEMogrtInstall14-2-1.txt

Filesize
70B

MD5
7b5789f75f623e84b1c5c71190732a69

SHA1
734862049b2479508654732b102b81d110a0e86c

SHA256
7f34ce18801d96c731a477e84316d6a253a978dc5dcecf2f7df73879f273d603

SHA512
c40230ad55f74448c6b6090338ed9d85426f64bc028480ad723ecebe4a174b1a2389b092d2f0c65a7057387b145cb638d6a0d3dcd85b7a029d2ddb6411f3be23

Download Submit
C:\Users\Admin\Downloads\AfterEffects 2022\Creative_Cloud_Set-Up.exe

Filesize
2.4MB

MD5
aaa117386cb47343ff74c4da553d22c1

SHA1
4485a0abbf66211c0e210f27fbb03dd86d7cd58e

SHA256
5737635acfdbc4831002ff2777a8b4ec3c7e11a93825e58ad6981b066c840dc0

SHA512
20ae835a513e01512c47ef6fc1f6a0d64d86e4c67140da7a8717bba819d57328ae4c5a0568603c4e1f8aa08ae6de539008961cc3bc85091cd8f687bfdcb38fae

Download Submit
C:\Users\Admin\Downloads\AfterEffects 2022\Setup.exe

Filesize
2.1MB

MD5
6c1620e5ff6fe39252348b0a314586c5

SHA1
caf8b8b2cc7a95762ee9413b825d6b7d80b90e0b

SHA256
d0ca0c9b434c6d2c468548d4add127e83114bf0eb2afb3d2beb6777791798ff7

SHA512
05c0ab98043cb4ef7c76b424d04b497ba6aef79e0029ee111cd62d738df3ae6ad1bee324bc22f7b6433e21b26d72d93a155a8065663aed284be8a4b237810317

Download Submit
memory/920-11418-0x00000000004F0000-0x0000000000C76000-memory.dmp

Filesize
7.5MB

Download
memory/1136-9825-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/1136-9864-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/1592-9155-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1592-4601-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1592-5721-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1592-9796-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1592-9816-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1592-3171-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1592-815-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1592-1101-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1592-618-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1592-311-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/1784-9862-0x0000000000400000-0x000000000071E000-memory.dmp

Filesize
3.1MB

Download
memory/2888-9817-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2888-303-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/2888-310-0x0000000000400000-0x00000000004E5000-memory.dmp

Filesize
916KB

Download
memory/3704-9860-0x00000000004F0000-0x0000000000C76000-memory.dmp

Filesize
7.5MB

Download
memory/3704-9820-0x00000000004F0000-0x0000000000C76000-memory.dmp

Filesize
7.5MB

Download
memory/3820-9911-0x0000000004DC0000-0x0000000004DF9000-memory.dmp

Filesize
228KB

Download
memory/3820-9907-0x00000000035E0000-0x000000000367F000-memory.dmp

Filesize
636KB

Download
memory/3820-9908-0x0000000003680000-0x00000000036F5000-memory.dmp

Filesize
468KB

Download
memory/3820-9910-0x0000000004D80000-0x0000000004DAA000-memory.dmp

Filesize
168KB

Download
memory/4744-256-0x000001D91D8C0000-0x000001D91DB13000-memory.dmp

Filesize
2.3MB

Download
memory/4744-248-0x00007FF94BDD0000-0x00007FF94BFDB000-memory.dmp

Filesize
2.0MB

Download
memory/4744-238-0x00007FF6D3EC0000-0x00007FF6D3FB8000-memory.dmp

Filesize
992KB

Download
memory/4744-240-0x00007FF94BFE0000-0x00007FF94C296000-memory.dmp

Filesize
2.7MB

Download
memory/4744-257-0x000001D91DB20000-0x000001D91DC2E000-memory.dmp

Filesize
1.1MB

Download
memory/4744-255-0x00007FF95C8C0000-0x00007FF95C8DB000-memory.dmp

Filesize
108KB

Download
memory/4744-254-0x00007FF95C8E0000-0x00007FF95C8F1000-memory.dmp

Filesize
68KB

Download
memory/4744-253-0x00007FF95C900000-0x00007FF95C911000-memory.dmp

Filesize
68KB

Download
memory/4744-252-0x00007FF95C920000-0x00007FF95C931000-memory.dmp

Filesize
68KB

Download
memory/4744-251-0x00007FF95C980000-0x00007FF95C998000-memory.dmp

Filesize
96KB

Download
memory/4744-258-0x00007FF943D50000-0x00007FF9455BF000-memory.dmp

Filesize
24.4MB

Download
memory/4744-250-0x00007FF95C9A0000-0x00007FF95C9C1000-memory.dmp

Filesize
132KB

Download
memory/4744-249-0x00007FF95C9D0000-0x00007FF95CA11000-memory.dmp

Filesize
260KB

Download
memory/4744-239-0x00007FF95CCE0000-0x00007FF95CD14000-memory.dmp

Filesize
208KB

Download
memory/4744-247-0x00007FF95CA20000-0x00007FF95CA31000-memory.dmp

Filesize
68KB

Download
memory/4744-246-0x00007FF95CA40000-0x00007FF95CA5D000-memory.dmp

Filesize
116KB

Download
memory/4744-245-0x00007FF95CF90000-0x00007FF95CFA1000-memory.dmp

Filesize
68KB

Download
memory/4744-244-0x00007FF95D2E0000-0x00007FF95D2F7000-memory.dmp

Filesize
92KB

Download
memory/4744-243-0x00007FF95DB30000-0x00007FF95DB41000-memory.dmp

Filesize
68KB

Download
memory/4744-269-0x00007FF6D3EC0000-0x00007FF6D3FB8000-memory.dmp

Filesize
992KB

Download
memory/4744-242-0x00007FF9617B0000-0x00007FF9617C7000-memory.dmp

Filesize
92KB

Download
memory/4744-241-0x00007FF9617D0000-0x00007FF9617E8000-memory.dmp

Filesize
96KB

Download
memory/4744-270-0x00007FF95CCE0000-0x00007FF95CD14000-memory.dmp

Filesize
208KB

Download
memory/4744-272-0x000001D91DB20000-0x000001D91DC2E000-memory.dmp

Filesize
1.1MB

Download
memory/4744-271-0x00007FF94BFE0000-0x00007FF94C296000-memory.dmp

Filesize
2.7MB

Download
memory/5072-11467-0x00000000004F0000-0x0000000000C76000-memory.dmp

Filesize
7.5MB

Download
memory/5452-11380-0x00000000004F0000-0x0000000000C76000-memory.dmp

Filesize
7.5MB

Download