hxxps://drive[.]google[.]com/file/d/1OyUpXT-1Tz-ZDwV-7YJ5tEl7r1cC0aWk/view

Resubmissions

31/03/2025, 16:37

250331-t4shhawm16 7

31/03/2025, 16:20

250331-ttetnawly4 7

Analysis

max time kernel
488s
max time network
483s
platform
windows11-21h2_x64
resource
win11-20250314-en
resource tags

arch:x64arch:x86image:win11-20250314-enlocale:en-usos:windows11-21h2-x64system
submitted
31/03/2025, 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1OyUpXT-1Tz-ZDwV-7YJ5tEl7r1cC0aWk/view

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
4140	autoplay.exe
3900	autoplay.exe
5332	autoplay.exe
1880	autoplay.exe

Enumerates connected drives 3 TTPs 8 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	autoplay.exe
File opened (read-only)	\??\E:	setup.exe
File opened (read-only)	\??\E:	autoplay.exe
File opened (read-only)	\??\E:	setup.exe
File opened (read-only)	\??\E:	autoplay.exe
File opened (read-only)	\??\E:	setup.exe
File opened (read-only)	\??\E:	autoplay.exe
File opened (read-only)	\??\E:	setup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	drive.google.com
2	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 5 IoCs

pid	pid_target	Process	procid_target
3068	4044	WerFault.exe	120
1864	5992	WerFault.exe	129
3512	6096	WerFault.exe	135
4252	1672	WerFault.exe	149
1088	3336	WerFault.exe	162

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	autoplay.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	autoplay.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	autoplay.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	autoplay.exe

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\Service	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\HardwareID	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000003	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000003	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\CompatibleIDs	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000003\HardwareID	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "11001"	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879116690139356"	chrome.exe

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1678082226-3994841222-899489560-1000\{537F5EB9-36D6-43CA-A73B-8C554BFE3319}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1678082226-3994841222-899489560-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Adobe After Effects 2024 (v24.5.0.052).rar:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
3616	chrome.exe
3616	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5540	7zFM.exe
5812	msinfo32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe
Token: SeShutdownPrivilege	2904	chrome.exe
Token: SeCreatePagefilePrivilege	2904	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe
2904	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
4044	Set-up.exe
4044	Set-up.exe
5992	Set-up.exe
5992	Set-up.exe
6096	Set-up.exe
6096	Set-up.exe
1672	Set-up.exe
1672	Set-up.exe
3336	Set-up.exe
3336	Set-up.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 3128	2904	chrome.exe	79
PID 2904 wrote to memory of 3128	2904	chrome.exe	79
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 1684	2904	chrome.exe	80
PID 2904 wrote to memory of 5884	2904	chrome.exe	81
PID 2904 wrote to memory of 5884	2904	chrome.exe	81
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82
PID 2904 wrote to memory of 4924	2904	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1OyUpXT-1Tz-ZDwV-7YJ5tEl7r1cC0aWk/view
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe6dabdcf8,0x7ffe6dabdd04,0x7ffe6dabdd10
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1944,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2228,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2240 /prefetch:11
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2372,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1788 /prefetch:13
  2⤵
  PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3216,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4108,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4232 /prefetch:9
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4748,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4664,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4996,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6312,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3692 /prefetch:14
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3472,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3440 /prefetch:14
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6252,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3272 /prefetch:14
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3464,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3284 /prefetch:14
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5380,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3696,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=996 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5220,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5000,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5004 /prefetch:12
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4296,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5124 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=4524,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6576,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6592 /prefetch:14
  2⤵
  - Modifies registry class
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5140,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5396 /prefetch:14
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5656,i,13366209710632689488,5506748190444493071,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4952 /prefetch:14
  2⤵
  - NTFS ADS
  PID:4068

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5856

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000478 0x00000000000004D4
1⤵
PID:700

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3288

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5256

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap4193:138:7zEvent21563
1⤵
PID:4188

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Adobe After Effects 2024 (v24.5.0.052).rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5540

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Adobe After Effects 2024 (v24.5.0.052)\" -ad -an -ai#7zMap7145:138:7zEvent22117
1⤵
PID:4964

\??\E:\autoplay.exe
"E:\autoplay.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:4140
- \??\E:\Adobe 2024\packages\setup.exe
  "E:\Adobe 2024\packages\setup.exe"
  2⤵
  - Enumerates connected drives
  PID:5552
- - \??\E:\Adobe 2024\Set-up.exe
    "E:\Adobe 2024\Set-up.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:4044
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 2440
      4⤵
      Program crash
      PID:3068
- - \??\E:\Adobe 2024\packages\setup.exe
    "E:\Adobe 2024\packages\setup.exe" -sfxwaitall:1 "cmd" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
    3⤵
    PID:5376
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
      4⤵
      PID:876
    - - C:\Windows\system32\xcopy.exe
        
        XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
        5⤵
        
        PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4044 -ip 4044
1⤵
PID:5952

\??\E:\Adobe 2024\Set-up.exe
"E:\Adobe 2024\Set-up.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5992
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 2172
  2⤵
  - Program crash
  PID:1864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5992 -ip 5992
1⤵
PID:1560

\??\E:\autoplay.exe
"E:\autoplay.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:3900
- \??\E:\Adobe 2024\packages\setup.exe
  "E:\Adobe 2024\packages\setup.exe"
  2⤵
  - Enumerates connected drives
  PID:4992
- - \??\E:\Adobe 2024\Set-up.exe
    "E:\Adobe 2024\Set-up.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:6096
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 2168
      4⤵
      Program crash
      PID:3512
- - \??\E:\Adobe 2024\packages\setup.exe
    "E:\Adobe 2024\packages\setup.exe" -sfxwaitall:1 "cmd" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
    3⤵
    PID:3284
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
      4⤵
      PID:948
    - - C:\Windows\system32\xcopy.exe
        
        XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
        5⤵
        
        PID:2040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 6096 -ip 6096
1⤵
PID:4136

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe" "E:\m0nkrus.nfo"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:5812

\??\E:\autoplay.exe
"E:\autoplay.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:5332
- \??\E:\Adobe 2024\packages\setup.exe
  "E:\Adobe 2024\packages\setup.exe"
  2⤵
  - Enumerates connected drives
  PID:5528
- - \??\E:\Adobe 2024\Set-up.exe
    "E:\Adobe 2024\Set-up.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1672
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 2184
      4⤵
      Program crash
      PID:4252
- - \??\E:\Adobe 2024\packages\setup.exe
    "E:\Adobe 2024\packages\setup.exe" -sfxwaitall:1 "cmd" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
    3⤵
    PID:5828
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
      4⤵
      PID:2944
    - - C:\Windows\system32\xcopy.exe
        
        XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
        5⤵
        
        PID:1336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1672 -ip 1672
1⤵
PID:2160

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:4136

\??\E:\autoplay.exe
"E:\autoplay.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:1880
- \??\E:\Adobe 2024\packages\setup.exe
  "E:\Adobe 2024\packages\setup.exe"
  2⤵
  - Enumerates connected drives
  PID:5136
- - \??\E:\Adobe 2024\Set-up.exe
    "E:\Adobe 2024\Set-up.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3336
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 2164
      4⤵
      Program crash
      PID:1088
- - \??\E:\Adobe 2024\packages\setup.exe
    "E:\Adobe 2024\packages\setup.exe" -sfxwaitall:1 "cmd" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
    3⤵
    PID:5856
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
      4⤵
      PID:3420
    - - C:\Windows\system32\xcopy.exe
        
        XCOPY /y /r "C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64" "C:\Program Files\Maxon Cinema 4D 2024\corelibs"
        5⤵
        
        PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 3336 -ip 3336
1⤵
PID:3140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\carousel\lib\jquery.min.js

Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\ProgramData\Adobe\Installer\Icons\AEFT__win64\config.xml

Filesize
269B

MD5
fc6656e65cbdbc92cc24b60eec7a3d72

SHA1
db7e3089c668bbbbad152acb66e9cf488708d70a

SHA256
2f917740b60e016b74a1388f71bccc5437d65b3a7feb3f89868a827ea04ab530

SHA512
ed7931a25b58fa3118770e3b585760275c0f07b9191396fc5ce5aba7366f0a4f47f84fc687393b600d2837969f8c77194b37cf6ab6c2691461c689a5b1e0e87c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

Filesize
471B

MD5
e06b6ee4e3f05e097a92ae51d0042c21

SHA1
7724efd541f3629b13ba49de289d06c606def4fb

SHA256
9f097b97c78ec7d9895ad61062fb087f6431cb173a2a6a3f42b856f5f22e61e9

SHA512
4dc18420b2e6cfc33acb650bf4c248c528e267683ba31f3a2230c4bf36f4275622cead43a15306ad0e0cb8248e8bf907760668f3a2b76b2e45158c76d7d86449

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_EA01B8AC2C0BE6E5850A0487D704D929

Filesize
471B

MD5
45d6348e5076b7fce23438430f69cdd4

SHA1
962c22cb24ee93da93bf8bdcb3858dad4ca45185

SHA256
9553cfe023655ca17f2e22b6ff98a8f62693e09d21ce7df26505cbac85c1c3cd

SHA512
c8f00677389109b8394641d70e1bac3eee4f1d102d51ff53dfe3c780a4bfe9e6f3b45d8e8181cb7aacce522efcf10e35ebc68a8bab86078e1315c1ae63e0902d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8890A77645B73478F5B1DED18ACBF795_C090A8C88B266C6FF99A97210E92B44D

Filesize
396B

MD5
bb958421a35cece51a8e8eccda031b22

SHA1
75d0a07a88f481e2e74ad24f80e862663c52fc54

SHA256
2988efec602d7f37abbbf9029c9f938d55d88b2b9e41b3ebf6489b204334a7f6

SHA512
7395d28b5bba70a2b744212caca03fafbad405dff434bc9accdb8c4eca82edc8925a10223a7261e113f4f65ebd5dad19b67f267f6ddecdf97f8175f82c7467ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_EA01B8AC2C0BE6E5850A0487D704D929

Filesize
408B

MD5
9930480257ecc65f6a897d9ce9642374

SHA1
c24cc5bbd8b2f904fcbc487e7d5680a8e984d31f

SHA256
e590d291f59eced2f5af03eaafffa6bffd182448b7b2bca743357d5db7271889

SHA512
8495ea3b9bc5028cdb0f2cde8edeaec08fd1e7faf20583dc70fe298a22e408a1a28ec403868bf77afaaff39b6b8b5755b51666b4f7c11652222045c0bb47d9cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\14685ca1-4c9e-4e66-9dd3-71a51db34d40.tmp

Filesize
81KB

MD5
b1cb77222ee9ca5d6e248228e52651c2

SHA1
6ef3a10b03b2345b2a8e44b99bc8644831b0a46b

SHA256
59f17cb9abbab57c0022162ffe6cb5fefa619d60ded980bb56df3c84d5117873

SHA512
54f4236e035f31a610d4cbdb1d8beba9e32beb0a60963cd3011532ff5ce8324b47a69e0ea19e7b6af3e79153e36dc57f9ec99928f54df7aed2e0481dac6161f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5d6976218471093c88edadbcf49a1630

SHA1
6c4fb002d7a2477acf8909f50a74a34f0d5eb906

SHA256
116e113a5323b5f3e915c32e6db3fc23e14ced91808a43f251ac6a74e05699c4

SHA512
c2cc943e46e2f6cf83d3422a89da2f05903f8275aafab7f8d2696cd6fcbf903da2e3b538ed8fc9dda6470b7f2efa051e036eaa9c8d615f0f9feb753e9daa2f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
38KB

MD5
f53236bc138719b68ccd1c7efb02a276

SHA1
26b7d3eea5d3b12d0b0e173ebf2af50a7d7e56d6

SHA256
787c14f8cc865430c03c96a345044b7c5b8dc8a032511a500d4a42228533acd8

SHA512
5485bc7ccce8ec75f60bca3be846086a4bd4466009c8e22da9cdd16bb1154529af2fb2667cd3a97485cc4f6635fb79ac0fdda4f3e1f39f25f6196f708a92d740

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7d12cfb0f19c08c9ff4dad7fd77402bf

SHA1
0b1a84db77ef053f16610ce5f9f68ada78c12928

SHA256
bcc81f8d787f2b367cbe700abb87589c7b94818b69f944b42a722d8b19e36e0c

SHA512
0d77b023b01cecee8276a366e86c5cdec1ccac111499c0cbea95289e5910cae7c5350e78d4d4321cf998b90a8a71f96b0ac7908443034c58937c55ebfe7bf37c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
6a0f93ea8b8d046e7e83dd024691afb3

SHA1
c554ba7701097abef6999f8e5f14853c0eff8e29

SHA256
290a8ebc096848e149f1c8db166618489d2d3acfadabbddce5b3a46d31639e5a

SHA512
204d2c163e3c29924e8f89043061379536af1d48d9f9682b9035a9a03031f9163a60a96c82ee9fc8e4d17f12e84569eabf1809a8f6619dd37cc32cf05d3acbd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\241a6f24-b006-4077-b6ba-775878007964.tmp

Filesize
6KB

MD5
e17c082ffee885262c73eb2103ee4601

SHA1
ea528ea8898b9709382f396e8d4ecbac773a9e0e

SHA256
735286b50432f4009775742d0f835904344dc4f7e12dd411f06af6d61aa4f96f

SHA512
d934c7a701a051ee53ca6008d5d9fb6fad791c4ab9b37ef4e690975726fc24b397ccfc0da3056dd6f8414d080a7ffcf3971608a4e85210c2b4a02a571fc86fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
843287773f3ddefdb819757277ee0385

SHA1
51020cf38127dbd628b2ba09aa21669fab499ee0

SHA256
05e4bc23320a9d07caf3647d2f87bb4eab8ab6131c31c1cd3aa3172f3c3f08fb

SHA512
da8e08b28d9f42c65f93fc2c1f88a8033849bda96e5c2f40145c3e34167e4d9aafe34716692e87625a931deeece02cabf5cfde141c25844b7f2cc6f8792c84f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
38c48981c5a096451117cee6732c2364

SHA1
57d8330167607310c92af3b752f5b46cb1b5559d

SHA256
4d6e2871adf742756f438f3dd57f25ee9d34e5ea6e60f280d3b1b9b592888fc6

SHA512
60ed2f147da938cf72b96d325b5df120453f6ca2f5170066461daee2f20204a54062c0d0c1918136fa6bfb1cc1198075ba40167e752571945244dfa0cd67e984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c1681100e50b8df092533dfe9ea5f5be

SHA1
c248ed2779e679e83dd761a419125dcc9ce384e7

SHA256
8cb543ed8dd1fe35faa6672ea4e6aaab30d97493e163a3f01954e8d777040ff3

SHA512
374f36e8f212f924826a6adf85919f78e9f8713da7d96328d6f7f0292f5b2fc808e87474a4354c133bd9807ed3844fc49bd76a0cb8bb422c903311e0ca9f7260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dc5e2acbd2f13d9da360a5e2b048fc78

SHA1
c85b174d729688262def965e5de6333392ab6a7b

SHA256
1177601e5bfe926eca7cdbd52e3158d465a59d38fac7acf3b9f6e15264ac1e3c

SHA512
df34bbf21fa429cf6e9ec0d27934aa646ebd39c76a98ac7094f47aa6a0326dcc14980ac07078a4d4fffea6f9cf7c6c742176f4aceabe36f91e7d06cbb22ad621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b1be3ae1deb60b74afa28b8db43276cc

SHA1
96943b7bde5b0f3f9d6e51716ee02adc7ce322bf

SHA256
86fb60694922224d9520073639fd15bbf1a3abaa88add08c3095fdcb48986d9b

SHA512
78ccfd4764eb8377a070a33dfbb0952ffe02bfe135e903bdbbdaf0fadd3178c618a1c503cd2b2d3f4a1c881e3873844c921ab518b6ce6aca2eb556136806a0e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
279925672a25fcd1f41fd3fb24efc57e

SHA1
23bbb1ce38e531ee3adea2f3ad3af1afa822aa22

SHA256
74ebe751e43b489efe41757335d870689c084b54a10e0c79a5d6089b5b8f7def

SHA512
f2c0b7cae6f3e4bd1d5a38bd830cac905f159c895ce3e348ea7dda810b5fe911961650a7b1180eac78e4a06112ad203ad28be686b442093402d74184f08f587c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
14ca50df8aafdc87db65ee43263dcacf

SHA1
96cfa3986a313499b134f38447fb9091bc151268

SHA256
9fed7fa68760210b2c09c5e3018354469253bf1e74d614f9b3a1632002367009

SHA512
d8de1ff2bafd6edcc23a5728bcacf0f537b63669d94d088c94dab5b4c5a086c746ff9ee594ee1a29d607372daf7d5e6b1e441417b520b728feb41334298924c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
f9be451e32cf18bdfbf67101fbba455a

SHA1
b65cf02cf9078f74975bd2defabad63dd7b3420e

SHA256
9e1f5fe479cc557774dcd13980c324d617b7242e2d72333f7d8da2125d500aa2

SHA512
7d51d889818802dbab0cd29e2628b899a722139c23d4243c5a978fad916694cd0640b1b9c35b8d6e1284d6f4e9acd4d9badca44f086ab770198190a3256eb888

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4d792e0c7b1370b736b29d9eb778433b

SHA1
fcd6150bc5c6a524cc2ddc101d38481f6cb629d5

SHA256
6093798fe73d379dcaf3e169246e006361e71f3850c81964e2a1a29f4460f01a

SHA512
28927dc45f4a6ee5381b15f72c62541ddbe023adb6860fd29d4d1cbc64922a478e57acef8a82fba6a85e71b65c99402506f87e1e3d10dae42b24d93625ec7894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
142f767fb6786bef497d4a92db1b91bf

SHA1
7b880a2d360802c2760588fb50e8d2916526fc8a

SHA256
82bd6368d2e66fdfba0c689ec0d7b7ff3e0e6295faeadd90b916f416abfc6543

SHA512
67e40eba064edaa0071dcd5a4bab14fd7b9f0dd770229269ec43076d470e1524866b584251b01affeabf52270a5ac31aa5b1214f257935ad0eae0e4119b1105f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
049123b782022622224f318056842354

SHA1
a412982afd05cb84eab8db678cfdafe912d6099b

SHA256
6983dd15e495c101dc6b77019a96ea40d9f47a24d606de2d893f9708c41202ef

SHA512
2c45eac0e382ef0a6fdfd423e6efb67400ec945fcd8a8d3c972bde8100bfccfd3fe594f69ba49ae1d84ee97a1fc29bad21bd52088bfef418551485d1548fca6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7c3818690913ca1f186e9e3fb324f8d5

SHA1
8585c21093cd17446a848af84f004158a5d0bd60

SHA256
7b07632c830755c9851b4ef0753a6698ad7a75c04a0a4140b341dc31a0b7ea81

SHA512
11a4f46ad67e6a01a374770861d7a4b3d4755d99760db1062d7abd3cf11a74610c265a80ec69bfd07be3b3071a84113d89efa28b7565b899c4776df1c478c7ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c822.TMP

Filesize
48B

MD5
01dca7c7d316d16fb2698fd91d8c90e1

SHA1
7794ce6f1a51bb8744f1ce89655413189333f7c3

SHA256
e793a5cf7699cb2bb006463e1c7633ab9de233d8089f14b52f50049324bd2695

SHA512
9f74600712d06f494c37c58a2aa39d61257064ad75aac5b50eb15c217fb536922345e60d83f60c639314741eb37f5f2a9187b077a4869f29c58321689b72645b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe598f27.TMP

Filesize
140B

MD5
7e96d54773d18c3d61e4371048847bda

SHA1
70a9d0d0d93035cf114d0817aab12e86018e448f

SHA256
57bb6327a2d5db845835ff340bc2eade35901389adc2dba18869d30389162829

SHA512
d494c4cfe3cc64df391ef1a3594e339b68d5a05810ae6e0a2051a7deeb861d3d4ac2cb56e44780a1c536b5bd4bca96f03052f30541c775477bfa7bf33a5e3fce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
a80266a5c37396b283f53df370c4b572

SHA1
e954cd583ed24fd291a7e25c342dc6cfd4461e53

SHA256
75a6ee067d5f59270ff8426b4952dbee95d75ae385fdc85e1fd727d6da0a1ac2

SHA512
955cc1c95fea9555f6a0aa515e88b82a85bb4ae5d864da2be2077903d1862c4ec9ef0d662aeeafcfa8c71d2c2b72bfe48d97e339e065e17a6dd3757f42a0974d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
dbabe731606cf8155058f2eb296ff4ca

SHA1
cfffd7b7597ed5541de9b1ab31d50b0178cfd26c

SHA256
144ac273cd463232ff43a3acf6ed68d7d87d1ff3ccda7c8c13db3554c57162d6

SHA512
5eec3eb55f91d824041934350b1b63f1fa93650b9d1de61e78a3cb3600b4861f95cd904c32ee0e86d075294f4213aa6252dcd991a6206fbfcf15a7d02afc4a83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
cdd323ba2971b6211dd4ef8253183261

SHA1
b3282ca3d95cb1093c43bf70fafd70d5553ef4c9

SHA256
e97750f941655c206a5a7f787ca791ca68842954d6d4faa7a9dfdf5a098b7646

SHA512
dcc60475c589f8a90107962de0578c724e5c3d8edf3e31f36dfd5b3e9d1967fa929adbc2757ecebc183a2d2e35fdcd2093247f3990c1496a35e2aa3db11ffd15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
83c5cc8ffe9b79eda1fe0c5b93b32827

SHA1
3f88427d0e42da95c3e16f7c01842ff10116c348

SHA256
a88a5f5f20d0b2f28581cc8532ffb9e304cbd5e5b04d8f1fd6666fbd3fabdb33

SHA512
270d9f8b00c3a27d05aad10c776a94875da8e05c272f728c0b9ddd7b7256a5c0c545ac01ba7a0cbdfe60f6cbd257bf359293138dac828576281312922b143196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
369ac008813fd73e5eb1e771fb59d97d

SHA1
be078c206242722091df9358c4d238e7484a1fb9

SHA256
36700a078415c314dd2ff4eac12dd350fd4c4277965d64058d340919114399cd

SHA512
65ab64c45c47470332d708a5ecf3e60bdc4f8b8986e64887441a2b1538a9bff034c4edf7dc7439bfb877d286b143bd2fd7fd84413b609baf70f2086a5ac696e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
c8b756c62edef598523729f5c3606bf8

SHA1
6103292cc4c882802dfeb6f8830bddb3cc384136

SHA256
0a05767f75568c1a1a37c5a0af7b8bd288df2180fdba0b6d363d4b460b5a06f1

SHA512
2aa077fce5607e6df85383dd54aac4f4e652e0f62e5d87388f17f35c18be43dddf88b701cb1a7f9a58373145a6b4a1ef2b597ee0892176f9be0ec0584e223712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
81KB

MD5
de7fc4f04acb8905a56f8d785ebefd9d

SHA1
e5efc5ff143c6c5bbcb002de4e9ceaf17a19c89a

SHA256
3b01f9d76b751dd4af16922322e71c58521c815ea531817d0c1ae169fbe71316

SHA512
73686fa2de0ef9121742a1785674e57aebd72746c6c4399f76a0529366290aa94f5d634f4fa1e6222b816ca2bf65587ec779a308a0147757a7c86d4f4c1d5a9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e034a271-6c6a-498e-8970-aadc12bd2cc1.tmp

Filesize
81KB

MD5
99dcb7500da9467ca232c21ce92598bc

SHA1
b155367ceae7fbc84f93a7028d58e55f280994f9

SHA256
042c47d1544f386b8f34e14037193e864f216a0716b2e201ab4e3d3aaece4597

SHA512
ad29ee44ad5eed660f27ef7ff4a5b78294028c103ea8fa85220a700146169b016131a2ba228de9c57d59516d7e439c979a8f1d82bb96a66a7dd367fb06bedaee

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\65b5fd52-515d-47b4-8ba8-5854934796f5.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\c4d_base.xdl64

Filesize
31.4MB

MD5
a42c41aa9f9724185349eafe797efcc2

SHA1
239c3a8ac99a5f64b45e111c13ce3729f84dcf03

SHA256
ced814daeb0aec63b9dfccb4200fdd78d005c605896390c1d9bb445e2a1c7d72

SHA512
6c14c0b91c3af84f2bab95954cb4b4c70732438ed0d5c65abc034b3836ff0b4749f58a7831f3d59b317eb5da98fa2fdb3a47053827f046a6da116988235c1c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe After Effects Temp\maxon.lic

Filesize
1KB

MD5
23ecf8f9d4c863b3e4e5b0b3b054d5a0

SHA1
e5471a1c7dd1860323a711411632d17a533d2b61

SHA256
545cf86c4813484fead85b00cdca7ae9e9184812dec46b22df42a728662a009b

SHA512
29d88fc66c62d982851dd2228652f595a701fc43a52ed50e44f33011d169743a9163d1c0de20a192962fc9b3d176cf592739f4b6e83a991f5fe35b07a1604964

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\AdobeDownload\HDInstaller.log

Filesize
8KB

MD5
acba7eb6a0b03be8920a6b2e74dfc4c0

SHA1
38f654725434ac131f985a6d4b587964a416175a

SHA256
da79dbc9fb5ad6e9c32c0ff2e37ea88e8f9888d9686c2c0e0792c700d32ef37f

SHA512
4f02d727d289a346c64ef24dfb0a411a97b667c269eee3c9c4b6f2e58b09493db87cac5aee407a0e0d28548949b8e00b2ead92205465166880144ea50747d092

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\AdobeDownload\HDInstaller.log

Filesize
3KB

MD5
d519ee7bee15b599e6f3099a6f728c98

SHA1
582b1a098a2ab43e099d4adfb3d6d33b1c35fcd0

SHA256
9e73cc8bd6d548e436a55312ca77cb98011cd9352ed31a0785da813960c274c6

SHA512
441e1e53b99ae0275df98aa2b87e0f8def14ebe35c931463264fdde6e862091874e2cbbf3699673de224e895ffaa7a7f7b784a33dbea9dec2f472f7cfc6283de

Download Submit
C:\Users\Admin\AppData\Local\Temp\NGLClient_HDESD15.3.0.468.log

Filesize
7KB

MD5
3996948399eda3e12ac7f9da268be057

SHA1
789089fd8c22ad83261c67c88ffe575866316e74

SHA256
19a1e17b49b11c69a49a0a8a14ce9408be52d8479aed030d23239e4b7c6835c0

SHA512
c3e003c476b0987f4a0c2ea625739627bac0c3427c44116472f933f753194b5727deb37cbce52e2b9aa2a18fc051ae7c83dbb39a6aa2cd17c4688ad0ce651ba2

Download Submit
C:\Users\Admin\AppData\Local\Temp\NGLClient_HDESD15.3.0.468.log

Filesize
1KB

MD5
0715589b92dd10d9f78403a74783503e

SHA1
a3f2feafb9862cb471929674ced69494396c835b

SHA256
31cf052eb937cc14255c49563926164e7bb577a70a4d5bfa34a9c012fdf51962

SHA512
96fb4836d1b20fa3a86227e9e6eb259fcaf74420a401b7d542272454b31b63ab2cc55f22dfbc77cfd3b0e4774974645dc5a9d1fc1a6f3241cc8c5ff867ad85be

Download Submit
C:\Users\Admin\AppData\Local\Temp\datFB4B.tmp

Filesize
140KB

MD5
d070306a9062178afdfa98fcc06d2525

SHA1
ba299b83eb0a3499820fddcf305af0ddbda3e5d0

SHA256
8f5ccdfd3da9185d4ad262ec386ebb64b3eb6c0521ec5bd1662cec04e1e0f895

SHA512
7c69e576b01642ecd7dd5fe9531f90608fa9ade9d98a364bcc81ccd0da4daef55fd0babc6cb35bff2963274d09ef0cd2f9bce8839040776577b4e6a86eb5add5

Download Submit
C:\Users\Admin\AppData\Local\Temp\datFB5B.tmp

Filesize
140KB

MD5
e204643042591aeec2043c5eae255099

SHA1
ba5f2f94740400f540befc89f1c4d022a26faa84

SHA256
7f58f56a7a353f8fc78ec2757394a7c7f28165e6bbf2a37d6a6e48e845874f3e

SHA512
7196c5b8e88100a08eb296be7570df4d045268ad6bab1c45ebaa9063aa9b46b8896886e24a9f861e322b167dd95e18d5a18abb76f1bb01c8bc85c36bead855ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\datFB6C.tmp

Filesize
139KB

MD5
dfce51814cf6d2f42375f948602cd99d

SHA1
766e162ff305343010b67fbaa28b36af277c5b34

SHA256
7a8a945586a1d21d2922cb4aed9e28d872129f6c396ac69f47ef3e32ea972ba0

SHA512
2c9489c18719ad29928e86a9e631e080b024c882a77a582f40f4f86f625de9b08ad3c09710d5ee32b5cae5284fd960f412f05290bdb3b4709f097b269b99ce21

Download Submit
C:\Users\Admin\AppData\Local\Temp\datFB7D.tmp

Filesize
103KB

MD5
fa794ec12d353c26805ff53821331fc2

SHA1
cbc6658badeda2ad9b0d2e03a0a35ff7fbba542a

SHA256
cfdbd8a2aa463c11e483dc10c480acd274e9786632f5571a3970e8a20a2d8237

SHA512
1161afdbf6fc9b74421031fe6e139587f291ffaec03cae4aa76c1a86e10a69c7b1602ecbfbf60287ce8ed926377ad159992cde605ba98e75b212e971b7e14f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\Dictionary\en_US.json

Filesize
72KB

MD5
c693e1bd4feda683ae5c71f2bd6b9de8

SHA1
2f3c32dbb95623c52ebf3b608074afdfbcbf050a

SHA256
5dffe13d4c72f59dbc6f8efb439350518acd4e8e07efa124973cfd1a625f60d4

SHA512
a48c520b1432f208f7494759d316cf2411163373ef7ba5bb2b2121b4520beb2932d4ea612e9d2dc8997b6221fa2d44c9312928c79394a5d8c577fa39aa5007d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\cs_cz\locale.json

Filesize
405B

MD5
0e66bd0983b2c3516613cc751d69971b

SHA1
551c857dad708f8e0ddc6b618de7966c254abe0e

SHA256
7d3aecdf9b1ea5128ef87a1e6e74dc3e283fb28dd6af8113b4e99040b15747d4

SHA512
44779ee6d29d2747774726b2c3f76a41e6775548d57705f16d59ad3a4ca1be44fb6cd12d1ef0f6f8f228911fc317f6451c403d04f6f1fefb097c8763d5801087

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\de_de\locale.json

Filesize
386B

MD5
d3f198446f78d6e17d85882563ea6b36

SHA1
3bc7c9cc9182935e4ea000ff951ce9493b99fd70

SHA256
e683843b5ecbe6bafd03c26c3762e9e4fe37cb5dc1d9a7188c9158553f3ccdca

SHA512
d3516f25c4f62a5f0787a173f73e001a149e9fbead9ca85964b94f1786635b246ddf182cbf6a46607938c24928939f41c1812db6b9260a81b70cc20b8722d046

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\en_US\locale.json

Filesize
353B

MD5
031aa6225b953a69e223fc71566058b7

SHA1
45a89a91cc432bdb698be076c8cc1db027b3d50c

SHA256
b754524e0f798d8db77bc777a0fed09978fd3fc9d4494f227b7fe07185efd9ce

SHA512
e61497f74508016c8ad755701c907d2d5e053f6e2d7b1228feb0b9276b8ad202975d81ab2806d5c3593adf6ca1bd320d6bbd6a59e565ed300060e851867b52d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\es_es\locale.json

Filesize
390B

MD5
592ebf7fadf7792f05ddae25d75a9d59

SHA1
2853af5a44ee3163261bb471cb7a33f0a0bb2ed6

SHA256
1f10dc92034244bbe5435c8d0029773025b929a36f3d30a4a5a3a4526d8a874e

SHA512
59ebddad4576a121b43181547cf0f806e7fc1192428e782233f3e20c4b75e0e7a2febfa809efe7f9296eed38ccc63f9d4f6850c8cdbaabf06ae99d80c93f2f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\fr_fr\locale.json

Filesize
383B

MD5
47c7066b8c2d86ae7047ba355e57230a

SHA1
5702d5eae9b69896db0e2c9ebe8d6f7b83abc6c1

SHA256
e9c432fa590566d463502adcd51a129f789ebc01c59f6409c5734a0109f05156

SHA512
58a0da179b19c507f1ffe8fe4ca1312f2f0c8799c8f4f53a279b1bdfde311105c76bac187ea179598dc7d13fd32fd002fe0f06f5aa1b1a67cf147e7a02dd9f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\it_it\locale.json

Filesize
495B

MD5
78d8a38ab29f2c70fc0552038763561c

SHA1
51ef11689a9e8fd6cf629e2c0238e12d59341e72

SHA256
2c5ffe288391affe2accc1988900d02c3517b652881fba852994d459434239ac

SHA512
969cabda8324cdf3a9cbe0b0b8fdd2a611ef3b813c012a749a89d792c9a9c6ef3ee513c53b76065efd6d1e93ddfa5c31510bf3e25be2fcb86592988cb4abe591

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\ja_jp\locale.json

Filesize
435B

MD5
8eefa1bb3912183d9e3438f91c098841

SHA1
d06c23d25afc8672eace3d214798c5122b664ca7

SHA256
919cba4b8a59f6b69ce16011e50f3bafc76efe58b21032501626cac364d48e9d

SHA512
5027e49717b19842438388b57232b8739e8a1cf15642bf9806e7eb5a749ed9c7a102d2c876cc8d9cf2113558509965cd638b128519071ff6cb06e1b4d5ac7af7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\ko_kr\locale.json

Filesize
406B

MD5
3a504ea81ba343fab1ebe2a10efaa1a2

SHA1
eddd814cf6ba568a80553a5516bd588b18ce5a52

SHA256
9b4e351eb416e95f6843224227857c528dce2d7a8bd64876204879138208951e

SHA512
57a52b016801fef387c8d33b483dce4d5bd518bd9989ffaf775df4b4dd1bc83e614bf3ace69f779c5047b0bde6b7b4db861530700523acf25110d8846b7e13e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\nl_nl\locale.json

Filesize
386B

MD5
c4d0d42780213ddf399e83c60e8f25ca

SHA1
55c4589f3d9a514dee78fd47e7c3696b3df60c79

SHA256
416b4f94812ac0b6bbeb1a5e4f06e587f4ecad75b8efa02072eb7ae92b622b34

SHA512
74edb2fdbdb07a4fef43f3b61bf08188f4ba24cabd75c50c2e53210ea38e345ac7211dab5e761dccb6e0aadfe901b81cf27ec851b640474ab9979996c8841398

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\pl_pl\locale.json

Filesize
415B

MD5
440e7340c381b936d04d8206e966d44b

SHA1
3f5743e2392c734a546f7b9f75b616ae4a121f40

SHA256
7aa4d5a764e0f0a9649a5faa24f14206d0ae44f3e386ed002df2e6f5d359f0a3

SHA512
3adac1c7c6dffd76f6196414919b051cb9152ea073df1313aaff549b7d8d77b73683a83ce03fd87af6a10a6c9223a07c05130d8e96b9d998dc0104fdadee5b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\ru_ru\locale.json

Filesize
626B

MD5
3f1235f9c362e368fe52fd708da455b5

SHA1
88bb2da22e940527b61ceceb4d78c992af78126f

SHA256
454f7fe589e1e08f2cf112eddaa839b60951698a84ba87e7767d4dbbcb3a038b

SHA512
d1dce3df39db2db386545f71a5a67b0725906878983944bc97ddb3c95f706cdc71a7a04d717a28428a7e682adcaf40f2f94561c681f4790989876f5c1bdb2bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\sv_se\locale.json

Filesize
378B

MD5
690dbabeee5810ae5b68027eeb148f1a

SHA1
f1624c92497acdfbc53ffb5a891c545b293d01c7

SHA256
270157002492ad80fff2d47f9cdc0257b72bafed053556ddd5b14c910c6a9a8e

SHA512
01f685608ffe85b4beb4bdf20b701944f7b83ab0fbb90b39f379053285e058610fa9f4c6671f4055586674a9a3a849a2784ddede476e4677be9667f3faad8b14

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\zh_cn\locale.json

Filesize
360B

MD5
9fcab8f3d4f4840c927531f5975109c9

SHA1
d433d4dfc1fdac136057f8fd551db01727a749bb

SHA256
b103e04a7ddbeefb389641dd93fafee6119f3316f4133702bb3af38bae92fb4f

SHA512
05a947de06e5594ff031fa4b9aeea39725db4648308ebe7bf12d4db875abadfa4f3982b77c5435de9d498da905ae8c8c69b96bc1dda954288b7f9d7a66701496

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\Dictionary\zh_tw\locale.json

Filesize
361B

MD5
bebb9ba86d130666f1dcaf88abac5d9a

SHA1
e07ea165fdfcaa1b073f77f891c248b1669235cb

SHA256
efc69bc38f34fccaaa7fa985dfbd75c0196da23971fba3df349cb8953657e7b0

SHA512
aedd79f53b6f2a923714965320db4e648f8560b6a6d3e53d39b36d16a55d1f9f19bc898b9aad4efe441392dc424936d0b7e04d0a15f1423dd5dec81a7a55d90a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\carousel.js

Filesize
2KB

MD5
5da0810c8deef06889a90c123117f1e3

SHA1
d2827dc03a251ad646954918370fec7955d15cb2

SHA256
6e36062110f96eec177317ae1a1b9e3934131d3c3a09e6b1931feea24a5b8533

SHA512
2fb0c5c9599420134bb75c8398777967c92bde7fe9ab52cbc8c1d93850214793e82d08a9366777f8a829a507a0d42b89d0a423d7235ef3d5fc25f629f1d75bbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\css\fonts\adobeclean\adobeclean-regular-webfont.woff

Filesize
30KB

MD5
6af297e58edc414ee90c76c2d3ea8678

SHA1
7497d181cd6fe3a4b01a4f8b6ba6a47d3fa54333

SHA256
3e8f59db6dfae287af8dccc0fdf5e15a8aa2a954c2c232bc6c64536e1a27eaa5

SHA512
61e14f8e605c4d2b52c9a874f40e73fde43625bc468ba3c7316e7672cffd05b7c1766c875fc1b48218bd2b6856226645ee9bcb45810eb7121c5dbd0c184b7d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\css\styles.css

Filesize
189B

MD5
3a0ec2d2c5020a3cf45c13a87434b285

SHA1
12275d4d51de801ce28c88a0c246de22c6d08120

SHA256
406288e48ced388744e5165a1ec4266f419cc409e4a70036e4b15a93af5c42ab

SHA512
a7c6d55f64d91e5d71661e040f4d06d2c873e0b2d2a3b2e52ff60d230a7c7c0924cd0ddc4dc124d53736c934023a27d6ed77c1266732f0b5de5dc75b02715c8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\images\01_creativity_for_all_445x239.mp4

Filesize
586KB

MD5
611ee2275f393240b162de0dcf70f3d0

SHA1
745654c1bf0ef8ec08de3e15ab31989bf212ade4

SHA256
ba418acbbd9a7f7f03e967be8ec9bdf2f7d0ff8bce55fcb19662e77ab5fb91e2

SHA512
20a6f16520953526a38696048f7d80ffac1f556045943ba6cc866c2d2ec387d602a99bcecdc330a84b68fafcdc5722e0c83dd78d1d3ba02329e1b13f736121ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\carousel\index.html

Filesize
2KB

MD5
4ae648f880552834e7b1eb9cd143c974

SHA1
41b24162122c6f4a284e7fd48d95b3a600edb638

SHA256
3272e9022f5f25c56d7a54df2f03aafcb1cc8519e9db41af7d8d3a3c63e88cc2

SHA512
9ed106d6a490c195c708700a48bbf447ee46f496e6e53ab5ece90d5bc1cb18638b53ceea289a1b5b482f0c8bb7fbaa735f6eee7d8bcdec75c8c4f09464b1de3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\clean.css

Filesize
702KB

MD5
4f3364af3e396f92a8826532bfb1a7e5

SHA1
7f7b613435ece78a358f2066287c2f2c3c6aa168

SHA256
45b9b77499356527e9047256db96a542a720bf075d67e9f6ba55d51fd562339e

SHA512
c022a28656483106095967ec4d57eb743d04f029406c2c553c9d19c103520e274c0eea19f411bdb7ae16f388211c456a413df5a0a6097036deb0010573d49c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\common.css

Filesize
2KB

MD5
1265d497504870d225452b3309b0e06b

SHA1
29a3b783e6f2f2cd3f6d08833b83c7848f8e3450

SHA256
4273a5d4ef990dead6cabe760c27b25f7fcf8a51177f1b31813ad8866a565330

SHA512
9aa8b24e800a619651699c193a7747b8673a3cd4f8a5d3b16ee35f5ef6161f953a904631b97d118339332a3d2c7292c910802f6e1518db18d48fab5e9eb91681

Download Submit
C:\Users\Admin\AppData\Local\Temp\{59983905-2854-4398-A298-FC516335E89D}\main.css

Filesize
16KB

MD5
ee23e36c90c9fccd530504285d371ac3

SHA1
7a4e24d18ec723d38cd922e3845ff290f0299e15

SHA256
32616e0764c80efb4607a0dccfec7cf7862886c4ae80e6405dc3cc5c62cd0f82

SHA512
542937075a96f6afb8170c6f41915efeec5e067803606c2a26d29e6c990d93a255ad8cea18600cd0825a0c91ff935d057870a1724062543a8e2bc09c4041b375

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\content.css

Filesize
16KB

MD5
edacde36ff06bd26f1907ae092eac998

SHA1
c25e9052ee5b28ec28e2eceee40217302bf2caae

SHA256
257634b6fa84dce998b31d6497330f0a0661efbd270f58289fbe026ed95b6f2c

SHA512
7e8d48e71a51659ea52dccc2d7c542580c9ea1953ec9ca2ad77d3c0926c5bc77167f85121fab2dcb7fd4d6d2f04edbd90815b76979d3269994cf662fadc357e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\content.html

Filesize
6KB

MD5
60e80c05a9d6aa602626fec33cd99e3c

SHA1
7aeaac92d57fbabe5da2c923eb0ad1bb22e647ab

SHA256
5bd6a4bc514b2e697a0f0e8b7b8c0be0af34a9e1c25a628b286a5cdf8e1837d3

SHA512
838de7045b1ee4542d4145276b3fef5ba60dc10ed0066266bebb3e44c5485005d33dceaefb1cf3fd1fd1bc7364622bb85630957a243464c4c738a415b30adf7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\content.js

Filesize
36KB

MD5
d5e6dacf9aa3069e9241780cbc82d50d

SHA1
1b510f2e06b363b4b138afc409a811254f976dca

SHA256
4c3f64961a872731185c0db4d155c9db73f7885ec4596f15098857c5e1fe91f4

SHA512
a3485cd865098e0b6bad5b03936d8ca233eef42ae88f40d660e40a95cf8da1edc4788402c21cfce3eaf7084fadb35d121b1074e0e30adea4c01338aa1a327f39

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\adobelogo.svg

Filesize
749B

MD5
e7b1717b9eba236b9c12be7a980b5b40

SHA1
f1baa3f41ffa5dfff320b7e289964cec54f19a99

SHA256
2a48e8db0f3991de1088936f56c583fe615fae4b9e14f4ebe2b33d29138088f3

SHA512
9c8debe604372ac1fe3945579ee843f13df6f8d40f2c402590743009b39c5f80e859830fc422d7f8d447c4e30f1198584850de657facfaa2b84955d386563b88

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\alert.svg

Filesize
958B

MD5
332816d7725fc31725b678cff1cb6dcc

SHA1
876f938efb86c1bb1733b47ec279335de97576da

SHA256
8b5469642507c00b9130bf7ed17a1e4d221e2a93dfd4d2972163650c4e94d714

SHA512
5c4a678892b1a550a0c85e77f75c8b56febbfcd92c658dab198197ed17d7fad04d7b65f8adc17e095895366bf933421cae30e430e136870d3e02e9f89d115775

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\appIcon.png

Filesize
2KB

MD5
26e9b0fe7397d9c072da92fcf6951b11

SHA1
4ee24ef82e7ee4fcc980e3caeca90b6e0d99b59f

SHA256
e4c2314a50cf372465c97d955645455ccad1911eed45ff2c2de5a310316ab15e

SHA512
782b380a45eb82aeb69ae07938b9c0f211525fac4718c30b96c28d546a93be1cf000714df2375596cb6d237f3b3cc84f304fca73a732a7e044864ea329013425

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\cancelButton.png

Filesize
295B

MD5
7ae9fb845b9137ef10002fe9d0f5c643

SHA1
9f3fa2b29b1b40e1b6794e5d624524de297a8b59

SHA256
e9e5fc264337bf6845b2cf2720ddcde8936cb120328087917bf94c5911edd74a

SHA512
4420cdfbc47d2ac804f1c05840e4113b098ffc71e95e11ffe8f95342f5a75dc0f35fe8012984b0d645f1310b524f66069ae0c0fe053e0d601d39aded321c15cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\ccIcon.png

Filesize
550B

MD5
8d2c84506f3f48a810eb7232dc000d6f

SHA1
f4a238c1f7c02c7c907368b939efba7512c6be5a

SHA256
c4620bc8b293dd89db628d2002ef9fe02055e2d1cff1f07e18a3e2e4942ab7f1

SHA512
0fcca755a410c7ef4e6f056b7267aaf23d5063dd8230528fc3765ed1e3d12042c930f999a54498e754fcb3565df17636d7a5de2e95e142ae139d17a744ec93a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\ccIconDark.png

Filesize
654B

MD5
13b5f5e052334e0ad6d31845fc859e3d

SHA1
b71022382904d194a5d8f5cb3b1d0dd92e254b16

SHA256
87fd64c46642058fb6d7ae4ab2c71ba5df7ce12ffb8b9383edc7bb7a673f0306

SHA512
79e77ef0cc83c24d3d0f04a2340e248a8dd11469f43740b6453913648cf2c3c5592053dd4a5a34c81f3ffdfdd0fddc5953454ee0d44d3ac946b2ddbe17ada584

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\checkEmpty.png

Filesize
167B

MD5
d13cecc413374c4ddc22a9edacde8a11

SHA1
981295dd1f713584591716a6e753346b8a89215a

SHA256
b9c9ae215daf1bb5b6692f527375207aedc138891947e5f6c1c6b549c2ebf39a

SHA512
a717e64430a4680d09c555183c69705998fbec4cb8aa41ac6ad10df9fbd4f4e2243548689f12695760d5b191ed62a38a92558bc88a730004d7119dbe017c6241

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\checkFull.png

Filesize
317B

MD5
9f7974bbcc96f12769c1856045eb7bc7

SHA1
fa0b9b9d709718839ea525ab838260a4e124fb1d

SHA256
e7fcff2549114496e8141f46a7606f740bbadf22c9ad818c40d9ff9b9ea12198

SHA512
bc38c23791a8ad4e596e921bc5e391d39bea998434915d5c25b1b37015a089fe91ce9510774c48fbc91e52400c5843897a5780aa1c2cf5c8b73d3f89a2aa0856

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\dropdown.png

Filesize
224B

MD5
ee8599707751befddb2b94bc79525c15

SHA1
e118b48e25fe42d933377b03fb5a9a710e1c5caa

SHA256
c1f6844923f7c311d996d81eed6d8e769d52df6d95c898187d92997abbb2770b

SHA512
cdce6d59c807dd1d2b13af39e2fe078b0c0ad51b021dc30373e18bde2a807449051f3f9084afa15b2f6d943169c1bc246c7dbe6e965ddacacb961f67269fb548

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\dropdown.svg

Filesize
289B

MD5
4585f70294e7b625dcd1ea8c585067a5

SHA1
11c92ae523b0c588c5469814b0c3c7778cb3f133

SHA256
7e58a1cce147df03605a92ffda1b88ca26005c09d1eb9ae56f37accdebbfe348

SHA512
deb1ce83d9bdff93eff950ed267076e5e8a7bb43cd2dde28561c3d07f68094a9c99df594bf2fdcb38fddf9656cd51475108ad1b29f8c9d4bf197e6da5a093b03

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\errorIcon.png

Filesize
466B

MD5
7978536150734ceffaf0720837e8b302

SHA1
7c11361af6e41d00beffaf4ef9e677506b32164d

SHA256
5d10637927b7a623428560eaf18fb8eaf439cd8731199c3b4d251b9846841183

SHA512
da5bb4329783ba623e12d3dc50b2c080e8ac2aff4d4f25dc3e1d84561fd9b40b158570b98dd24618762562674fc1b7d10e081677f214ec859ecc5d0b477db0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\folder-open.svg

Filesize
602B

MD5
3530c5040ac9af92cd0a7d347f764593

SHA1
b815ef3654ec2c677e8f8f68d8527b6d8142b4e9

SHA256
daf26ad61aee6152cf7c0e8f2d3936d0c220de2a3c329e6ce0fcc007cb64ca51

SHA512
0ce187a12445054e270337b6bdd6b035e8fadb3b0a4e8c822833c12431bb520340fa509ab3e1df564cbf67700b9ba78ee246689267878d386e88f709d10c1fbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\productIcon.png

Filesize
2KB

MD5
c798f5f4b98fd335a77e600ce21e32dc

SHA1
3db71eb6d87c8a4fcc6fded25d420cf7ea79231d

SHA256
9b249680adc23b858b08a62ea83fd8373e3480ff6f9120195314897c6e5f2cea

SHA512
f74351c5a9535920a81ee42f8caf82bb0c97664b6928f921b4bc74cc446ee61884b1620bce5e57abd6e1a3311d6f70c1f66c459ee4531cbf0197093feadd29b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\spinner.gif

Filesize
18KB

MD5
7699a4c54b1f5515a64e93fe3f801321

SHA1
2e51f7e1a331d921eaf15bd7dc9721a742984d47

SHA256
9146e2390273ac868609dac1be7f1a0458b7d4f7ecdfe1eaec107b3211f33aa2

SHA512
4810abfecc92866145a22f73639264574958d6db1157da0b6ff0472c14d8171ffc633fc6ba04843fcfd617ce4f0c19633475d2501ace48f8ee34ec8fa6fded87

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A5E52338-0F44-4171-B2A4-F2C439EC3B32}\images\transparent.gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BEC68F5B-2B47-4F40-9260-3F02B7393FFF}\common.js

Filesize
2KB

MD5
d98f70ffd105672292755a37f173c2ec

SHA1
c0154add295ac052f234a0282a62b704cdd01998

SHA256
257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3

SHA512
1909cc7e4da0949a469852240be2205209968b18b99f7d967bc0231de33d03c7cbaa9578972e30e95e6d7017aebf9cd70a55ba22cdc9d5774d2a237d3eb0971b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BEC68F5B-2B47-4F40-9260-3F02B7393FFF}\images\appIcon.png

Filesize
1KB

MD5
3f64a3ca874844f34f9c453dc93f6015

SHA1
110d915aa2d8b7dec32f4878a45e7f73a4e1c8ab

SHA256
e6650fd88880140cd30b8881574390a4873e33d02f6a5f78a6d181a0d3afd0cc

SHA512
9f8d93524e81e3556f2b88d90d285f6f1eadaf5ff5313f8a431b350d89f65fec3525a8cfd2ca4935916f593d11c6873f21f2e81acf9e2bac52fdd39c0279cd55

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BEC68F5B-2B47-4F40-9260-3F02B7393FFF}\images\appIcon2x.png

Filesize
3KB

MD5
ad561c76018a19b444a057498c69f62d

SHA1
c1960644cada63062124db24b9d230bd15b03a12

SHA256
db563de668beb2dd2002d4107ba8a24273dbaef8c484ca67f673517386b0e392

SHA512
abed95166c13850d497651f0c67e5c081c390ab63c5f187938d3d72862c08509c9295344a21730919b07c17d0882cc27fbf2473297b69b83554e30a972f737ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BEC68F5B-2B47-4F40-9260-3F02B7393FFF}\lib\jquery.custom-scrollbar.min.js

Filesize
14KB

MD5
ab3adf4aff09a1c562a29db05795c8ab

SHA1
f6c3f470aea0678945cb889f518a0e9a5ce44342

SHA256
d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b

SHA512
44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BEC68F5B-2B47-4F40-9260-3F02B7393FFF}\lib\jquery.placeholder.min.js

Filesize
3KB

MD5
e13f16e89fff39422bbb2cb08a015d30

SHA1
e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9

SHA256
24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe

SHA512
aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BEC68F5B-2B47-4F40-9260-3F02B7393FFF}\main.html

Filesize
8KB

MD5
f4b7942d6563727bd614f10da0f38445

SHA1
84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9

SHA256
e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc

SHA512
f79b24ac78863a4ed87d41f37b2a5bc27017ebc5317f0a305d676090a16aee8a61384b476e7e9a68a024aa8da4784c1bd4f118766caf4450ec97af430e7074af

Download Submit
C:\Users\Admin\AppData\Local\Temp\{BEC68F5B-2B47-4F40-9260-3F02B7393FFF}\main.js

Filesize
58KB

MD5
a8f9eb478c7512c98ca1ad46dbcc298a

SHA1
454226dc42b911caafc9a1e56d8ad0000bbb7643

SHA256
1df6cbdc80c1df47d93d6e7516a2d7017362413a6b9d93634e143856695c3645

SHA512
ae3198cc6ae739f3009359988f5c090664e5fe8422ad1cf739fe316e66f344c10385d1f841c7b0e3ca9f7997c79d95fa0559386b6dec10641ceb8c290b14f5b3

Download Submit
C:\Users\Admin\Downloads\Adobe After Effects 2024 (v24.5.0.052).rar:Zone.Identifier

Filesize
186B

MD5
45b4fb9eac939583a552233ffaa4a9de

SHA1
531f9a6cbcd2074d8415248afe633dccd10980b5

SHA256
14bc8b24a6c1fd6587d2defa9feb89601afc295c6c4f16080f4a1c4167872a7f

SHA512
4dd97755ff8dbb5690fa64cd81bf8639960438d7e1148772e58a9d8b35300e7e6448c473368ee3a63b33dda20776da2efa8c8efb5e04cf01b1d3e15cfc69acdf

Download Submit
\Device\CdRom1\autoplay.exe

Filesize
185KB

MD5
76ef16e94f77454aaffdfa4c700be85f

SHA1
9b45b3826706337a11e43248095fb2c62e42d14d

SHA256
3b9dabd99dc58a5242616cb6d1d876bca3046119a9b150c7d7868bf02202ea82

SHA512
4185cf9393877fd6d80ecfb7290c10d40a62fc7013d175e5fc91df56870500ea33b518e4f55b4e7d8a7865d3f7707fb5f49f621d5d944bb1edffda4734f99d53

Download Submit