3e091df4051e6b0859c2142a0869a415e5968c20edb5e9a60fcd077f7b61be19

Resubmissions

01-04-2023 11:40

230401-nta8kshg65 10

01-04-2023 11:34

230401-npeefabb6w 7

Analysis

max time kernel
368s
max time network
386s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01-04-2023 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Roblox Evon Exploit V4_80175.exe
Size

8.7MB
MD5

98194b1fd3ceea50438976b40ea59d05
SHA1

ed918fbb5765aa91e5c9d2c492ec00667478ac35
SHA256

3e091df4051e6b0859c2142a0869a415e5968c20edb5e9a60fcd077f7b61be19
SHA512

9587acb23ee51e4743c5399b78b64f2a0e87e2413cd56e220df8c08ebe0f352ac0ca83c1826f09718876a6248057e9cbac0f38ee725de83b4ca7de4f805f30bf
SSDEEP

196608:wu6nOE62LOa8ewFCrqNeuUG59Fa9FVDNWXVkHo/ly:MOb2C6wFCrqNZ529PDNs2Ho/k

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

setup80175.exeGenericSetup.exeFree YouTube Downloader.exeBox.exe

pid process

2588 setup80175.exe
2204 GenericSetup.exe
4396 Free YouTube Downloader.exe
4116 Box.exe

pid	process
2588	setup80175.exe
2204	GenericSetup.exe
4396	Free YouTube Downloader.exe
4116	Box.exe

Loads dropped DLL 15 IoCs

Processes:

GenericSetup.exe

pid	process
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Endermanch@FreeYoutubeDownloader.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	Endermanch@FreeYoutubeDownloader.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	Endermanch@FreeYoutubeDownloader.exe

Checks for any installed AV software in registry 1 TTPs 8 IoCs

Security Software Discovery

T1063

Processes:

GenericSetup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	GenericSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	GenericSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

Endermanch@MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 Endermanch@MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	Endermanch@MEMZ.exe

Drops file in Windows directory 13 IoCs

Processes:

MicrosoftEdge.exetaskmgr.exeEndermanch@FreeYoutubeDownloader.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	taskmgr.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	Endermanch@FreeYoutubeDownloader.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	Endermanch@FreeYoutubeDownloader.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	Endermanch@FreeYoutubeDownloader.exe
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	Endermanch@FreeYoutubeDownloader.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

2476 3500 WerFault.exe YouAreAnIdiot.exe
4652 516 WerFault.exe YouAreAnIdiot.exe

pid	pid_target	process	target process
2476	3500	WerFault.exe	YouAreAnIdiot.exe
4652	516	WerFault.exe	YouAreAnIdiot.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

MicrosoftEdgeCP.exebrowser_broker.exeMicrosoftEdge.exebrowser_broker.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133248301106911715"	chrome.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 02f2d179a064d901	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = cee4966fa064d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OpenSearch	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListFirstRun = "3"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\JumpListInPrivateBrowsingAllowed = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = 84a3779c5945d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{BF1EE87C-513C-437E-81C7-391BEFB5F874} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\InternetRegistry	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\FontSize = "3"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\MigrationTime = 84a3779c5945d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedHeight = "600"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-640001698-3754512395-3275565439-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

GenericSetup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	GenericSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d42000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	GenericSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd942000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	GenericSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	GenericSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	GenericSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	GenericSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	GenericSetup.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeGenericSetup.exechrome.exeEndermanch@MEMZ.exeEndermanch@MEMZ.exeEndermanch@MEMZ.exeEndermanch@MEMZ.exeEndermanch@MEMZ.exe

pid	process
1152	chrome.exe
1152	chrome.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
2204	GenericSetup.exe
3728	chrome.exe
3728	chrome.exe
4216	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
4216	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
4216	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
4216	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
4216	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
4216	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
4216	Endermanch@MEMZ.exe
4216	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe

Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid process

2252 MicrosoftEdgeCP.exe
2252 MicrosoftEdgeCP.exe
1952 MicrosoftEdgeCP.exe
1952 MicrosoftEdgeCP.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

1152 chrome.exe
1152 chrome.exe
1152 chrome.exe
1152 chrome.exe
1152 chrome.exe
1152 chrome.exe
1152 chrome.exe
1152 chrome.exe
1152 chrome.exe

pid	process
2252	MicrosoftEdgeCP.exe
2252	MicrosoftEdgeCP.exe
1952	MicrosoftEdgeCP.exe
1952	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

GenericSetup.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2204	GenericSetup.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exeFree YouTube Downloader.exeBox.exe

pid	process
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
4396	Free YouTube Downloader.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe
4116	Box.exe

Suspicious use of SendNotifyMessage 62 IoCs

Processes:

chrome.exeFree YouTube Downloader.exetaskmgr.exe

pid	process
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
4396	Free YouTube Downloader.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe

Suspicious use of SetWindowsHookEx 55 IoCs

Processes:

Roblox Evon Exploit V4_80175.exeGenericSetup.exeEndermanch@FreeYoutubeDownloader.exeEndermanch@MEMZ.exeEndermanch@MEMZ.exeEndermanch@MEMZ.exeEndermanch@MEMZ.exeEndermanch@MEMZ.exeEndermanch@MEMZ.exeEndermanch@MEMZ.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exe

pid	process
1324	Roblox Evon Exploit V4_80175.exe
1324	Roblox Evon Exploit V4_80175.exe
2204	GenericSetup.exe
916	Endermanch@FreeYoutubeDownloader.exe
68	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
4216	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
3556	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
1128	MicrosoftEdge.exe
2252	MicrosoftEdgeCP.exe
2252	MicrosoftEdgeCP.exe
992	MicrosoftEdge.exe
1952	MicrosoftEdgeCP.exe
1952	MicrosoftEdgeCP.exe
3928	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
3308	Endermanch@MEMZ.exe
3928	Endermanch@MEMZ.exe
4528	Endermanch@MEMZ.exe
2812	Endermanch@MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Roblox Evon Exploit V4_80175.exesetup80175.exechrome.exe

description	pid	process	target process
PID 1324 wrote to memory of 2588	1324	Roblox Evon Exploit V4_80175.exe	setup80175.exe
PID 1324 wrote to memory of 2588	1324	Roblox Evon Exploit V4_80175.exe	setup80175.exe
PID 1324 wrote to memory of 2588	1324	Roblox Evon Exploit V4_80175.exe	setup80175.exe
PID 2588 wrote to memory of 2204	2588	setup80175.exe	GenericSetup.exe
PID 2588 wrote to memory of 2204	2588	setup80175.exe	GenericSetup.exe
PID 2588 wrote to memory of 2204	2588	setup80175.exe	GenericSetup.exe
PID 1152 wrote to memory of 360	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 360	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 1176	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4484	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4484	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe
PID 1152 wrote to memory of 4980	1152	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4_80175.exe
"C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4_80175.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1324

C:\Users\Admin\AppData\Local\setup80175.exe
C:\Users\Admin\AppData\Local\setup80175.exe hhwnd=524406 hreturntoinstaller hextras=id:3edef7f19b9beb4-US-tHShP
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2588

C:\Users\Admin\AppData\Local\Temp\7zSC1A8B886\GenericSetup.exe
.\GenericSetup.exe hhwnd=524406 hreturntoinstaller hextras=id:3edef7f19b9beb4-US-tHShP
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd62069758,0x7ffd62069768,0x7ffd62069778
2⤵
PID:360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1792 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:4484

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1352 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:2
2⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:4980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:1
2⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:1
2⤵
PID:3344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4396 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:1
2⤵
PID:212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:3540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4852 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:1
2⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5044 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:1
2⤵
PID:4832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3320 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:1
2⤵
PID:3684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=948 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:1
2⤵
PID:3792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4644 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:1
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:4496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5016 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:4440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5156 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:1
2⤵
PID:296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5092 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:4596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:3996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1656 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:3292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=164 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=896 --field-trial-handle=1844,i,17415507077115132440,1120104075220795748,131072 /prefetch:8
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:972

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:656

C:\Users\Admin\AppData\Local\Temp\Temp1_FakeActivation.zip\Endermanch@FreeYoutubeDownloader.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_FakeActivation.zip\Endermanch@FreeYoutubeDownloader.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:916

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4396

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
3⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
PID:4116

C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe"
1⤵
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 1136
2⤵
- Program crash
PID:2476

C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_YouAreAnIdiot.zip\YouAreAnIdiot.exe"
1⤵
PID:516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 516 -s 1108
2⤵
- Program crash
PID:4652

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:68

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4528

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3308

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3928

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4216

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\Endermanch@MEMZ.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:3556

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:2592

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1128

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2796

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:1188

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2368

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:992

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1008

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of SendNotifyMessage
PID:4524

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4532

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4216

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Install Root Certificate

T1130

Credential Access

Discovery

Security Software Discovery

T1063

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
f38abed7c0362f77808f7e0c5aedc8df

SHA1
05a2c55fb82ad1d549eb808aad79afcad8d435e9

SHA256
8f39ee855dfc4b0a19406c5a3109222cf09fe1abf3a56577e8d0eb29fecc9c20

SHA512
61c03bb4556d0232eb0f2311cbe8391958e8cf7b5c7c111851ec30ea883881a4d853536d05a29e2c19bacda9a4f34434279af7548bde15b9cb2850170e9b0b78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
1KB

MD5
b6f26e04f86e4b1d4e2def7a28500064

SHA1
9209c2f1e0693ad71111fbe48f540503658cd7fd

SHA256
51cdbefe064909d87a8e1d4acce253c710ac15c670f49f389fd083c57b49de20

SHA512
45f95d822ff7303badb5b3dd4c6a89480c17887fb1d61fdcdc71c0e9723fc598248eb41e34f12ab23e735d3441a21ad295a408a3367c9b59bea6782732a39d44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
ebc2029c7375fc26de21c6e353f605b5

SHA1
c55344d7dcadbc86ddcd9d515f998a6f25018cd6

SHA256
e974735a003d6892c3815b5a0897358b74431e0e49a370d51777adc85474376f

SHA512
8438b8f73c8e17222c42952f24fa03cf762766f071da7473b6247902e79a447a8839d4489e5642b753f4e93dcf975f494dfc5ffd3cd1afc38ff8639afa4c1537

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27
Filesize
438B

MD5
68c2224340578de7ab5d9c43deb4cc0e

SHA1
bbd66506b647e0df000fcfe3070cdd12691a7d58

SHA256
0cce61e5b22ba7728c1926b4316abc0947be73fd947d1cf914cd63da89883072

SHA512
444da276312135dc945e5acfdee439c29a188e376d3f448584a9f7be0e9845578646a75b29586bb49c676c34761cd5e642a30baf492d76f22c07e52f9cac0aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\38de9fca-d29b-44fa-a9ed-44f82c0d8bba.tmp
Filesize
6KB

MD5
d126ca9be81dc2924e3a3530451a2ccc

SHA1
102b8261ee4c67c8b517be405768d81c0b1aa0e8

SHA256
df727c468962142295381ac6e4f897c90d4beec5fba5b158a003e2f52d45535a

SHA512
ec1dc2f45ffe6e91a682b1ef0e82b00d61c26715e209561dfb7e3ca9f70b505de64e2d4b62704bf82c2bd615dea3ddca1fd86534267844fbf465c8f58945cb6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
296KB

MD5
330872f1e1b2fb999ed13cc141601ac5

SHA1
6a9d1faec53ab604cd348a19c671360ec1be48c6

SHA256
ffbf9b787c37b2abf76bc0951e0a18909473f9fa166a42b5343014f20178ddab

SHA512
63a233f7558cf30bf2d6eecb49222cf6ecd15e03f4ded97b4478379ee1e6480a3cf52645a275b5cd42c73f48c787dbacd875213f596c8985df50d0e0a1956c18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
68KB

MD5
1fcd4f7f4371725b0a26e96f10a89bea

SHA1
a79193584f2a3e6f74257774e73b37ff24be8849

SHA256
72fa10e25f7f538921f10546949863ff3c5cf24474b3dee2ce3741b128064380

SHA512
4c8b09de6754868b53781cedf0811386a00f7c0c6b37f5cb739a56367b677881b9a21103b739e161fb3efc2d4b10b3cff9193d1cd229ee783df3122880fab06e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000029
Filesize
50KB

MD5
40333c9d07daab8ba8a53f73ee3f974e

SHA1
36c2b17a7c48fc28036534f445b79fca9658f0a4

SHA256
998313664fbeab2403238a77e6c50a4541d20805b30533f67de1a12c624fee54

SHA512
4a893bf97a02f88a3ea7830b5f72eb56295566a2c6ceafa33fd80f74f81edadbb4172f71c0e12e4a06b1e927f9d7b0cc62c5ba070cd50f3f25c8b670a1270de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
c364493b099d9b06bf2a7ae81d35d230

SHA1
9f6586143ccce28ea63371ea7e7425c89563f6c8

SHA256
3fe45064a76a9ee2d946d35ed472eab62f27c7431a34a348e92b3a6eca5b3248

SHA512
e9bc3cc30de3473cd31928b95fb4bffa085a92727a1b75f5937b622a240355ada93e390974ca09ffb0cc67d6bbacc8ce7f24264a678e1e6b5be6687e79557170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
f77e1947758dd9628f62a62d49aa348a

SHA1
5334e24528fb695b22481aca9ac21b089c3c55ec

SHA256
6b096a36322d732e928e6ffd8c668fb8137e55ee30847b77244d9d3406ad5248

SHA512
b4621a1dd92d9314d36ad265afdbe66226d14c00f8d5b760d4b425f1aea4e9cc5a5400f6eb35ab8c83fe47815bb9d4f590d4d51c0422b5e125cea60f30e50d33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
0388962cf14bf72380cfcb88b699ac89

SHA1
31726901afe41e2039401dda1c4d6dc042c72902

SHA256
43558c97c6801dbd5c3d789711eb0ba6c4befefd5c6508f644722780c98e56b0

SHA512
4df4f098070d0564671f0a5ca830798ffab24b3d2c0125c64e457c2a447569218c5427abad4a70bde983a14f17944b9f9c5e6c406eadb08d299d5e24e1dab04a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
2281c8c05834aa12451591d8b9ca2b52

SHA1
5e6df62d84cae1ab5a3aa6ba96d0ca9da88ddf34

SHA256
033e8f3e789752fac4fef1e86498d69ba5fcb1b8d9a37b91f6df1b4fadb6e70b

SHA512
ccf2b700fa3244078ee23c39ee3b55adebfdee1f47d53753c789582b2e432a8660589f72fc1cf75b410615a64b79b0e57b0301fa48badf21e5bd7cd0e2027a8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
0e040fc8600b955a4ba9890d82727000

SHA1
ff2165f70af735a9ec20618ffb33409ac6255764

SHA256
df0a07d8f43d6c900996cd4471fe6ea4be1a8dd319ebaeaac13653c2b22d4bdf

SHA512
d043c8c848ac6555c4dc263adf35e5c5f13ed55e9e7f8d0de5cd2bd47657404f7cb8ef4e7df324f077f99b5fec51166174bfc324280718bc077ed5e4c3ece6b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
5f9340c548e9f997d5dd8f6b36d12875

SHA1
d7efd0582e4f04f61d2b7ecc954356b1de26a6b2

SHA256
2d2a85482db7c0c6e0e7eb47e0201191e5fc3f62c1cedf0ce27a176a9858087b

SHA512
054e92efa2838fc83b5fcd33fffd9af53b87cc46e04018b3265bca4e119d18734d16d3b5df44579614ca37dd54d1f5702170553579ac07c13ce0775a2d27f0f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
8b84b821dceef644be749680adbadf53

SHA1
306431b0313eec18ceceb1aed6a5447caaced521

SHA256
e8e396f7b1d442365f49e677dc20e84611d0eba0e1072671fb9d9ad1179cb520

SHA512
455b60015542afd439c04839775e69986a844b9f6079592719b91d12cb32bfd14fa8269935683ac430f25e4f81b56d8aee3ebcf814bd6fd6acf5e1b255484cc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
499e91440abd7ece390e3f923cc048f3

SHA1
cf37c1473a822e2d95a4d00de2a74ae672a0cb0e

SHA256
9039fc070d174004b659d98a1e1ac9ce2140341a0d6d42991b8350069783eb42

SHA512
957f359ac71355d14a74dbb04554e75b04eec045607249ed5bd0b885983d8394376eb49b0126c0169c19cedccbc44a53a1792c8335d7270398d37f1256e74570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
fad5b9f3fcc2ac684e0a68a580ee0015

SHA1
0ccf2f0638868e509041b9fb1fdae13f6680463c

SHA256
65b4a22f8b5a6a8c3782e1b0ea2ec4262570ecd1b6c622954222793ac6f89984

SHA512
ba6f4f053b639d064a79fe863524698fa53fd8ca1763d3702fcc7f6e761e9ade3a0c9d85c33f3b332d225093f0c1144f82fe130b28dd0095a334924dc7d7554c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
1a3dfb542616bf71941abc3be312112d

SHA1
88b8eec9f72cc6b212f56e5f16af56cea37542ef

SHA256
f86c1590eca1faaf3f344391422822eb01be89fbeb299eb5fa6c11f430061256

SHA512
22e1eaef12bf31f9ac0172cf5f1c5e32b4ee95a546412017411130628795f2127226f3732a92da7d9ca37210873a5969786a83e1c6042d6e5fc1f5ebf235a1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
7fc5150a84ae05cd9808adac12db4c4f

SHA1
5f801cdb5ac7a7b125a07c9dc382b04d91853366

SHA256
f1699f4012c7a4934b620c0d9dfd51db9c0d19edc198b24239de41fb6957c4f8

SHA512
d2673f248a8eb91e3258ef092de241a3e7f53f66164ca3ef960ef977f3579f00ce4f3854583ac14b8d51d317fda01468ea04f7c366d8ce028aeae26422130081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9bc9a3a96dee90defdd57d30c6c036cc

SHA1
ea233fc1c272b94ab2e2c33b1a7396d95153f318

SHA256
6d4fd5a5047a56dfac9342ee9baea7450853373b58185f3d4ed570e654208ed6

SHA512
4cb84baa6d6b2c4967eb1ea00404308acec1e64ae1685ebd9902cd247c7e1bbc908d0c15bad1c33cd775a1a80e8e795e3d941ae6a7acb032a11ce41ac4463820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
7c1415970ba27b3382c9c76da17bbdff

SHA1
c0ea4e438b777913a381aae1d3b0b27f52b908d7

SHA256
be18e23c16a4908365f8a328b6c86f1146be9eeb54c7015a4ce9182a303acefe

SHA512
303a6d2b8718c593aba83327147b4f6c99312098d4f29f9429dd59b7b9da289538466e3176dc81bd76ec179be6fff6026153f4c5ee6186633266b94c83095a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
12b01b51ceaff8ad4a6c9fe882ecc5b8

SHA1
9279aee8a77da72b5d95dfd7d004b5ca9afa4349

SHA256
e7cb8a029a906639100d241a191c399deb3083d49b5bcd578d62357226e80bcb

SHA512
b3bdb440a97455f65c4b138932be30a4aa2cc8fc83ebeda983ff6568cb5cb9b1f303b8e365f3cc9dfe13cb3c0cec31f7027c6563f3f9ede6858d5478dfd57915

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d9fcdfc4f82f15d316205359066d1b99

SHA1
d9028de4eb113ed96419d7f4fa835b7f80463a3b

SHA256
8319e5a1d3d364efd25ae5b12a72119b99721e4301f9343d1e0982dbd9899279

SHA512
84646162dde99fc130eb2e759daa0d86d792d3f66fbf585f338f1b2a7f146c0db95b551a14520ce337d10198dea1e57b224edda28ef432f6125bf6acddda0ac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
5bcc37aec8d89ac04ba018071d7fd5a1

SHA1
5012ed8029ddd4d30e566e9e6710d11571f7a859

SHA256
69161d54dc7b008176b5193ff1f50a0f8a7a648d2ac7200aadcbfee2b159f2b2

SHA512
f5b8ec2512c2f45a0774d94349cde6c0f79611eee5f84f411f91aa8f010f0892ef32d83a65384ccd30838505ba7b2aefcfcd64926dde94808a06aabeed414143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
11b91e325a59ddae21b6271e54fbd9d4

SHA1
62b05e661d1423f74ad77f5d0b168252b8392595

SHA256
05a97b44f574ef2bc62cd413b8473c74db7700dd3736bd6b70e7b3c2f8bc0ccd

SHA512
ac0b9a205e97ab34632b51f8f84b342d1fc349cdaf3d8cac778573d0ce91a1ac306660ed349fdc71835d66c9f9ae3e0195298a776d4c850fb48e8899ac37347c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
15f43af8e4010841066be30814ec7229

SHA1
762207003652fc6ffad3c696e19de8027aba23f6

SHA256
b2f825b7a8c4916017d5b1c31317bf95ce6083d1d3d84b9d759da710f35fe674

SHA512
f8366abc99ebad6ed2246ba90a1fccf4c74ba7295a04e52fa62e35eb485a221a9712e9b59a640311a921f13139a9e436485c00e06e16bf23a58ca467dfb87c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
15d352643007ef588585232a62b56852

SHA1
bc1a9b5cf6273e4ee4ef49952353b8f5c7f83be7

SHA256
0f1944a997113ffdd5d726b5fb41412f18e36b4c6d8a4ccf0436a64556728f42

SHA512
3089c9ccb5fc35d390911e7c8a4ff73f18deee7d988b506c7ea366156d11bf5c5aeac66755a60b6a994b788649a7602d2b1e3db198fef93f017be92a4fc069b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3ba02fc8221e5f37107d32ee19f51eb1

SHA1
c91f055ebf1809a615ce1e65c47dee1004622c91

SHA256
09494d7f2672fc7817b8728a902bfc8c5ba043c16b959d4575f30b5231da7d1b

SHA512
62b60f95f1076ed178416777db95cfee3a85758abde558702a42a7f52b6a3fbfc445bfaf593fd697ba20db3c1e88888e85a2f768fee6c698c2356161f3a174c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
872be53e3a78027829052a0b41f2afab

SHA1
0c91878051dc2ae28960da530c88d2fc915c9f5d

SHA256
a257b4e431f39c118f24282ba576abf50afb396f5969dc16ab5329b95cc124f1

SHA512
6c9488b35749bf02b6fb414557fda640d8091c05dae517934d5b182910114e05bc3ad3b18864993bcb5f36811305902472ef0f63b5531571a4981518ac184977

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
848fe70200740210dfbabaf436cc3e39

SHA1
4ed483fb4a49c84cf860903b682f56166caf2c52

SHA256
6bcfdd570f3bced8b9d5361c41d657f3dbeac3e34b9046b695ddd74a4faa3378

SHA512
3542494882f52be46b207999ef06bfc112a77cceb3bdcba8a94f7b23818e3d5d05e3f5aefee41392587973561341eac409a9fc28bfa238835e8af95764544dac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
f277d0c07e38e714271d0e36301b871d

SHA1
09405a9b32d673a6137484e1acc875096c0a7900

SHA256
a12a611d4dc65f7e06085e1b033f9da68909b7b971ea8240370161806c521f46

SHA512
c98b123c7b989ebf5a7e866c2572f01ac2ba6501ebc5895a50cc5f7ef9999b4f825af79f53527a09cea680f6bf9c825d4b670cce7ef2ddd8dfa9bf58990fa27a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
02ebfc6bbed39b4c9f29082600a51987

SHA1
c6a9bfeb05850b0a86d995d7a8f5fb9b9a5d4f7f

SHA256
762d5bf365e504faeaa83938dd6fd762e48a32e3fe5c63ae2f22885411839535

SHA512
4066d3c049212920a61aa91b7ea41903d31e0543cfa26f1e0c96307bc8d1c6407a99fb4b755e9768e942a5238890797c468e9508e541113ee1d58a84a88b9c24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe570ef4.TMP
Filesize
120B

MD5
bb03dd76ec8edff0879dc036946c8fb8

SHA1
fcdcba5dd0c11e5e0f2fef24036e389175803733

SHA256
608e9de2a50cfb73b5860ab92d1eebc116fd575d2db4f75b8bd4177eeea6bc16

SHA512
5e2c15dbb85bf2becab717ce36bbb5b0f588bec5bced496ffc44b52908b8816a3a211ba1f98ff2499e1da11d5f90ddd08ce6e0f45582aa38fa6d2549e114c4c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
4d9b96b100ef9fdafbd4dfa16247905c

SHA1
d52a4b7f81900bc4be94a6e60ceb483212c025bf

SHA256
7ceca7819b1ad6d5b3a8e6db9cd9466bc23176fb0581e45a027c36208fe3d4d7

SHA512
f5c6dfb0ec93aae695607b86f77503147475f3692ab12d3a6d56a623bbda2b7eb0afd26e632f263e6bb8f4d62b085264e1ab924f9e81eec2068e949bb40ec107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
0c5d77ee36e84f7d1d78e0e5ed949086

SHA1
74952f5aede7881899a486a69a8f0072c47b93a5

SHA256
0e847d25e4693d18c880f57968021d2b1573de0f57263adf3a14830aa73da6fa

SHA512
f8dbd2f038b5758cd3058bb8781434eb5585fe642b732e4451f2f2729fdd2f4b4aff86297571c725b9699b6e41745858dc71e2e1b1a9ee67de8da770696f49b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58625f.TMP
Filesize
93KB

MD5
cc3bf89e954cbd256595c31c52c107f6

SHA1
a47f907ceec7cfb2e3551f6553b7c362d95b9639

SHA256
d4b5c2e5c4653f81e3e8c4a53fa0c8ddb749016c2fea19933739209fad3e966a

SHA512
09135bb154080169cf6aa57d5f354c229e3f5fc5d4eaf778975771f80087f0cd0ea966355fd8431f81c69acfa2e83d9497a6390a153f1a2db57350d27bfc32df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PPSURV8S\favicon[1].ico
Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
Filesize
512KB

MD5
221f7aa58b6eb46536b2f94c1639f306

SHA1
5d8f4e90dcb05569baa30f83bc8547265a5a11e1

SHA256
730e33b47129554761825bb6f2957adfe00c89ce47ec9a6250e2d71d8af979e9

SHA512
a846c462021876ad47769907fa08691797a6c8258386aad5f494e02bd6086b95376daf9f0b77c40a20562af18322c85e8f878dcebeade66c773e03c05c88d0ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
Filesize
8KB

MD5
fa87e7a893829d4c93fa97fb36c41f57

SHA1
87100290df084646004a393e57330b062554b5c2

SHA256
871799d55b608e1d5068dd3901cd19e3deee3441d11d81fefd06a032ee5f4322

SHA512
a5b1ae512e07c8ba99a287a96f31bb541063d127c766b77ef3ad2b7e42a54519dee8ab1ce7794ba2d47028630e53680be53e0d23b6b99292b2b15a72c9ac8d59

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
Filesize
2.0MB

MD5
692081ccf56de03103104ceb57894071

SHA1
ea5e3c1964871b629e027916ab875c98d15f4725

SHA256
2541ea2fef93ebacb5328ea53e6c7b2024c924a1bda14789e5d09331acb63cdf

SHA512
8c2ebd802d24ec463bc85add001d1d4a79d568df1ebed05b7cc35e46961fc57ea5825dea9a8ddf9b4f0fdca3c5ce3e09eb4d51c4ab7c797a321893ae59b08898

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.pri
Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC1A8B886\GenericSetup.LastScreen.dll
Filesize
31KB

MD5
3319432d3a694a481f5672fa9eb743d0

SHA1
99bff8f4941eb3cee3e0a7cb86b89eda1df07bf9

SHA256
768b4eb487e2dc8bcb8ec6221734ca69dce7f522d7640cc2a547f95296509693

SHA512
7f2a1c6c8d9d135b9e00e04f715c9b6b8ba12cb317f7b78ee3efbe3e426a99afce022306eb5bf02fe51c13857d3943b2b009b10b9cc96683e6bcbca1f9045c7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC1A8B886\GenericSetup.dll
Filesize
6.8MB

MD5
4d65e6eb25db2ce61f4a7a48d9f6082a

SHA1
130abbae19f227b0ef4f278e90398b3b3c7c2eff

SHA256
1e2e26d769d69f6b06cad2f2fec81a125e4f3d14aee969357784fb533d80b89a

SHA512
b0842b4fc07dd332c53f56f1337b32064dad7a15663397655b73061bf3d61b44ecdd47ed626b92e69383cfaa41a9c70d4a18ece79fdbab2daf1d06adb1be4bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC1A8B886\GenericSetup.exe
Filesize
25KB

MD5
85b0a721491803f8f0208a1856241562

SHA1
90beb8d419b83bd76924826725a14c03b3e6533f

SHA256
18be33f7c9f28b0a514f3f40983f452f476470691b1be4f2aba5ba5e06c6a345

SHA512
8ff86e4b4d9cb5e2e88826a822457cb863262e3b73645c0c3309f13fb496997e53005ebe1825c6f92463c6642ec9abc6bbe359b35410b0621649b8d3aaf66c71

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC1A8B886\GenericSetup.exe
Filesize
25KB

MD5
85b0a721491803f8f0208a1856241562

SHA1
90beb8d419b83bd76924826725a14c03b3e6533f

SHA256
18be33f7c9f28b0a514f3f40983f452f476470691b1be4f2aba5ba5e06c6a345

SHA512
8ff86e4b4d9cb5e2e88826a822457cb863262e3b73645c0c3309f13fb496997e53005ebe1825c6f92463c6642ec9abc6bbe359b35410b0621649b8d3aaf66c71

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC1A8B886\GenericSetup.exe.config
Filesize
814B

MD5
fd63ee3928edd99afc5bdf17e4f1e7b6

SHA1
1b40433b064215ea6c001332c2ffa093b1177875

SHA256
2a2ddbdc4600e829ad756fd5e84a79c0401fa846ad4f2f2fb235b410e82434a9

SHA512
1925cde90ee84db1e5c15fa774ee5f10fa368948df7643259b03599ad58cfce9d409fd2cd752ff4cbca60b4bbe92b184ff92a0c6e8b78849c4497d38266bd3b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC1A8B886\HtmlAgilityPack.dll
Filesize
149KB

MD5
7874850410e21b5f48bfe34174fb318c

SHA1
19522b1b9d932aa89df580c73ef629007ec32b6f

SHA256
c6250da15c349033de9b910c3dc10a156e47d69ec7e2076ce9011af7f3d885d1

SHA512
dad611ca9779b594aad7898261cc7ef0db500850eb81560c04d5d938ae4e2338e786773f63f59aab6564ad13acb4800f1862a2189803cc8cc8ad26a368f25eaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC1A8B886\MyDownloader.Core.dll
Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC1A8B886\MyDownloader.Extension.dll
Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC1A8B886\Newtonsoft.Json.dll
Filesize
476KB

MD5
3c4d2f6fd240dc804e10bbb5f16c6182

SHA1
30d66e6a1ead9541133bad2c715c1971ae943196

SHA256
1f7a328eb4fa73df5d2996202f5dab02530b0339458137774c72731b9f85ca2e

SHA512
0657f0ab1d7fc9730d4bf6b8c8373f512d57a34063bcfa1f93a803b0afe2a93219da5dc679414dd155956bd696cb7547fc09663f8891eb9b03d9c93b3c1fe95d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSC1A8B886\Ninject.dll
Filesize
133KB

MD5
ce80365e2602b7cff0222e0db395428c

SHA1
50c9625eda1d156c9d7a672839e9faaea1dffdbd

SHA256
3475dd6f1612e984573276529d8147029d6bfa55d41bef2577b3aa601d2fbbe5

SHA512
5ea1de091a108143bb74fccdb4f0553f72613e58d8551fff51ce1aab34636c856758719dfa1a0e4cc833acb8e75729793dede65c4562e1aa3f68ec50463d36f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\GenericSetup.exe_1680356506\Resources\OfferPage.html
Filesize
1KB

MD5
5f29b47126c45d119442ad3b896f74eb

SHA1
801a4e5b7d01f81c9c398b4d8d9a5f49e5269eef

SHA256
4e85074502c0267e04b324cdbb46df644e040513e94dd13c6625fb2e039c9a3f

SHA512
81ddcda6399365ad83689b14d22488137b88a80988eeed40ff1678fc387cb098227f520514a3d1a2a213efb4a8f435d87f40647bbe35a273c8d277d2c639c18e

Download Submit
C:\Users\Admin\AppData\Local\setup80175.exe
Filesize
3.1MB

MD5
369acf60d8b5ed6168c74955ee04654f

SHA1
1753fff63efa6ed5ad30ede6b959261ac67dd13e

SHA256
3ff8ec8f9f27a27f414a90bfed5b7f5a3c118b33cf0f80aeb7026e0a53e26632

SHA512
2582b3b4525321fece978710403e4bd4dd6e9f0869de1fec784e4e79ac98e8c6498a601c9db45d5af4f1b99e3a2cc07b9e3ec18144e18ce82b41eb64ce4eb643

Download Submit
C:\Users\Admin\AppData\Local\setup80175.exe
Filesize
3.1MB

MD5
369acf60d8b5ed6168c74955ee04654f

SHA1
1753fff63efa6ed5ad30ede6b959261ac67dd13e

SHA256
3ff8ec8f9f27a27f414a90bfed5b7f5a3c118b33cf0f80aeb7026e0a53e26632

SHA512
2582b3b4525321fece978710403e4bd4dd6e9f0869de1fec784e4e79ac98e8c6498a601c9db45d5af4f1b99e3a2cc07b9e3ec18144e18ce82b41eb64ce4eb643

Download Submit
C:\Users\Admin\Downloads\FakeActivation.zip
Filesize
275KB

MD5
6db8a7da4e8dc527d445b7a37d02d5d6

SHA1
4fcc7cff8b49a834858d8c6016c3c6f109c9c794

SHA256
7cc43d4259f9dbe6806e1c067ebd1784eaaf56a026047d9380be944b71e5b984

SHA512
b1b4269da8a0648747c4eee7a26619b29d8d1182fe12446c780091fef205a7b5e6fb93c9b74c710cca5d2e69600579b9d470e31a32689ecc570d0c4bbe4fe718

Download Submit
C:\Users\Admin\Downloads\MEMZ.zip
Filesize
8KB

MD5
69977a5d1c648976d47b69ea3aa8fcaa

SHA1
4630cc15000c0d3149350b9ecda6cfc8f402938a

SHA256
61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc

SHA512
ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.zip
Filesize
223KB

MD5
a7a51358ab9cdf1773b76bc2e25812d9

SHA1
9f3befe37f5fbe58bbb9476a811869c5410ee919

SHA256
817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612

SHA512
3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
Filesize
438KB

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
Filesize
438KB

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_1152_XWZQDAJLKRMGQMXY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\GenericSetup.LastScreen.dll
Filesize
31KB

MD5
3319432d3a694a481f5672fa9eb743d0

SHA1
99bff8f4941eb3cee3e0a7cb86b89eda1df07bf9

SHA256
768b4eb487e2dc8bcb8ec6221734ca69dce7f522d7640cc2a547f95296509693

SHA512
7f2a1c6c8d9d135b9e00e04f715c9b6b8ba12cb317f7b78ee3efbe3e426a99afce022306eb5bf02fe51c13857d3943b2b009b10b9cc96683e6bcbca1f9045c7f

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\GenericSetup.LastScreen.dll
Filesize
31KB

MD5
3319432d3a694a481f5672fa9eb743d0

SHA1
99bff8f4941eb3cee3e0a7cb86b89eda1df07bf9

SHA256
768b4eb487e2dc8bcb8ec6221734ca69dce7f522d7640cc2a547f95296509693

SHA512
7f2a1c6c8d9d135b9e00e04f715c9b6b8ba12cb317f7b78ee3efbe3e426a99afce022306eb5bf02fe51c13857d3943b2b009b10b9cc96683e6bcbca1f9045c7f

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\GenericSetup.dll
Filesize
6.8MB

MD5
4d65e6eb25db2ce61f4a7a48d9f6082a

SHA1
130abbae19f227b0ef4f278e90398b3b3c7c2eff

SHA256
1e2e26d769d69f6b06cad2f2fec81a125e4f3d14aee969357784fb533d80b89a

SHA512
b0842b4fc07dd332c53f56f1337b32064dad7a15663397655b73061bf3d61b44ecdd47ed626b92e69383cfaa41a9c70d4a18ece79fdbab2daf1d06adb1be4bfb

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\GenericSetup.dll
Filesize
6.8MB

MD5
4d65e6eb25db2ce61f4a7a48d9f6082a

SHA1
130abbae19f227b0ef4f278e90398b3b3c7c2eff

SHA256
1e2e26d769d69f6b06cad2f2fec81a125e4f3d14aee969357784fb533d80b89a

SHA512
b0842b4fc07dd332c53f56f1337b32064dad7a15663397655b73061bf3d61b44ecdd47ed626b92e69383cfaa41a9c70d4a18ece79fdbab2daf1d06adb1be4bfb

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\HtmlAgilityPack.dll
Filesize
149KB

MD5
7874850410e21b5f48bfe34174fb318c

SHA1
19522b1b9d932aa89df580c73ef629007ec32b6f

SHA256
c6250da15c349033de9b910c3dc10a156e47d69ec7e2076ce9011af7f3d885d1

SHA512
dad611ca9779b594aad7898261cc7ef0db500850eb81560c04d5d938ae4e2338e786773f63f59aab6564ad13acb4800f1862a2189803cc8cc8ad26a368f25eaa

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\HtmlAgilityPack.dll
Filesize
149KB

MD5
7874850410e21b5f48bfe34174fb318c

SHA1
19522b1b9d932aa89df580c73ef629007ec32b6f

SHA256
c6250da15c349033de9b910c3dc10a156e47d69ec7e2076ce9011af7f3d885d1

SHA512
dad611ca9779b594aad7898261cc7ef0db500850eb81560c04d5d938ae4e2338e786773f63f59aab6564ad13acb4800f1862a2189803cc8cc8ad26a368f25eaa

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\MyDownloader.Core.dll
Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\MyDownloader.Core.dll
Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\MyDownloader.Extension.dll
Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\MyDownloader.Extension.dll
Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\Newtonsoft.Json.dll
Filesize
476KB

MD5
3c4d2f6fd240dc804e10bbb5f16c6182

SHA1
30d66e6a1ead9541133bad2c715c1971ae943196

SHA256
1f7a328eb4fa73df5d2996202f5dab02530b0339458137774c72731b9f85ca2e

SHA512
0657f0ab1d7fc9730d4bf6b8c8373f512d57a34063bcfa1f93a803b0afe2a93219da5dc679414dd155956bd696cb7547fc09663f8891eb9b03d9c93b3c1fe95d

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\Newtonsoft.Json.dll
Filesize
476KB

MD5
3c4d2f6fd240dc804e10bbb5f16c6182

SHA1
30d66e6a1ead9541133bad2c715c1971ae943196

SHA256
1f7a328eb4fa73df5d2996202f5dab02530b0339458137774c72731b9f85ca2e

SHA512
0657f0ab1d7fc9730d4bf6b8c8373f512d57a34063bcfa1f93a803b0afe2a93219da5dc679414dd155956bd696cb7547fc09663f8891eb9b03d9c93b3c1fe95d

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\Ninject.dll
Filesize
133KB

MD5
ce80365e2602b7cff0222e0db395428c

SHA1
50c9625eda1d156c9d7a672839e9faaea1dffdbd

SHA256
3475dd6f1612e984573276529d8147029d6bfa55d41bef2577b3aa601d2fbbe5

SHA512
5ea1de091a108143bb74fccdb4f0553f72613e58d8551fff51ce1aab34636c856758719dfa1a0e4cc833acb8e75729793dede65c4562e1aa3f68ec50463d36f3

Download Submit
\Users\Admin\AppData\Local\Temp\7zSC1A8B886\Ninject.dll
Filesize
133KB

MD5
ce80365e2602b7cff0222e0db395428c

SHA1
50c9625eda1d156c9d7a672839e9faaea1dffdbd

SHA256
3475dd6f1612e984573276529d8147029d6bfa55d41bef2577b3aa601d2fbbe5

SHA512
5ea1de091a108143bb74fccdb4f0553f72613e58d8551fff51ce1aab34636c856758719dfa1a0e4cc833acb8e75729793dede65c4562e1aa3f68ec50463d36f3

Download Submit
\Users\Admin\AppData\Local\Temp\GenericSetup.exe_1680356506\sciter32.dll
Filesize
5.6MB

MD5
b431083586e39d018e19880ad1a5ce8f

SHA1
3bbf957ab534d845d485a8698accc0a40b63cedd

SHA256
b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

SHA512
7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

Download Submit
memory/516-929-0x00000000058A0000-0x00000000058B0000-memory.dmp

Filesize
64KB

Download
memory/916-918-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/1128-1024-0x0000021199A00000-0x0000021199A02000-memory.dmp

Filesize
8KB

Download
memory/1128-1027-0x000002119DF50000-0x000002119DF52000-memory.dmp

Filesize
8KB

Download
memory/1128-1026-0x000002119DF20000-0x000002119DF22000-memory.dmp

Filesize
8KB

Download
memory/1128-1105-0x0000021199A20000-0x0000021199A22000-memory.dmp

Filesize
8KB

Download
memory/1128-1022-0x00000211996B0000-0x00000211996B1000-memory.dmp

Filesize
4KB

Download
memory/1128-1003-0x0000021199C00000-0x0000021199C10000-memory.dmp

Filesize
64KB

Download
memory/1128-985-0x0000021199420000-0x0000021199430000-memory.dmp

Filesize
64KB

Download
memory/1128-1114-0x0000021199690000-0x0000021199691000-memory.dmp

Filesize
4KB

Download
memory/1128-1089-0x000002119FA10000-0x000002119FA11000-memory.dmp

Filesize
4KB

Download
memory/1128-1108-0x00000211996B0000-0x00000211996B1000-memory.dmp

Filesize
4KB

Download
memory/1128-1090-0x000002119FA20000-0x000002119FA21000-memory.dmp

Filesize
4KB

Download
memory/1188-1064-0x00000179DC140000-0x00000179DC142000-memory.dmp

Filesize
8KB

Download
memory/1188-1069-0x00000179DC280000-0x00000179DC282000-memory.dmp

Filesize
8KB

Download
memory/1188-1078-0x00000179DCA90000-0x00000179DCA92000-memory.dmp

Filesize
8KB

Download
memory/1188-1067-0x00000179DC160000-0x00000179DC162000-memory.dmp

Filesize
8KB

Download
memory/1188-1076-0x00000179DCA70000-0x00000179DCA72000-memory.dmp

Filesize
8KB

Download
memory/1188-1062-0x00000179DC120000-0x00000179DC122000-memory.dmp

Filesize
8KB

Download
memory/1188-1060-0x00000179DC000000-0x00000179DC002000-memory.dmp

Filesize
8KB

Download
memory/1188-1071-0x00000179DC360000-0x00000179DC362000-memory.dmp

Filesize
8KB

Download
memory/1188-1074-0x00000179DCA50000-0x00000179DCA52000-memory.dmp

Filesize
8KB

Download
memory/2204-190-0x0000000005540000-0x0000000005568000-memory.dmp

Filesize
160KB

Download
memory/2204-256-0x00000000075B0000-0x0000000007642000-memory.dmp

Filesize
584KB

Download
memory/2204-293-0x0000000005640000-0x0000000005650000-memory.dmp

Filesize
64KB

Download
memory/2204-194-0x00000000055E0000-0x000000000560C000-memory.dmp

Filesize
176KB

Download
memory/2204-182-0x0000000002B20000-0x0000000002B2C000-memory.dmp

Filesize
48KB

Download
memory/2204-234-0x0000000006C80000-0x0000000006CFC000-memory.dmp

Filesize
496KB

Download
memory/2204-270-0x00000000072D0000-0x00000000072FE000-memory.dmp

Filesize
184KB

Download
memory/2204-186-0x0000000005BF0000-0x00000000062CA000-memory.dmp

Filesize
6.9MB

Download
memory/2204-247-0x0000000007810000-0x0000000007D0E000-memory.dmp

Filesize
5.0MB

Download
memory/2204-236-0x0000000006E80000-0x00000000071D0000-memory.dmp

Filesize
3.3MB

Download
memory/2204-195-0x0000000005640000-0x0000000005650000-memory.dmp

Filesize
64KB

Download
memory/2204-178-0x0000000000770000-0x000000000077A000-memory.dmp

Filesize
40KB

Download
memory/2204-200-0x0000000005880000-0x00000000058E6000-memory.dmp

Filesize
408KB

Download
memory/2204-211-0x0000000005B60000-0x0000000005B72000-memory.dmp

Filesize
72KB

Download
memory/3500-926-0x0000000004F10000-0x0000000004F1A000-memory.dmp

Filesize
40KB

Download
memory/3500-924-0x00000000005E0000-0x0000000000652000-memory.dmp

Filesize
456KB

Download
memory/3500-925-0x0000000004E70000-0x0000000004F0C000-memory.dmp

Filesize
624KB

Download
memory/3500-927-0x0000000005160000-0x00000000051B6000-memory.dmp

Filesize
344KB

Download
memory/3500-928-0x00000000029C0000-0x00000000029D0000-memory.dmp

Filesize
64KB

Download
memory/4116-982-0x0000000005990000-0x00000000059A0000-memory.dmp

Filesize
64KB

Download
memory/4116-984-0x0000000005990000-0x00000000059A0000-memory.dmp

Filesize
64KB

Download
memory/4116-983-0x0000000005990000-0x00000000059A0000-memory.dmp

Filesize
64KB

Download
memory/4116-981-0x0000000005990000-0x00000000059A0000-memory.dmp

Filesize
64KB

Download
memory/4116-980-0x0000000000E50000-0x0000000000EC4000-memory.dmp

Filesize
464KB

Download
memory/4396-919-0x0000013596A80000-0x0000013596AAE000-memory.dmp

Filesize
184KB

Download
memory/4396-920-0x00000135B0EE0000-0x00000135B0EF0000-memory.dmp

Filesize
64KB

Download
memory/4396-921-0x00000135B0EE0000-0x00000135B0EF0000-memory.dmp

Filesize
64KB

Download
memory/4396-922-0x00000135B0EE0000-0x00000135B0EF0000-memory.dmp

Filesize
64KB

Download
memory/4396-923-0x00000135B0EE0000-0x00000135B0EF0000-memory.dmp

Filesize
64KB

Download