hxxps://drive[.]google[.]com/file/d/1OyUpXT-1Tz-ZDwV-7YJ5tEl7r1cC0aWk/view

Resubmissions

31/03/2025, 16:37

250331-t4shhawm16 7

31/03/2025, 16:20

250331-ttetnawly4 7

Analysis

max time kernel
534s
max time network
455s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
31/03/2025, 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1OyUpXT-1Tz-ZDwV-7YJ5tEl7r1cC0aWk/view

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
4648	autoplay.exe
4464	autoplay.exe
756	autoplay.exe
5284	autoplay.exe
2696	autoplay.exe
3376	autoplay.exe
5112	autoplay.exe

Enumerates connected drives 3 TTPs 15 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	autoplay.exe
File opened (read-only)	\??\E:	autoplay.exe
File opened (read-only)	\??\E:	setup.exe
File opened (read-only)	\??\E:	autoplay.exe
File opened (read-only)	\??\E:	setup.exe
File opened (read-only)	\??\E:	setup.exe
File opened (read-only)	\??\E:	autoplay.exe
File opened (read-only)	\??\E:	OpenWith.exe
File opened (read-only)	\??\E:	autoplay.exe
File opened (read-only)	\??\E:	setup.exe
File opened (read-only)	\??\E:	autoplay.exe
File opened (read-only)	\??\E:	setup.exe
File opened (read-only)	\??\E:	autoplay.exe
File opened (read-only)	\??\E:	setup.exe
File opened (read-only)	\??\E:	setup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
1	drive.google.com
2	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 8 IoCs

pid	pid_target	Process	procid_target
6076	1656	WerFault.exe	108
4092	1648	WerFault.exe	119
1300	4636	WerFault.exe	158
5220	6140	WerFault.exe	164
1660	780	WerFault.exe	175
200	2356	WerFault.exe	185
1044	5748	WerFault.exe	197
4792	5912	WerFault.exe	207

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	autoplay.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	autoplay.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	autoplay.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	autoplay.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	autoplay.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	autoplay.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	autoplay.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "11001"	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879126413349706"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000020000000300000000000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 8c003100000000006e5ac47b110050524f4752417e310000740009000400efbec55259617f5aa8842e0000003f0000000000010000000000000000004a0000000000ebc10e00500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Adobe After Effects 2024 (v24.5.0.052).rar:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
3568	chrome.exe
3568	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2152	chrome.exe
6024	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe
Token: SeShutdownPrivilege	5020	chrome.exe
Token: SeCreatePagefilePrivilege	5020	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
5020	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe
1928	chrome.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
1656	Set-up.exe
1656	Set-up.exe
1648	Set-up.exe
1648	Set-up.exe
2664	MiniSearchHost.exe
2152	chrome.exe
4636	Set-up.exe
4636	Set-up.exe
6140	Set-up.exe
6140	Set-up.exe
780	Set-up.exe
780	Set-up.exe
2356	Set-up.exe
2356	Set-up.exe
6024	OpenWith.exe
6024	OpenWith.exe
6024	OpenWith.exe
6024	OpenWith.exe
6024	OpenWith.exe
6024	OpenWith.exe
6024	OpenWith.exe
6024	OpenWith.exe
6024	OpenWith.exe
6024	OpenWith.exe
6024	OpenWith.exe
6024	OpenWith.exe
5748	Set-up.exe
5748	Set-up.exe
5912	Set-up.exe
5912	Set-up.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 4800	5020	chrome.exe	79
PID 5020 wrote to memory of 4800	5020	chrome.exe	79
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 4240	5020	chrome.exe	80
PID 5020 wrote to memory of 3812	5020	chrome.exe	81
PID 5020 wrote to memory of 3812	5020	chrome.exe	81
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83
PID 5020 wrote to memory of 5272	5020	chrome.exe	83

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1OyUpXT-1Tz-ZDwV-7YJ5tEl7r1cC0aWk/view
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc98adcf8,0x7ffbc98add04,0x7ffbc98add10
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1924,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1068,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2228 /prefetch:11
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2352,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2500 /prefetch:13
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4200,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4216 /prefetch:9
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4604,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4788,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5320,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6168,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5344 /prefetch:14
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3304,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4724,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4608 /prefetch:14
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3788,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4928 /prefetch:14
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3376,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4764 /prefetch:14
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4296,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4284 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4536,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4212 /prefetch:14
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4532,i,8736588243242687280,7586544920380957445,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5540 /prefetch:14
  2⤵
  - NTFS ADS
  PID:2348

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1296

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6000

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Adobe After Effects 2024 (v24.5.0.052)\" -ad -an -ai#7zMap29726:138:7zEvent15408
1⤵
PID:2268

\??\E:\autoplay.exe
"E:\autoplay.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:4648
- \??\E:\Adobe 2024\packages\setup.exe
  "E:\Adobe 2024\packages\setup.exe"
  2⤵
  - Enumerates connected drives
  PID:5740
- - \??\E:\Adobe 2024\Set-up.exe
    "E:\Adobe 2024\Set-up.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 2164
      4⤵
      Program crash
      PID:6076
- - \??\E:\Adobe 2024\packages\setup.exe
    "E:\Adobe 2024\packages\setup.exe" -sfxwaitall:1 "cmd" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
    3⤵
    PID:3008
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
      4⤵
      PID:3268
    - - C:\Windows\system32\xcopy.exe
        
        XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
        5⤵
        
        PID:1128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1656 -ip 1656
1⤵
PID:4256

\??\E:\autoplay.exe
"E:\autoplay.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:4464
- \??\E:\Adobe 2024\packages\setup.exe
  "E:\Adobe 2024\packages\setup.exe"
  2⤵
  - Enumerates connected drives
  PID:1892
- - \??\E:\Adobe 2024\Set-up.exe
    "E:\Adobe 2024\Set-up.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1648
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 2192
      4⤵
      Program crash
      PID:4092
- - \??\E:\Adobe 2024\packages\setup.exe
    "E:\Adobe 2024\packages\setup.exe" -sfxwaitall:1 "cmd" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
    3⤵
    PID:5460
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
      4⤵
      PID:4968
    - - C:\Windows\system32\xcopy.exe
        
        XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
        5⤵
        
        PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1648 -ip 1648
1⤵
PID:3068

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffbc98adcf8,0x7ffbc98add04,0x7ffbc98add10
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1804,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2196,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2204 /prefetch:11
  2⤵
  PID:5560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2336,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2348 /prefetch:13
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3192,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3484,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4788,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4720 /prefetch:14
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4720,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5280 /prefetch:14
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5276,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5308 /prefetch:14
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5376,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4876 /prefetch:14
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5312,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5292 /prefetch:14
  2⤵
  PID:5224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5464,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5452 /prefetch:14
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5432,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5524,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5492 /prefetch:9
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5548,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4828,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3352,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3608 /prefetch:14
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5856,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5820 /prefetch:14
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=212,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3584 /prefetch:14
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3608,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5860 /prefetch:14
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5844,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3368 /prefetch:14
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3584,i,11443852437138252759,5271586531175748917,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:3812

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1448

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3056

\??\E:\Adobe 2024\Set-up.exe
"E:\Adobe 2024\Set-up.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4636
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 2176
  2⤵
  - Program crash
  PID:1300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4636 -ip 4636
1⤵
PID:5872

\??\E:\autoplay.exe
"E:\autoplay.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:756
- \??\E:\Adobe 2024\packages\setup.exe
  "E:\Adobe 2024\packages\setup.exe"
  2⤵
  - Enumerates connected drives
  PID:5280
- - \??\E:\Adobe 2024\Set-up.exe
    "E:\Adobe 2024\Set-up.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:6140
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 2116
      4⤵
      Program crash
      PID:5220
- - \??\E:\Adobe 2024\packages\setup.exe
    "E:\Adobe 2024\packages\setup.exe" -sfxwaitall:1 "cmd" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
    3⤵
    PID:3276
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
      4⤵
      PID:4880
    - - C:\Windows\system32\xcopy.exe
        
        XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
        5⤵
        
        PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6140 -ip 6140
1⤵
PID:868

\??\E:\autoplay.exe
"E:\autoplay.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:5284
- \??\E:\Adobe 2024\packages\setup.exe
  "E:\Adobe 2024\packages\setup.exe"
  2⤵
  - Enumerates connected drives
  PID:4976
- - \??\E:\Adobe 2024\Set-up.exe
    "E:\Adobe 2024\Set-up.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:780
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 2164
      4⤵
      Program crash
      PID:1660
- - \??\E:\Adobe 2024\packages\setup.exe
    "E:\Adobe 2024\packages\setup.exe" -sfxwaitall:1 "cmd" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
    3⤵
    PID:4484
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
      4⤵
      PID:4320
    - - C:\Windows\system32\xcopy.exe
        
        XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
        5⤵
        
        PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 780 -ip 780
1⤵
PID:1888

\??\E:\autoplay.exe
"E:\autoplay.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:2696
- \??\E:\Adobe 2024\packages\setup.exe
  "E:\Adobe 2024\packages\setup.exe"
  2⤵
  - Enumerates connected drives
  PID:3776
- - \??\E:\Adobe 2024\Set-up.exe
    "E:\Adobe 2024\Set-up.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2356
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 2168
      4⤵
      Program crash
      PID:200
- - \??\E:\Adobe 2024\packages\setup.exe
    "E:\Adobe 2024\packages\setup.exe" -sfxwaitall:1 "cmd" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
    3⤵
    PID:2424
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
      4⤵
      PID:1428
    - - C:\Windows\system32\xcopy.exe
        
        XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
        5⤵
        
        PID:1784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2356 -ip 2356
1⤵
PID:4284

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Enumerates connected drives
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6024

\??\E:\autoplay.exe
"E:\autoplay.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:3376
- \??\E:\Adobe 2024\packages\setup.exe
  "E:\Adobe 2024\packages\setup.exe"
  2⤵
  - Enumerates connected drives
  PID:2148
- - \??\E:\Adobe 2024\Set-up.exe
    "E:\Adobe 2024\Set-up.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:5748
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 2164
      4⤵
      Program crash
      PID:1044
- - \??\E:\Adobe 2024\packages\setup.exe
    "E:\Adobe 2024\packages\setup.exe" -sfxwaitall:1 "cmd" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
    3⤵
    PID:5588
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
      4⤵
      PID:2152
    - - C:\Windows\system32\xcopy.exe
        
        XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
        5⤵
        
        PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5748 -ip 5748
1⤵
PID:2944

\??\E:\autoplay.exe
"E:\autoplay.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:5112
- \??\E:\Adobe 2024\packages\setup.exe
  "E:\Adobe 2024\packages\setup.exe"
  2⤵
  - Enumerates connected drives
  PID:3860
- - \??\E:\Adobe 2024\Set-up.exe
    "E:\Adobe 2024\Set-up.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:5912
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 2172
      4⤵
      Program crash
      PID:4792
- - \??\E:\Adobe 2024\packages\setup.exe
    "E:\Adobe 2024\packages\setup.exe" -sfxwaitall:1 "cmd" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
    3⤵
    PID:3444
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
      4⤵
      PID:4944
    - - C:\Windows\system32\xcopy.exe
        
        XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
        5⤵
        
        PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5912 -ip 5912
1⤵
PID:892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\Dictionary\cs_cz\locale.json

Filesize
405B

MD5
0e66bd0983b2c3516613cc751d69971b

SHA1
551c857dad708f8e0ddc6b618de7966c254abe0e

SHA256
7d3aecdf9b1ea5128ef87a1e6e74dc3e283fb28dd6af8113b4e99040b15747d4

SHA512
44779ee6d29d2747774726b2c3f76a41e6775548d57705f16d59ad3a4ca1be44fb6cd12d1ef0f6f8f228911fc317f6451c403d04f6f1fefb097c8763d5801087

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\Dictionary\de_de\locale.json

Filesize
386B

MD5
d3f198446f78d6e17d85882563ea6b36

SHA1
3bc7c9cc9182935e4ea000ff951ce9493b99fd70

SHA256
e683843b5ecbe6bafd03c26c3762e9e4fe37cb5dc1d9a7188c9158553f3ccdca

SHA512
d3516f25c4f62a5f0787a173f73e001a149e9fbead9ca85964b94f1786635b246ddf182cbf6a46607938c24928939f41c1812db6b9260a81b70cc20b8722d046

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\Dictionary\en_US\locale.json

Filesize
353B

MD5
031aa6225b953a69e223fc71566058b7

SHA1
45a89a91cc432bdb698be076c8cc1db027b3d50c

SHA256
b754524e0f798d8db77bc777a0fed09978fd3fc9d4494f227b7fe07185efd9ce

SHA512
e61497f74508016c8ad755701c907d2d5e053f6e2d7b1228feb0b9276b8ad202975d81ab2806d5c3593adf6ca1bd320d6bbd6a59e565ed300060e851867b52d3

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\Dictionary\es_es\locale.json

Filesize
390B

MD5
592ebf7fadf7792f05ddae25d75a9d59

SHA1
2853af5a44ee3163261bb471cb7a33f0a0bb2ed6

SHA256
1f10dc92034244bbe5435c8d0029773025b929a36f3d30a4a5a3a4526d8a874e

SHA512
59ebddad4576a121b43181547cf0f806e7fc1192428e782233f3e20c4b75e0e7a2febfa809efe7f9296eed38ccc63f9d4f6850c8cdbaabf06ae99d80c93f2f9b

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\Dictionary\fr_fr\locale.json

Filesize
383B

MD5
47c7066b8c2d86ae7047ba355e57230a

SHA1
5702d5eae9b69896db0e2c9ebe8d6f7b83abc6c1

SHA256
e9c432fa590566d463502adcd51a129f789ebc01c59f6409c5734a0109f05156

SHA512
58a0da179b19c507f1ffe8fe4ca1312f2f0c8799c8f4f53a279b1bdfde311105c76bac187ea179598dc7d13fd32fd002fe0f06f5aa1b1a67cf147e7a02dd9f9f

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\Dictionary\it_it\locale.json

Filesize
495B

MD5
78d8a38ab29f2c70fc0552038763561c

SHA1
51ef11689a9e8fd6cf629e2c0238e12d59341e72

SHA256
2c5ffe288391affe2accc1988900d02c3517b652881fba852994d459434239ac

SHA512
969cabda8324cdf3a9cbe0b0b8fdd2a611ef3b813c012a749a89d792c9a9c6ef3ee513c53b76065efd6d1e93ddfa5c31510bf3e25be2fcb86592988cb4abe591

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\Dictionary\ja_jp\locale.json

Filesize
435B

MD5
8eefa1bb3912183d9e3438f91c098841

SHA1
d06c23d25afc8672eace3d214798c5122b664ca7

SHA256
919cba4b8a59f6b69ce16011e50f3bafc76efe58b21032501626cac364d48e9d

SHA512
5027e49717b19842438388b57232b8739e8a1cf15642bf9806e7eb5a749ed9c7a102d2c876cc8d9cf2113558509965cd638b128519071ff6cb06e1b4d5ac7af7

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\Dictionary\ko_kr\locale.json

Filesize
406B

MD5
3a504ea81ba343fab1ebe2a10efaa1a2

SHA1
eddd814cf6ba568a80553a5516bd588b18ce5a52

SHA256
9b4e351eb416e95f6843224227857c528dce2d7a8bd64876204879138208951e

SHA512
57a52b016801fef387c8d33b483dce4d5bd518bd9989ffaf775df4b4dd1bc83e614bf3ace69f779c5047b0bde6b7b4db861530700523acf25110d8846b7e13e4

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\Dictionary\nl_nl\locale.json

Filesize
386B

MD5
c4d0d42780213ddf399e83c60e8f25ca

SHA1
55c4589f3d9a514dee78fd47e7c3696b3df60c79

SHA256
416b4f94812ac0b6bbeb1a5e4f06e587f4ecad75b8efa02072eb7ae92b622b34

SHA512
74edb2fdbdb07a4fef43f3b61bf08188f4ba24cabd75c50c2e53210ea38e345ac7211dab5e761dccb6e0aadfe901b81cf27ec851b640474ab9979996c8841398

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\Dictionary\pl_pl\locale.json

Filesize
415B

MD5
440e7340c381b936d04d8206e966d44b

SHA1
3f5743e2392c734a546f7b9f75b616ae4a121f40

SHA256
7aa4d5a764e0f0a9649a5faa24f14206d0ae44f3e386ed002df2e6f5d359f0a3

SHA512
3adac1c7c6dffd76f6196414919b051cb9152ea073df1313aaff549b7d8d77b73683a83ce03fd87af6a10a6c9223a07c05130d8e96b9d998dc0104fdadee5b80

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\Dictionary\ru_ru\locale.json

Filesize
626B

MD5
3f1235f9c362e368fe52fd708da455b5

SHA1
88bb2da22e940527b61ceceb4d78c992af78126f

SHA256
454f7fe589e1e08f2cf112eddaa839b60951698a84ba87e7767d4dbbcb3a038b

SHA512
d1dce3df39db2db386545f71a5a67b0725906878983944bc97ddb3c95f706cdc71a7a04d717a28428a7e682adcaf40f2f94561c681f4790989876f5c1bdb2bc5

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\Dictionary\sv_se\locale.json

Filesize
378B

MD5
690dbabeee5810ae5b68027eeb148f1a

SHA1
f1624c92497acdfbc53ffb5a891c545b293d01c7

SHA256
270157002492ad80fff2d47f9cdc0257b72bafed053556ddd5b14c910c6a9a8e

SHA512
01f685608ffe85b4beb4bdf20b701944f7b83ab0fbb90b39f379053285e058610fa9f4c6671f4055586674a9a3a849a2784ddede476e4677be9667f3faad8b14

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\Dictionary\zh_tw\locale.json

Filesize
361B

MD5
bebb9ba86d130666f1dcaf88abac5d9a

SHA1
e07ea165fdfcaa1b073f77f891c248b1669235cb

SHA256
efc69bc38f34fccaaa7fa985dfbd75c0196da23971fba3df349cb8953657e7b0

SHA512
aedd79f53b6f2a923714965320db4e648f8560b6a6d3e53d39b36d16a55d1f9f19bc898b9aad4efe441392dc424936d0b7e04d0a15f1423dd5dec81a7a55d90a

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\carousel.js

Filesize
2KB

MD5
5da0810c8deef06889a90c123117f1e3

SHA1
d2827dc03a251ad646954918370fec7955d15cb2

SHA256
6e36062110f96eec177317ae1a1b9e3934131d3c3a09e6b1931feea24a5b8533

SHA512
2fb0c5c9599420134bb75c8398777967c92bde7fe9ab52cbc8c1d93850214793e82d08a9366777f8a829a507a0d42b89d0a423d7235ef3d5fc25f629f1d75bbf

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\css\fonts\adobeclean\adobeclean-regular-webfont.woff

Filesize
30KB

MD5
6af297e58edc414ee90c76c2d3ea8678

SHA1
7497d181cd6fe3a4b01a4f8b6ba6a47d3fa54333

SHA256
3e8f59db6dfae287af8dccc0fdf5e15a8aa2a954c2c232bc6c64536e1a27eaa5

SHA512
61e14f8e605c4d2b52c9a874f40e73fde43625bc468ba3c7316e7672cffd05b7c1766c875fc1b48218bd2b6856226645ee9bcb45810eb7121c5dbd0c184b7d0a

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\css\styles.css

Filesize
189B

MD5
3a0ec2d2c5020a3cf45c13a87434b285

SHA1
12275d4d51de801ce28c88a0c246de22c6d08120

SHA256
406288e48ced388744e5165a1ec4266f419cc409e4a70036e4b15a93af5c42ab

SHA512
a7c6d55f64d91e5d71661e040f4d06d2c873e0b2d2a3b2e52ff60d230a7c7c0924cd0ddc4dc124d53736c934023a27d6ed77c1266732f0b5de5dc75b02715c8b

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\index.html

Filesize
2KB

MD5
4ae648f880552834e7b1eb9cd143c974

SHA1
41b24162122c6f4a284e7fd48d95b3a600edb638

SHA256
3272e9022f5f25c56d7a54df2f03aafcb1cc8519e9db41af7d8d3a3c63e88cc2

SHA512
9ed106d6a490c195c708700a48bbf447ee46f496e6e53ab5ece90d5bc1cb18638b53ceea289a1b5b482f0c8bb7fbaa735f6eee7d8bcdec75c8c4f09464b1de3b

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\lib\jquery.min.js

Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\config.xml

Filesize
269B

MD5
fc6656e65cbdbc92cc24b60eec7a3d72

SHA1
db7e3089c668bbbbad152acb66e9cf488708d70a

SHA256
2f917740b60e016b74a1388f71bccc5437d65b3a7feb3f89868a827ea04ab530

SHA512
ed7931a25b58fa3118770e3b585760275c0f07b9191396fc5ce5aba7366f0a4f47f84fc687393b600d2837969f8c77194b37cf6ab6c2691461c689a5b1e0e87c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

Filesize
471B

MD5
e06b6ee4e3f05e097a92ae51d0042c21

SHA1
7724efd541f3629b13ba49de289d06c606def4fb

SHA256
9f097b97c78ec7d9895ad61062fb087f6431cb173a2a6a3f42b856f5f22e61e9

SHA512
4dc18420b2e6cfc33acb650bf4c248c528e267683ba31f3a2230c4bf36f4275622cead43a15306ad0e0cb8248e8bf907760668f3a2b76b2e45158c76d7d86449

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_EA01B8AC2C0BE6E5850A0487D704D929

Filesize
471B

MD5
45d6348e5076b7fce23438430f69cdd4

SHA1
962c22cb24ee93da93bf8bdcb3858dad4ca45185

SHA256
9553cfe023655ca17f2e22b6ff98a8f62693e09d21ce7df26505cbac85c1c3cd

SHA512
c8f00677389109b8394641d70e1bac3eee4f1d102d51ff53dfe3c780a4bfe9e6f3b45d8e8181cb7aacce522efcf10e35ebc68a8bab86078e1315c1ae63e0902d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

Filesize
396B

MD5
65492943050a70f9eebaa30328772c63

SHA1
a573e702d871b41318a2939b1b55a2ace90dc0e6

SHA256
45f8811ffda06f62aaa1e87af3a9fc7d780e43b65d709e724a9054432a280dd6

SHA512
61214a37a3ca29163a10337c1c37f586a9db86ba1439a779cd9a9b64b3bac7dc12b18df8c63dabd37a5ff892599549eb15a36747d13a5bc1c311fb7485ca13c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_EA01B8AC2C0BE6E5850A0487D704D929

Filesize
408B

MD5
2828c8b14bb825d0e4784b6b702a43e0

SHA1
6896a6ff2cfd50b2751302611661380fe06f82c7

SHA256
523a81e855635ce44bff7b71300f7c7a55afc7ff7ea5589f12819cd469d453d4

SHA512
15331232e735628524b8fe19e38ca6803ce409938eda322f66a24b520e94b9bb4f8109acbab7cfde79532cd28e25f06303089bed321bc8242de6bf4ef5bca0e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
b0366599d64b0fc1adb2a712dcd02ee1

SHA1
b7a1c09ccd2846664cab5f76bd80b8e9f107acb0

SHA256
ae1bddb9e2cc97b0c9cd78ef3cd17553be6e5204677bd67e0b8f7fa27007f189

SHA512
d7de6d48285018f8b709c81ca01688126db7893ce9f48829524ee3122aa6f2200c7f78186b5a558d0b1ecf8157ee78a20064b63b45ab89f7aa0835b8409435d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bd83426a5a006b0d097ace6d84bf5e11

SHA1
45684f5112db4d6eaeb4c0b98e95740b4217e275

SHA256
1bf1428c2039a63d2026cb8d09950654432e801d1caba36f8bc55864ff825059

SHA512
ed71318f822ee32bcb90bc0c4cd32fc3643ce86356d84a5a02b18e4fd054bfcf9f44426eeb1d6128723e72928f0fb1afbe9ad18488a4260fa7e44d24f83f00a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
8b804b650659709234692ded589086ce

SHA1
36237a69a48e4bfaa2f8509ee9c51ca92a1300f0

SHA256
d403c672ec2fe9105c3a1574cc061e03956157e026eb575e17449d9eca14f1a8

SHA512
459f29e80d6043c08bca2f3c22ce28a586a13594dc719511415de87327a101701caaf3a097ba425d34a737b4d09bf76cdf5647d9ec26d6456bd5a92514fafae3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
184KB

MD5
99c0f307ffacbfa45d54be2b567d8c93

SHA1
6c4466c5db2b3a624da8c1d1ad51bc966eb5cb36

SHA256
02e506af462d4fae5460227d3c063f286a800eeab66b585c248c94efe1e86688

SHA512
1c63e0e2340faa4e2fa8581c54b928fea9188434d1b477259a2eec9c6d88f8b1190db7b8e7b701cbdaede24df8a8c223e914ca576999c3e8ec70d1d4526df0ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0df06b01fd701946bffbaf7dfa09642e

SHA1
c8c9b6d7cd415812583f5de612d33954bc3d3747

SHA256
1a431bd8ccb1d67cf7822cc3da89ff7ca6eefd47b9a1c492edd7ccf52fac1d62

SHA512
5e1365b464a8b67fc4587004fff7ae90cd0d29ca176b83627ce1f4b4d75e15bd5297859b8e5f6c858e767075a299076dbd891463e4385a9c47e60ea73043e897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
93c3b12f8168adc634e62818537c53f4

SHA1
29357b43e1ed73218c5459d69b12d6faef91c998

SHA256
4a0ea6ab0a931b30fdbc2e6191e3cefe2a397f041fb325d675efcef96d4abd05

SHA512
d16767348bb995d1a806ec2189606b474803c3b4d583ed699ba57fb458969eed7ee5f0a1157e9e62dc099b28d8c5b255588246a987c8bc7407f5125cc91d6ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4d9fc4acd980686b1e8dffca8db6fb80

SHA1
f74de41eac33d611503fe8b24e278e75582364bf

SHA256
a2a73de3e2e343c47ade85d989f9dfcb05eb3d997794cfd8494a713db68b3da1

SHA512
bc2299cca3e677cc1d1ac980a9e1353ac4da518119dd9cf41bdc86409b5dcfc8d51a1ac2ea042caa6d200489fd8cb67b2fc33bffe8e21e98d2a620543c116216

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
e886c1a207590f0323972a9200395ea5

SHA1
e3820d0b84138f9223f1b366716f57fdc17c0bb3

SHA256
3cd51c3dffdfa48120efab76f5ed59d2bafadc8d8bf3ba735716745a5fcb7741

SHA512
13ae4db29ca6eb9131beba6504ac8f84dad7bed0f71d18127c277e2f873cc6785b76f42743a4bb47d5b7b9ab42ec3ecbbe9694ff8213a395439dfe23a3cc6917

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
906c8fccc45f9110152d5976dafbfa6f

SHA1
86187265ccbaa42e1278687a308be3312e885069

SHA256
63adbbe706d60f4c46ae86b5c033f25a70bf6d79369f5532277baf3f0b853af5

SHA512
7c424ef5e00f2ed24e6c1eddc9c1452e3fdc1451c62c9130f2b498b64106e8efc2cf6a16e57ffd3393bf165f74742927d8d0e37f2358128d84291054e11e4456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
8305ab17ef36c0c22ddac0b7414b339c

SHA1
0c8dba4d454b4fe08aa2a9a70206863a9f6034a2

SHA256
5ed182875631534abfb3318c9d9601fe3be3cee35c27684d0b22d6e3d18d4eca

SHA512
dfd1c7e991e93baf7350ba46f88e21ca61db83efb4fbe5494283e48d25fe568acf9356bf4ee1180d5a951c5fc130adcecd69cbe2a604809bb75552384e2d806a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
cd2f230ccbf0220ef0b90ef2e85cf4dc

SHA1
44a24a73a46b81b71d4d5fb4c4da3f2701a0f0e9

SHA256
ca9b76144c5a89e3000b51a17f8b63c6f4afa22c1929be683308ad61cc028b4e

SHA512
f2fa4a3701491b8309b9e19988280daca4f53889da7d52c345e38b62a8dabde15f3623c36e0be6a3fac23b1f383b2c9e743bd076375886299f72bbc40bed80df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
49c942d0774b2d05b13bf32d8a5823e9

SHA1
e57e50bda39142487bb889eec622324087f79b1c

SHA256
8068929d8b945247651e493c022c3e758b7060ea5f2a5b2b6bc628cd638f3153

SHA512
bfb28de9c15cee600c46a7c54098de5137fc9ab61597588ed2de50b18b3cd0ac418423364f6b27bbc8877a20e837811bd2c8616d3c13cfbc70b7374c46abc266

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
aa6da45ec28f691390e171cc26882b74

SHA1
65f4a21a74ac5672e812eac4033fb908bc023327

SHA256
8f8e0363b4e9a78e032269fa7d55b613e4549da9a33d87c969a39e9771bcc2b0

SHA512
09da254cf7d3d496db37f2d2e8960e3510dd1f8fba582dbb00815a943adc0661de0f872b94f2b11c1d32b4fe0bcade9b28b3614b688bbb6ae0e8a697268c7ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6e60d86fde9d5b79d44fcbab555df009

SHA1
a1ebfce3ba238d463ce3f8f7f6d04ba53678cdbd

SHA256
ab27bdf891a10fd583a2d8046e4a3013e4b7344e2b81147e96b822f0cb46e4f9

SHA512
3eeeca8dce264f2d9bf7ee58eafceb9bc43eec0eb403a241223ccc8a5da2c96cba1142cd90e70469536fb35b04fe8bf969af56bbff163ea2b917861c8666e8f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
729248ebdcc170e79057b153446cb7d3

SHA1
ebb563d7a9c59c28fe648b36a993e1bef8b97ce8

SHA256
43f508ec3cdfe1aa5da5b307b645c02966e65812c6f20bbb3866542c7daf25ff

SHA512
09ea242a2a9e4dc03d426c175b98a3cacdc4434fcd4d332b28051eff3a8a6ee1eac98c1a703852884ec3c9a2092fdfa3f7a96a9f83e1ddf998f6d948d2d80235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
4163d536d5924dd25f50b3f5c7eb76d8

SHA1
de51190b3ec698ab9d506a77b4c1600df05364fe

SHA256
9bd755ddcfc21f57f51e0abf2f5436dff8c69b9af6fd98b987b90572fc565926

SHA512
f61c68c35ada574914818ce4f3e81924cd7eca4b22c8705d9967e7e2a6fe82f1ec06098be3cd96d4f3146168dc612cab623bb192e44fd69d0f900825803be580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
6dfae3f486004a1117cea3b9f8b2eccc

SHA1
3eb9afc22139127769b64928af58fc453413e65e

SHA256
e7b6eb38cd4d58df1a7b9ecba6d798a8d2a806e97a7e864b4b8c3f42212980fa

SHA512
599dd2bf436f385ee84392eab9286c48a8a2cd994b1b095b75a09add09a5be921e92b6b9bde2ecfce74e8207a33e6c98f590340782210cddaad63586f117cf0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5a695ce62102c236628fd2fb0b366395

SHA1
9b175ef284408e2054232a9d62d7eaf4a6f32cf8

SHA256
1528698c7616b20b709a24360ab13e06f8bb3ecabbf8932effc6af4d4bd0102e

SHA512
8b053c65e2b4c900647f2cf9988e823b4a1040d5ffd1c29946e834c0a4d7fb3165c8ada83d01c38f12581de27c3fbb2d978298c03d82307ef16f1fa5f1db5c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bb052bb54472b06c69b30394f818f13d

SHA1
861685b906c5fcb9c8af2febe9a9b0e94b6f655f

SHA256
12b94a14852d1b9e0839f71891d248fb0bf53395a4ff7c6823420bdd85c42462

SHA512
71cd87f7e20524a64c663a4fb81682416724c46a07708ad0aa314972b4fdf271cb2881c4c600f8ef4e302874b20e73add839e08ed26c1bc3ed86056078c39121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
7344cdf518c30914a331c83f8b49fd6d

SHA1
8c3603030e69c335b0daf10db377e0a5d7b33481

SHA256
8a50aa4183884a2645177538eb2ca2ad8b336e69da54c0ffecef60b24d4e87f9

SHA512
82fe0b5cadb3e0480f66a84c901a87339f0f7c2e6201d50f9a718ce6f0a9983755de3034fa188e28aa4340d30fa01f77faf0ae79b375242623df3d19676e3bb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
984d8cac98cc2d5817d09f96a506cd23

SHA1
8189f62c0501bf8266527c1549fc288485a122ab

SHA256
7c2698fd0b9d0e2c4ef74aed7cb78c11b7023ae560a808c5c768330602b4a977

SHA512
f5d5633a4d57e988c02e8586295924e8e727a82cef87664a155a6d8d328c5bd028d0b3ca07559ff87882f8ee546d468e5d461656e86de121d2d4738e80b69da6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
47d1fd3c2312eadeca6cafb29f95c3c5

SHA1
4ba512cd6ce9355609e0ca302b4100e85dc96976

SHA256
ea1bd371ac8562af2f485c770687ce8c048657f34b6c31ca269e7270b468921a

SHA512
0020bfb13bb0c7ed9e947002ccdd19cb35536f509fb381b11e4b5ceea5f7fdcbb382fdb2c8a58c5ca3b83485e4e2f0416a36aae411a5d7b5d14412a50f9e0a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
53820a3715f339aa4dcd21bbb0d99415

SHA1
e7c5b7c22ede80e3b7de5e7c35e441590a43c1cb

SHA256
f4dc838918c378f258b8b7e81e9b6d12cc9142a31ca0b00a7f4f1dde8d28dacc

SHA512
088b7b0d4f31805c9f5da7a372fe658744377e94b95053e26d8161d6e04ff2c4a4436fb507acf656fc01ad25485ebb9996a460e9c2b21c5242833182765f0324

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
049123b782022622224f318056842354

SHA1
a412982afd05cb84eab8db678cfdafe912d6099b

SHA256
6983dd15e495c101dc6b77019a96ea40d9f47a24d606de2d893f9708c41202ef

SHA512
2c45eac0e382ef0a6fdfd423e6efb67400ec945fcd8a8d3c972bde8100bfccfd3fe594f69ba49ae1d84ee97a1fc29bad21bd52088bfef418551485d1548fca6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
fe3b09fe603e803191f4c2c17ed12d36

SHA1
89d17bf40e94031528d98fd508c09cf4ca807390

SHA256
ba191d6701239eb098834a1462ee9aba46946e545d90baf27e0871a8b74a51ee

SHA512
9bbe62ea168f0f115e0fadf5fa035239361dbe3b2ccbfb74d9e2b57ea4234952c1c67e14c0b263ab3499b1d4878065e550e48bb39c6050b33d1fda9da3984aae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
674c133035c31f59e3459a273ae392ea

SHA1
eb588132fb5502f91d2a976c36fde6ae5eed8ee0

SHA256
83ac5aa16c9e5421a6d7722452b29ea4baa147c60a3f5b3e5f117ed531da94cb

SHA512
08dc0df09d76b569196f07a0121cbe85d90fcb6eb824f1f547934a80c939670609083b762724a8ea7028d18831ad81cccddbb201c4d74135063dc284b474563a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
061ce33e297c87f0f8c0a9e46f90b5e6

SHA1
2ffdccf68531a868c67b5b30c034c83fea94e843

SHA256
823d54dcdec1600fbfbd1a4c86ffa959a8c3c3f494fc7567b003b8381384ed30

SHA512
562f2d99adccfe46c9ba6935f94d499f465a60d8195605ce3f37d80046c81115cd7b588889764abed34c093ac55ec0e6df6d2ebc1e6bf35a5cc23c2d5e883ca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe577eb5.TMP

Filesize
48B

MD5
f0614a6d70a2b2ce43ed16f09c39d2fd

SHA1
ed6bb8d3c570d9f93941c9c9f40dc616a562babd

SHA256
045dd9f8105382ef2b1bb33dd0be50af9cda98845ec8374f1b4a452379c00848

SHA512
8e6df8fa65e945661a2b0b0664c61cbb3b8d367cafceb350542dc1ec2a4f710650a139f04b8471ac3f18297b3d552464877e91b4f33a51870228910a171ceb88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
527aaa1753f5cd390e81d202317083f8

SHA1
0a3b2c1a8e152cab73894275e6e19cfe97efabfa

SHA256
c197a518308271c998bbf6ceaef96465d37f353e8e63882e76b1cf665c54be74

SHA512
2b1de168295a9e3ac6791b331cca88afbc824e62e53adb4431b4522d5df3b75f32e5e36d3ebec75b472cddfa8a8483745952959b02f6161d4c7ad44c27323e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
1200e09d798aad8ee6ccb324a15deeb2

SHA1
aa8b98bd697834080d1b5100358215a69bffea8b

SHA256
5676d1f0b8cae2143a76c4443fc77da69dcb6d86f30b4f53b9fe6cdaebbe5a5d

SHA512
0ab1483af73576ac757e051f9e221bd15eb63306b448d48cc9f253c744c6f305aaad9a2b3422445ada17a6ad38bc98472afb98744f934d135760f2fd6ed4b613

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
abb36bee066fcdb9f66e320edec14a60

SHA1
c5a07c8af5e0a27a108afb845a3818d80cb1113f

SHA256
b7f5708e0d47a667ba81956e6d10b67005f2e7b70d9b5125368f44513ff47adb

SHA512
35b006804f60efddbd9d0a7c1eceb1624c2d429eebd03ee662431a1e9dc74935f763bc1955e51b0abd13e7f0c752e85b357a30efd803b0dbab6e8c9622a6dc78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
10e231fdd8217f85791210e55e8d4025

SHA1
328ed4f4a79cf2ec20062d6d2d10fd08926b7668

SHA256
ca6fd9e39a45a2b84aa3b24e62529c9c76a152d79fd2885d3e80a7193b8e1311

SHA512
9eeaed75ec40d6ede769ed841a358255e52ff053247128691d8430d8840b35fbd738c2fededc737c5e7337a1695db049567ffc48ae5d8f0496c7da82f6a2991d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
968c3c57734a4a6f5344c0f67cf86cd0

SHA1
d2afc72ea4791016aae0bfcae1138e3b5cfd0623

SHA256
164efc7d4ccdf115897702508ea0e5b2dac6391e9beddb82d111b1630f03f639

SHA512
12e8632eb7f2c1606eea8d9175b06bfbee6ef6d85358364d5aed5298e81452ec58854ed04f25655a8c87628eafca3e7ac7c5a932794c596b6d691bea10bc2968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
94c8bfae28f5978d98a11948b0db9457

SHA1
9ac2ebc808d3e0742622b9c8559f0338280e9cd4

SHA256
7a5e609877364671a40b77c484c4a84518ff52e68ddd6f2400de87740da3dd21

SHA512
6c09363606f19770dbd13f6543a80bba05e4f7acc59dc63bf0b49cac354861f879a2ab60c97820fa43ef01557187f7e3f9bfec404f5f4d78f76e14d5e86e5b5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
165KB

MD5
5ddd3b73be54be99561089f666896c32

SHA1
874fbb00f39626d15eba03cbc7049fdb618470e8

SHA256
932d9f8ee5fff276bea9c11b0bceb2ca374ef3fef677e5596d63e9bb241f0a50

SHA512
309a70ee32b7d71327be96cd9744aef8eb3457046e91b91c408d34dd769cd4f5826fd730e0ad165e16720a8bb0bed0ad28e1355b855b75493949b28a14c01c71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
13090348ef948bd938d492a74bae3a48

SHA1
2bb085fa4ea88438279a1cbd332824819a659788

SHA256
add51ecc56348be239e468b84b4396e6bc1afb869a2a795262abd5a80b590c72

SHA512
8d080cde3aca1223e365eabc44013efa032944ebd75eba815737d91b44d8f3c40c7a0f21b6ea958ba66e10373fbd06b14f0665cfea7157fe3f70e17afe1f1739

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
2c232bad3b9b9037021e5852e3f2010e

SHA1
2370debe32cd14aad50734ec1dc73d8864e58b41

SHA256
2fe6e4ad750b9183afac63ca0b9c4ffadee7fb5258c430e930f7582428a0568c

SHA512
b7c5d524a8c0d18e8fcdbe6cc0165b4258320f9a55591c2f1cf7d047fbcf83bef312410ad3534545c580836f226c2e9f493d286d49e7a3bac153623b60b4fd2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
c1eb1d393a104fa3d67486461d3f3e2a

SHA1
ca2648b2acbef305be93e045a997c7f850f24a45

SHA256
5fae993b610f8208e3e0a33b4332c8e7144d83694362e951c6af461c25be84b1

SHA512
1498542960078a6933c9d2f94137c737f59f827982a4b33161ca8adcfc6603e129e96d7ebcafdbd81c63d7bf6b3f901233360a8327e7784763960b7189d94185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
57801d27f193bb161001659f90950836

SHA1
e99555db3df1b7bef80b19b90fd34f7c1b56e360

SHA256
0d91be850c00701552d71c5a27a6c8803ac452e18968e2e2caab652d151b9b32

SHA512
a5d7bac42ffb5d9d0b3002c6060a6dc0aa9ffff416db9f582e3ccb76205ca68940d6c7afcd186da762058ccd0e6641ece31ae1b8cd9475526a64abbe7f6ee743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
8549c255650427d618ef18b14dfd2b56

SHA1
8272585186777b344db3960df62b00f570d247f6

SHA256
40395d9ca4b65d48deac792844a77d4f8051f1cef30df561dacfeeed3c3bae13

SHA512
e5bb8a0ad338372635c3629e306604e3dc5a5c26fb5547a3dd7e404e5261630612c07326e7ebf5b47abafade8e555965a1a59a1eecfc496dcdd5003048898a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-wal

Filesize
156KB

MD5
18c8cb53aafd855f84321b1cdb9bafdb

SHA1
e3ddf48c894f2c6ec89e75f955d6923191efd0d0

SHA256
40d2386aa0bcb1f7c4e66d81441529907aeb99364688e1a8400bbe234a71e8c4

SHA512
80ac1942344739f68eadcd893f52b4cc418924c3cee51213e0b85cbc49d204fccd345e8c5f0c1fd773edfc6267031977ebcbbcf1b4c9b2beee0883a38e5be398

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
23KB

MD5
84b5f1bc195a6222f206b17e996603b1

SHA1
0977d729289199370a82df58e2a5979e9231dec4

SHA256
8c103258f8f41d60bb852ca9c6da03f32db9dde9b8c5a2a5e688e776619d6a98

SHA512
453ef62fa26666512bb257c5c9971ba0b87d47412a8b7256b62a61c2328141442c55f2f0183c7acfabea02285fb0dd8611dccce75635a3074857d0a6cf2a3072

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64

Filesize
31.4MB

MD5
a42c41aa9f9724185349eafe797efcc2

SHA1
239c3a8ac99a5f64b45e111c13ce3729f84dcf03

SHA256
ced814daeb0aec63b9dfccb4200fdd78d005c605896390c1d9bb445e2a1c7d72

SHA512
6c14c0b91c3af84f2bab95954cb4b4c70732438ed0d5c65abc034b3836ff0b4749f58a7831f3d59b317eb5da98fa2fdb3a47053827f046a6da116988235c1c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\maxon.lic

Filesize
1KB

MD5
23ecf8f9d4c863b3e4e5b0b3b054d5a0

SHA1
e5471a1c7dd1860323a711411632d17a533d2b61

SHA256
545cf86c4813484fead85b00cdca7ae9e9184812dec46b22df42a728662a009b

SHA512
29d88fc66c62d982851dd2228652f595a701fc43a52ed50e44f33011d169743a9163d1c0de20a192962fc9b3d176cf592739f4b6e83a991f5fe35b07a1604964

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\AdobeDownload\HDInstaller.log

Filesize
5KB

MD5
8efd3d2b37441306b0534e1b78f6eb64

SHA1
12815817f044fe05823c9469b1f2225cddcf4358

SHA256
a4799d9f71a13de702b93beeb978efd105d0038ab0aed5240403ae24563d9eba

SHA512
86117c7619e195521857d225ed50fcb4ac59340337f16a4310b3a6610dc506ba9812db71bc7ffcb24a815676af905532d9df404772d66ef5d8ac85545d67b64d

Download Submit
C:\Users\Admin\AppData\Local\Temp\NGLClient_HDESD15.3.0.468.log

Filesize
7KB

MD5
faf52c16d1e44905c75fdfc447405b07

SHA1
c1f69b0530fe53efe9f247ca011cc629430bad2b

SHA256
2c549b02bf40dda765487737b63ea4d51ef646a1d3876b9e7d0eeedb5e1f84fb

SHA512
637884a729fdeb20fff8b038e57ad978f0b9b5f3b9ce25624690d9f15ea94b40c7abebaa714fc06579a50f5de619c359bcf16b1bd7d1a1bb066916c4009056e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\datF223.tmp

Filesize
140KB

MD5
d070306a9062178afdfa98fcc06d2525

SHA1
ba299b83eb0a3499820fddcf305af0ddbda3e5d0

SHA256
8f5ccdfd3da9185d4ad262ec386ebb64b3eb6c0521ec5bd1662cec04e1e0f895

SHA512
7c69e576b01642ecd7dd5fe9531f90608fa9ade9d98a364bcc81ccd0da4daef55fd0babc6cb35bff2963274d09ef0cd2f9bce8839040776577b4e6a86eb5add5

Download Submit
C:\Users\Admin\AppData\Local\Temp\datF234.tmp

Filesize
140KB

MD5
e204643042591aeec2043c5eae255099

SHA1
ba5f2f94740400f540befc89f1c4d022a26faa84

SHA256
7f58f56a7a353f8fc78ec2757394a7c7f28165e6bbf2a37d6a6e48e845874f3e

SHA512
7196c5b8e88100a08eb296be7570df4d045268ad6bab1c45ebaa9063aa9b46b8896886e24a9f861e322b167dd95e18d5a18abb76f1bb01c8bc85c36bead855ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\datF244.tmp

Filesize
139KB

MD5
dfce51814cf6d2f42375f948602cd99d

SHA1
766e162ff305343010b67fbaa28b36af277c5b34

SHA256
7a8a945586a1d21d2922cb4aed9e28d872129f6c396ac69f47ef3e32ea972ba0

SHA512
2c9489c18719ad29928e86a9e631e080b024c882a77a582f40f4f86f625de9b08ad3c09710d5ee32b5cae5284fd960f412f05290bdb3b4709f097b269b99ce21

Download Submit
C:\Users\Admin\AppData\Local\Temp\datF255.tmp

Filesize
103KB

MD5
fa794ec12d353c26805ff53821331fc2

SHA1
cbc6658badeda2ad9b0d2e03a0a35ff7fbba542a

SHA256
cfdbd8a2aa463c11e483dc10c480acd274e9786632f5571a3970e8a20a2d8237

SHA512
1161afdbf6fc9b74421031fe6e139587f291ffaec03cae4aa76c1a86e10a69c7b1602ecbfbf60287ce8ed926377ad159992cde605ba98e75b212e971b7e14f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\f904027b-1877-4b66-9305-12ab95b3684c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1928_67887762\ef19f895-f737-4192-a449-3efd342d732c.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\{60315A83-283C-4A89-AFA4-8A690B5587B8}\Dictionary\en_US.json

Filesize
72KB

MD5
c693e1bd4feda683ae5c71f2bd6b9de8

SHA1
2f3c32dbb95623c52ebf3b608074afdfbcbf050a

SHA256
5dffe13d4c72f59dbc6f8efb439350518acd4e8e07efa124973cfd1a625f60d4

SHA512
a48c520b1432f208f7494759d316cf2411163373ef7ba5bb2b2121b4520beb2932d4ea612e9d2dc8997b6221fa2d44c9312928c79394a5d8c577fa39aa5007d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{60315A83-283C-4A89-AFA4-8A690B5587B8}\carousel\Dictionary\zh_cn\locale.json

Filesize
360B

MD5
9fcab8f3d4f4840c927531f5975109c9

SHA1
d433d4dfc1fdac136057f8fd551db01727a749bb

SHA256
b103e04a7ddbeefb389641dd93fafee6119f3316f4133702bb3af38bae92fb4f

SHA512
05a947de06e5594ff031fa4b9aeea39725db4648308ebe7bf12d4db875abadfa4f3982b77c5435de9d498da905ae8c8c69b96bc1dda954288b7f9d7a66701496

Download Submit
C:\Users\Admin\AppData\Local\Temp\{60315A83-283C-4A89-AFA4-8A690B5587B8}\carousel\images\01_creativity_for_all_445x239.mp4

Filesize
586KB

MD5
611ee2275f393240b162de0dcf70f3d0

SHA1
745654c1bf0ef8ec08de3e15ab31989bf212ade4

SHA256
ba418acbbd9a7f7f03e967be8ec9bdf2f7d0ff8bce55fcb19662e77ab5fb91e2

SHA512
20a6f16520953526a38696048f7d80ffac1f556045943ba6cc866c2d2ec387d602a99bcecdc330a84b68fafcdc5722e0c83dd78d1d3ba02329e1b13f736121ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\{60315A83-283C-4A89-AFA4-8A690B5587B8}\clean.css

Filesize
702KB

MD5
4f3364af3e396f92a8826532bfb1a7e5

SHA1
7f7b613435ece78a358f2066287c2f2c3c6aa168

SHA256
45b9b77499356527e9047256db96a542a720bf075d67e9f6ba55d51fd562339e

SHA512
c022a28656483106095967ec4d57eb743d04f029406c2c553c9d19c103520e274c0eea19f411bdb7ae16f388211c456a413df5a0a6097036deb0010573d49c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{60315A83-283C-4A89-AFA4-8A690B5587B8}\common.css

Filesize
2KB

MD5
1265d497504870d225452b3309b0e06b

SHA1
29a3b783e6f2f2cd3f6d08833b83c7848f8e3450

SHA256
4273a5d4ef990dead6cabe760c27b25f7fcf8a51177f1b31813ad8866a565330

SHA512
9aa8b24e800a619651699c193a7747b8673a3cd4f8a5d3b16ee35f5ef6161f953a904631b97d118339332a3d2c7292c910802f6e1518db18d48fab5e9eb91681

Download Submit
C:\Users\Admin\AppData\Local\Temp\{60315A83-283C-4A89-AFA4-8A690B5587B8}\main.css

Filesize
16KB

MD5
ee23e36c90c9fccd530504285d371ac3

SHA1
7a4e24d18ec723d38cd922e3845ff290f0299e15

SHA256
32616e0764c80efb4607a0dccfec7cf7862886c4ae80e6405dc3cc5c62cd0f82

SHA512
542937075a96f6afb8170c6f41915efeec5e067803606c2a26d29e6c990d93a255ad8cea18600cd0825a0c91ff935d057870a1724062543a8e2bc09c4041b375

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\content.css

Filesize
16KB

MD5
edacde36ff06bd26f1907ae092eac998

SHA1
c25e9052ee5b28ec28e2eceee40217302bf2caae

SHA256
257634b6fa84dce998b31d6497330f0a0661efbd270f58289fbe026ed95b6f2c

SHA512
7e8d48e71a51659ea52dccc2d7c542580c9ea1953ec9ca2ad77d3c0926c5bc77167f85121fab2dcb7fd4d6d2f04edbd90815b76979d3269994cf662fadc357e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\content.html

Filesize
6KB

MD5
60e80c05a9d6aa602626fec33cd99e3c

SHA1
7aeaac92d57fbabe5da2c923eb0ad1bb22e647ab

SHA256
5bd6a4bc514b2e697a0f0e8b7b8c0be0af34a9e1c25a628b286a5cdf8e1837d3

SHA512
838de7045b1ee4542d4145276b3fef5ba60dc10ed0066266bebb3e44c5485005d33dceaefb1cf3fd1fd1bc7364622bb85630957a243464c4c738a415b30adf7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\content.js

Filesize
36KB

MD5
d5e6dacf9aa3069e9241780cbc82d50d

SHA1
1b510f2e06b363b4b138afc409a811254f976dca

SHA256
4c3f64961a872731185c0db4d155c9db73f7885ec4596f15098857c5e1fe91f4

SHA512
a3485cd865098e0b6bad5b03936d8ca233eef42ae88f40d660e40a95cf8da1edc4788402c21cfce3eaf7084fadb35d121b1074e0e30adea4c01338aa1a327f39

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\adobelogo.svg

Filesize
749B

MD5
e7b1717b9eba236b9c12be7a980b5b40

SHA1
f1baa3f41ffa5dfff320b7e289964cec54f19a99

SHA256
2a48e8db0f3991de1088936f56c583fe615fae4b9e14f4ebe2b33d29138088f3

SHA512
9c8debe604372ac1fe3945579ee843f13df6f8d40f2c402590743009b39c5f80e859830fc422d7f8d447c4e30f1198584850de657facfaa2b84955d386563b88

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\alert.svg

Filesize
958B

MD5
332816d7725fc31725b678cff1cb6dcc

SHA1
876f938efb86c1bb1733b47ec279335de97576da

SHA256
8b5469642507c00b9130bf7ed17a1e4d221e2a93dfd4d2972163650c4e94d714

SHA512
5c4a678892b1a550a0c85e77f75c8b56febbfcd92c658dab198197ed17d7fad04d7b65f8adc17e095895366bf933421cae30e430e136870d3e02e9f89d115775

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\appIcon.png

Filesize
2KB

MD5
26e9b0fe7397d9c072da92fcf6951b11

SHA1
4ee24ef82e7ee4fcc980e3caeca90b6e0d99b59f

SHA256
e4c2314a50cf372465c97d955645455ccad1911eed45ff2c2de5a310316ab15e

SHA512
782b380a45eb82aeb69ae07938b9c0f211525fac4718c30b96c28d546a93be1cf000714df2375596cb6d237f3b3cc84f304fca73a732a7e044864ea329013425

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\cancelButton.png

Filesize
295B

MD5
7ae9fb845b9137ef10002fe9d0f5c643

SHA1
9f3fa2b29b1b40e1b6794e5d624524de297a8b59

SHA256
e9e5fc264337bf6845b2cf2720ddcde8936cb120328087917bf94c5911edd74a

SHA512
4420cdfbc47d2ac804f1c05840e4113b098ffc71e95e11ffe8f95342f5a75dc0f35fe8012984b0d645f1310b524f66069ae0c0fe053e0d601d39aded321c15cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\ccIcon.png

Filesize
550B

MD5
8d2c84506f3f48a810eb7232dc000d6f

SHA1
f4a238c1f7c02c7c907368b939efba7512c6be5a

SHA256
c4620bc8b293dd89db628d2002ef9fe02055e2d1cff1f07e18a3e2e4942ab7f1

SHA512
0fcca755a410c7ef4e6f056b7267aaf23d5063dd8230528fc3765ed1e3d12042c930f999a54498e754fcb3565df17636d7a5de2e95e142ae139d17a744ec93a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\ccIconDark.png

Filesize
654B

MD5
13b5f5e052334e0ad6d31845fc859e3d

SHA1
b71022382904d194a5d8f5cb3b1d0dd92e254b16

SHA256
87fd64c46642058fb6d7ae4ab2c71ba5df7ce12ffb8b9383edc7bb7a673f0306

SHA512
79e77ef0cc83c24d3d0f04a2340e248a8dd11469f43740b6453913648cf2c3c5592053dd4a5a34c81f3ffdfdd0fddc5953454ee0d44d3ac946b2ddbe17ada584

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\checkEmpty.png

Filesize
167B

MD5
d13cecc413374c4ddc22a9edacde8a11

SHA1
981295dd1f713584591716a6e753346b8a89215a

SHA256
b9c9ae215daf1bb5b6692f527375207aedc138891947e5f6c1c6b549c2ebf39a

SHA512
a717e64430a4680d09c555183c69705998fbec4cb8aa41ac6ad10df9fbd4f4e2243548689f12695760d5b191ed62a38a92558bc88a730004d7119dbe017c6241

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\checkFull.png

Filesize
317B

MD5
9f7974bbcc96f12769c1856045eb7bc7

SHA1
fa0b9b9d709718839ea525ab838260a4e124fb1d

SHA256
e7fcff2549114496e8141f46a7606f740bbadf22c9ad818c40d9ff9b9ea12198

SHA512
bc38c23791a8ad4e596e921bc5e391d39bea998434915d5c25b1b37015a089fe91ce9510774c48fbc91e52400c5843897a5780aa1c2cf5c8b73d3f89a2aa0856

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\dropdown.png

Filesize
224B

MD5
ee8599707751befddb2b94bc79525c15

SHA1
e118b48e25fe42d933377b03fb5a9a710e1c5caa

SHA256
c1f6844923f7c311d996d81eed6d8e769d52df6d95c898187d92997abbb2770b

SHA512
cdce6d59c807dd1d2b13af39e2fe078b0c0ad51b021dc30373e18bde2a807449051f3f9084afa15b2f6d943169c1bc246c7dbe6e965ddacacb961f67269fb548

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\dropdown.svg

Filesize
289B

MD5
4585f70294e7b625dcd1ea8c585067a5

SHA1
11c92ae523b0c588c5469814b0c3c7778cb3f133

SHA256
7e58a1cce147df03605a92ffda1b88ca26005c09d1eb9ae56f37accdebbfe348

SHA512
deb1ce83d9bdff93eff950ed267076e5e8a7bb43cd2dde28561c3d07f68094a9c99df594bf2fdcb38fddf9656cd51475108ad1b29f8c9d4bf197e6da5a093b03

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\errorIcon.png

Filesize
466B

MD5
7978536150734ceffaf0720837e8b302

SHA1
7c11361af6e41d00beffaf4ef9e677506b32164d

SHA256
5d10637927b7a623428560eaf18fb8eaf439cd8731199c3b4d251b9846841183

SHA512
da5bb4329783ba623e12d3dc50b2c080e8ac2aff4d4f25dc3e1d84561fd9b40b158570b98dd24618762562674fc1b7d10e081677f214ec859ecc5d0b477db0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\folder-open.svg

Filesize
602B

MD5
3530c5040ac9af92cd0a7d347f764593

SHA1
b815ef3654ec2c677e8f8f68d8527b6d8142b4e9

SHA256
daf26ad61aee6152cf7c0e8f2d3936d0c220de2a3c329e6ce0fcc007cb64ca51

SHA512
0ce187a12445054e270337b6bdd6b035e8fadb3b0a4e8c822833c12431bb520340fa509ab3e1df564cbf67700b9ba78ee246689267878d386e88f709d10c1fbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\productIcon.png

Filesize
2KB

MD5
c798f5f4b98fd335a77e600ce21e32dc

SHA1
3db71eb6d87c8a4fcc6fded25d420cf7ea79231d

SHA256
9b249680adc23b858b08a62ea83fd8373e3480ff6f9120195314897c6e5f2cea

SHA512
f74351c5a9535920a81ee42f8caf82bb0c97664b6928f921b4bc74cc446ee61884b1620bce5e57abd6e1a3311d6f70c1f66c459ee4531cbf0197093feadd29b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\spinner.gif

Filesize
18KB

MD5
7699a4c54b1f5515a64e93fe3f801321

SHA1
2e51f7e1a331d921eaf15bd7dc9721a742984d47

SHA256
9146e2390273ac868609dac1be7f1a0458b7d4f7ecdfe1eaec107b3211f33aa2

SHA512
4810abfecc92866145a22f73639264574958d6db1157da0b6ff0472c14d8171ffc633fc6ba04843fcfd617ce4f0c19633475d2501ace48f8ee34ec8fa6fded87

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A9F7B7D0-BEC8-41E2-957D-25728EBD10E9}\images\transparent.gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C3729931-9499-4641-8D5B-181A0E10600D}\common.js

Filesize
2KB

MD5
d98f70ffd105672292755a37f173c2ec

SHA1
c0154add295ac052f234a0282a62b704cdd01998

SHA256
257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3

SHA512
1909cc7e4da0949a469852240be2205209968b18b99f7d967bc0231de33d03c7cbaa9578972e30e95e6d7017aebf9cd70a55ba22cdc9d5774d2a237d3eb0971b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C3729931-9499-4641-8D5B-181A0E10600D}\images\appIcon.png

Filesize
1KB

MD5
3f64a3ca874844f34f9c453dc93f6015

SHA1
110d915aa2d8b7dec32f4878a45e7f73a4e1c8ab

SHA256
e6650fd88880140cd30b8881574390a4873e33d02f6a5f78a6d181a0d3afd0cc

SHA512
9f8d93524e81e3556f2b88d90d285f6f1eadaf5ff5313f8a431b350d89f65fec3525a8cfd2ca4935916f593d11c6873f21f2e81acf9e2bac52fdd39c0279cd55

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C3729931-9499-4641-8D5B-181A0E10600D}\images\appIcon2x.png

Filesize
3KB

MD5
ad561c76018a19b444a057498c69f62d

SHA1
c1960644cada63062124db24b9d230bd15b03a12

SHA256
db563de668beb2dd2002d4107ba8a24273dbaef8c484ca67f673517386b0e392

SHA512
abed95166c13850d497651f0c67e5c081c390ab63c5f187938d3d72862c08509c9295344a21730919b07c17d0882cc27fbf2473297b69b83554e30a972f737ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C3729931-9499-4641-8D5B-181A0E10600D}\lib\jquery.custom-scrollbar.min.js

Filesize
14KB

MD5
ab3adf4aff09a1c562a29db05795c8ab

SHA1
f6c3f470aea0678945cb889f518a0e9a5ce44342

SHA256
d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b

SHA512
44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C3729931-9499-4641-8D5B-181A0E10600D}\lib\jquery.placeholder.min.js

Filesize
3KB

MD5
e13f16e89fff39422bbb2cb08a015d30

SHA1
e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9

SHA256
24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe

SHA512
aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C3729931-9499-4641-8D5B-181A0E10600D}\main.html

Filesize
8KB

MD5
f4b7942d6563727bd614f10da0f38445

SHA1
84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9

SHA256
e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc

SHA512
f79b24ac78863a4ed87d41f37b2a5bc27017ebc5317f0a305d676090a16aee8a61384b476e7e9a68a024aa8da4784c1bd4f118766caf4450ec97af430e7074af

Download Submit
C:\Users\Admin\AppData\Local\Temp\{C3729931-9499-4641-8D5B-181A0E10600D}\main.js

Filesize
58KB

MD5
a8f9eb478c7512c98ca1ad46dbcc298a

SHA1
454226dc42b911caafc9a1e56d8ad0000bbb7643

SHA256
1df6cbdc80c1df47d93d6e7516a2d7017362413a6b9d93634e143856695c3645

SHA512
ae3198cc6ae739f3009359988f5c090664e5fe8422ad1cf739fe316e66f344c10385d1f841c7b0e3ca9f7997c79d95fa0559386b6dec10641ceb8c290b14f5b3

Download Submit
C:\Users\Admin\Downloads\Adobe After Effects 2024 (v24.5.0.052).rar:Zone.Identifier

Filesize
186B

MD5
46df3cc9b7e9184cb2c07806184c84f2

SHA1
336d23f80c5b2f4eb630fcf480c0338ffea67df5

SHA256
56d817aefdc6e18748f694ef559541ffb55b2d50781c0b8709d560abdb4a610b

SHA512
8746b45d57cb4db9719cfea5d350e251ad85260a4b260249baa8932c157f1849236d838b561d4b709f415340db915565c800a48734eaaa7724e3bd06fe162e50

Download Submit
\Device\CdRom1\autoplay.exe

Filesize
185KB

MD5
76ef16e94f77454aaffdfa4c700be85f

SHA1
9b45b3826706337a11e43248095fb2c62e42d14d

SHA256
3b9dabd99dc58a5242616cb6d1d876bca3046119a9b150c7d7868bf02202ea82

SHA512
4185cf9393877fd6d80ecfb7290c10d40a62fc7013d175e5fc91df56870500ea33b518e4f55b4e7d8a7865d3f7707fb5f49f621d5d944bb1edffda4734f99d53

Download Submit