656ef859faec9bbf45e9507e05e46c23370e166cac188c047a6592e9abad6d3d

Analysis

max time kernel
118s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2023, 17:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eagleget_setup.exe
Size

10.1MB
MD5

9362466cebe90e227124d734ca8331d6
SHA1

c5c87d53699139e5409fc125aeeb5038ad8a36ed
SHA256

656ef859faec9bbf45e9507e05e46c23370e166cac188c047a6592e9abad6d3d
SHA512

290e193b1b136eeb782875de8087659c1be9223aeaf787a6f4ae7c8ffcdcdaf727ff132752764c946cfda72bfacac8edefe50c3a413f6a6a3b29c3219e21b18c
SSDEEP

196608:Oem68ZtdVwynNUtlT8kaTtDsDftJTz2Dni4E089ApMajJuodoPLCEXyjVjr:Oel8ZTVBMTx+DEtlap6ipMkJLoPCjV3

Score

8^/10

adware discovery persistence spyware stealer

Malware Config

Signatures

Drops file in Drivers directory 5 IoCs

description	ioc	Process
File created	C:\Windows\system32\drivers\eagleGet.sys	EGMonitor.exe
File created	C:\Windows\system32\drivers\eagleGet.update	EGMonitor.exe
File opened for modification	C:\Windows\system32\drivers\eagleGet.update	EGMonitor.exe
File created	C:\Windows\system32\drivers\eagleGet.sys	EGMonitor.exe
File opened for modification	C:\Windows\system32\drivers\eagleGet.sys	EGMonitor.exe

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\eagleGet\ImagePath = "System32\\Drivers\\eagleGet.sys"	EGMonitor.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	eagleget_setup.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	net_updater32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	EagleGet.exe

Executes dropped EXE 15 IoCs

pid	Process
1188	eagleget_setup.tmp
2768	net_updater32.exe
2860	test_wpf.exe
4184	net_updater32.exe
3440	EGMonitor.exe
604	net_updater32.exe
3236	test_wpf.exe
3824	EGMonitor.exe
5104	EGMonitor.exe
384	EagleGet.exe
3256	test_wpf.exe
3900	net_svc.exe
3764	net_svc.exe
684	net_svc.exe
1240	EGMonitor.exe

Loads dropped DLL 48 IoCs

pid	Process
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
4596	regsvr32.exe
4596	regsvr32.exe
1468	regsvr32.exe
2264	regsvr32.exe
2264	regsvr32.exe
2768	net_updater32.exe
2768	net_updater32.exe
2768	net_updater32.exe
2768	net_updater32.exe
2768	net_updater32.exe
4184	net_updater32.exe
3440	EGMonitor.exe
3440	EGMonitor.exe
604	net_updater32.exe
604	net_updater32.exe
604	net_updater32.exe
604	net_updater32.exe
604	net_updater32.exe
3824	EGMonitor.exe
3824	EGMonitor.exe
5104	EGMonitor.exe
5104	EGMonitor.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
1240	EGMonitor.exe
1240	EGMonitor.exe
1240	EGMonitor.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\InprocServer32\ = "C:\\Program Files (x86)\\EagleGet\\npEagleget.dll"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\InprocServer32	regsvr32.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E871FF8-029C-4732-8AA7-39E3D3872057}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E871FF8-029C-4732-8AA7-39E3D3872057}\ = "bteagleget.com"	regsvr32.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\test_wpf.exe.log	test_wpf.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\luminati\494419af5d7e83503dd53f7beed2d6841c1136e5	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\luminati	net_updater32.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\EagleGet\is-ITSHI.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-RNHGM.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-CE60I.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-9A8S7.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\luminati\perr_04_05_show_dialog_1.166.833.sent	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\kbasnthasciateuhant98437uau	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\temp\nhahs2h5.2lt	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\unins000.dat	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-9U4B8.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-G9HON.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-I3JBC.tmp	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet\luminati	EagleGet.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\lum_sdk_install_id	EagleGet.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\perr_tun_ready_1.245.997.sending	net_svc.exe
File created	C:\Program Files (x86)\Common Files\EagleGet\is-0JCBE.tmp	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet\test_wpf.exe	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\test_wpf.exe	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\EGMonitor.exe	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-T1BJT.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-C88D4.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\luminati\net_install.log	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\lum_sdk.log	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\perr_19_svc_connected_1.166.833.sending	net_svc.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\perr_tun_1b_1.245.997.sent	net_svc.exe
File created	C:\Program Files (x86)\EagleGet\is-IU41L.tmp	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\funnel_perr_18_svc_init.sent	net_svc.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\perr_20_svc_tun_ready_1.166.833.sent	net_svc.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\perr_tun_start_1.245.997.sent	net_svc.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\perr_21_svc_tun_start_1.166.833.sent	net_svc.exe
File opened for modification	C:\Program Files (x86)\EagleGet\botva2.dll	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet\CrashRpt.dll	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet\libcurl.dll	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-7VUF2.tmp	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet\kbasnthasciateuhant98437uau	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\net_install.log	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\lum_sdk_install_id	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_13_supported_1.166.833.sent	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\temp	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_17_svc_started_1.166.833.sent	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\perr_restricted_domain_1.245.997.sent	net_svc.exe
File opened for modification	C:\Program Files (x86)\EagleGet\net_updater32.exe	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-J14NM.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\Common Files\EagleGet\is-EHEGC.tmp	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\lum_sdk_install_id	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\lum_sdk_session_id	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_06_service_install_1.166.833.sent	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\is-9U4B8.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-43P2N.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\luminati\perr_02_sent_cleanup_1.166.833.sent	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\perr_restricted_domain_1.245.997.sending	net_svc.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\perr_perr_direct_success_1.245.997.sent	net_svc.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\perr_tun_1b_1.245.997.sending	net_svc.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\funnel_perr_22_svc_tun_1b.sent	net_svc.exe
File opened for modification	C:\Program Files (x86)\EagleGet\sqlite3.dll	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\addon\is-5SOJO.tmp	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\funnel_perr_19_svc_connected.sent	net_svc.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\perr_20_svc_tun_ready_1.166.833.sending	net_svc.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\26f07ffc-d512-44c6-b5c9-5a11ee00c16d.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230414190342.pma	setup.exe
File created	C:\Program Files (x86)\EagleGet\is-1EMA3.tmp	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet\EagleGet.exe	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_04_03_setup_dialog_1.166.833.sent	net_updater32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2808	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 21 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with EagleGet\ = "res://C:\\Program Files (x86)\\EagleGet\\IEGraberBHO.dll/201"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with EagleGet\Contexts = "34"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download all links with EagleGet\ = "res://C:\\Program Files (x86)\\EagleGet\\IEGraberBHO.dll/202"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download all links with EagleGet\Contexts = "243"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "ye"	eagleget_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\InprocServer32\ = "C:\\Program Files (x86)\\EagleGet\\eagleSniffer.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with EagleGet	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Main\	eagleget_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\ = "Customdown Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\TypeLib\ = "{1FE29BBF-5745-45a1-B1E7-2DFD97926CEF}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download all links with EagleGet	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{13D6E221-D1CC-4cc1-8410-66CD89818A6F}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\Version\ = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\DownloadUI = "{13D6E221-D1CC-4cc1-8410-66CD89818A6F}"	regsvr32.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	net_updater32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E871FF8-029C-4732-8AA7-39E3D3872057}	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\Version\ = "1"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Interface\{E22ABA47-7A14-5B5E-941A-AAEEFCEE01F9}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D700DDC2-DA60-4312-B1CD-8944E93C3EF6}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Interface\{47A50A6B-EB5E-5DB3-8955-89A3AC3D64F9}\TypeLib\ = "{5BF350E6-763C-5778-8960-BF006540067D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGraberBHO.EagleGet.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1FE29BBF-5745-45A1-B1E7-2DFD97926CEF}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\EagleGet"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97C13EA5-DECA-4355-B789-7788B7EB154A}\ = "IEGet"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\AppID\{B415CD14-B45D-4BCA-B552-B06175C38606}\ = "FireBreathWin"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\Interface\{E22ABA47-7A14-5B5E-941A-AAEEFCEE01F9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Interface\{47A50A6B-EB5E-5DB3-8955-89A3AC3D64F9}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E871FF8-029C-4732-8AA7-39E3D3872057}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97C13EA5-DECA-4355-B789-7788B7EB154A}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E871FF8-029C-4732-8AA7-39E3D3872057}\TypeLib\ = "{1FE29BBF-5745-45a1-B1E7-2DFD97926CEF}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\TypeLib\{5BF350E6-763C-5778-8960-BF006540067D}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Interface\{6BCF4892-5428-53D9-A1D9-56D55AEF29AB}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E871FF8-029C-4732-8AA7-39E3D3872057}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}\TypeLib	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{46B30FC5-D638-4323-ACA1-EA7541FA65F1}\1.0\ = "IEGraberBHO 1.0 ÀàÐÍ¿â"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGrab.EGet.1\ = "EGet Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\ProgID\ = "IEGrab.Customdown.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1FE29BBF-5745-45A1-B1E7-2DFD97926CEF}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\Interface\{47A50A6B-EB5E-5DB3-8955-89A3AC3D64F9}\TypeLib\ = "{5BF350E6-763C-5778-8960-BF006540067D}"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Interface\{47A50A6B-EB5E-5DB3-8955-89A3AC3D64F9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D700DDC2-DA60-4312-B1CD-8944E93C3EF6}\ProgID\ = "IEGraberBHO.EagleGet.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{46B30FC5-D638-4323-ACA1-EA7541FA65F1}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1FE29BBF-5745-45A1-B1E7-2DFD97926CEF}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}\TypeLib\ = "{1FE29BBF-5745-45A1-B1E7-2DFD97926CEF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{46B30FC5-D638-4323-ACA1-EA7541FA65F1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7EFCB4C-66F9-475C-97FB-03687DAB0EB3}\ = "IEagleGet"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGrab.EGet\ = "EGet Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\TypeLib\ = "{1FE29BBF-5745-45a1-B1E7-2DFD97926CEF}"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\MiscStatus\1\ = "131473"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\TypeLib\{5BF350E6-763C-5778-8960-BF006540067D}\1.0\ = "EagleGet32 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Interface\{E22ABA47-7A14-5B5E-941A-AAEEFCEE01F9}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\TypeLib\{5BF350E6-763C-5778-8960-BF006540067D}\1.0\0\win32\ = "C:\\Program Files (x86)\\EagleGet\\npEagleget.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGrab.EGet.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGrab.Customdown\CLSID\ = "{13D6E221-D1CC-4cc1-8410-66CD89818A6F}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\MIME\Database\Content Type\application/x-eagleget	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\MiscStatus\1	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Interface\{E22ABA47-7A14-5B5E-941A-AAEEFCEE01F9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Interface\{47A50A6B-EB5E-5DB3-8955-89A3AC3D64F9}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGrab.Customdown.1\CLSID\ = "{13D6E221-D1CC-4cc1-8410-66CD89818A6F}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\MIME\Database\Content Type\application/x-eagleget\Extension	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\Interface\{6BCF4892-5428-53D9-A1D9-56D55AEF29AB}\TypeLib\ = "{5BF350E6-763C-5778-8960-BF006540067D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{FBDC47F7-F27C-463B-9976-16683FBEDED5}\ = "IEGraberBHO"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\Version	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGrab.EGet.1\CLSID	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGraberBHO.EagleGet.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1FE29BBF-5745-45A1-B1E7-2DFD97926CEF}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1FE29BBF-5745-45A1-B1E7-2DFD97926CEF}\1.0\0\win32\ = "C:\\Program Files (x86)\\EagleGet\\eagleSniffer.dll"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Interface\{6BCF4892-5428-53D9-A1D9-56D55AEF29AB}\TypeLib\ = "{5BF350E6-763C-5778-8960-BF006540067D}"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\ProgID\ = "EagleGet.EagleGet32.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D700DDC2-DA60-4312-B1CD-8944E93C3EF6}\VersionIndependentProgID\ = "IEGraberBHO.EagleGet"	regsvr32.exe

Script User-Agent 4 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	128	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	108	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	120	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	125	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
1188	eagleget_setup.tmp
2768	net_updater32.exe
604	net_updater32.exe
3764	net_svc.exe
3764	net_svc.exe
748	msedge.exe
748	msedge.exe
384	EagleGet.exe
4496	msedge.exe
4496	msedge.exe
4896	identity_helper.exe
4896	identity_helper.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
652	Process not Found
652	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	2808	taskkill.exe
Token: SeDebugPrivilege	1188	eagleget_setup.tmp
Token: SeDebugPrivilege	2768	net_updater32.exe
Token: SeDebugPrivilege	604	net_updater32.exe
Token: SeShutdownPrivilege	3764	net_svc.exe
Token: SeCreatePagefilePrivilege	3764	net_svc.exe
Token: SeShutdownPrivilege	3764	net_svc.exe
Token: SeCreatePagefilePrivilege	3764	net_svc.exe
Token: SeShutdownPrivilege	3764	net_svc.exe
Token: SeCreatePagefilePrivilege	3764	net_svc.exe
Token: SeShutdownPrivilege	3764	net_svc.exe
Token: SeCreatePagefilePrivilege	3764	net_svc.exe
Token: SeDebugPrivilege	384	EagleGet.exe

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
1188	eagleget_setup.tmp
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
384	EagleGet.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
384	EagleGet.exe
384	EagleGet.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
384	EagleGet.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 1188	4472	eagleget_setup.exe	83
PID 4472 wrote to memory of 1188	4472	eagleget_setup.exe	83
PID 4472 wrote to memory of 1188	4472	eagleget_setup.exe	83
PID 1188 wrote to memory of 2808	1188	eagleget_setup.tmp	84
PID 1188 wrote to memory of 2808	1188	eagleget_setup.tmp	84
PID 1188 wrote to memory of 2808	1188	eagleget_setup.tmp	84
PID 1188 wrote to memory of 4596	1188	eagleget_setup.tmp	94
PID 1188 wrote to memory of 4596	1188	eagleget_setup.tmp	94
PID 1188 wrote to memory of 4596	1188	eagleget_setup.tmp	94
PID 1188 wrote to memory of 1468	1188	eagleget_setup.tmp	96
PID 1188 wrote to memory of 1468	1188	eagleget_setup.tmp	96
PID 1188 wrote to memory of 1468	1188	eagleget_setup.tmp	96
PID 1188 wrote to memory of 2264	1188	eagleget_setup.tmp	97
PID 1188 wrote to memory of 2264	1188	eagleget_setup.tmp	97
PID 1188 wrote to memory of 2264	1188	eagleget_setup.tmp	97
PID 1188 wrote to memory of 2768	1188	eagleget_setup.tmp	98
PID 1188 wrote to memory of 2768	1188	eagleget_setup.tmp	98
PID 1188 wrote to memory of 2768	1188	eagleget_setup.tmp	98
PID 2768 wrote to memory of 2860	2768	net_updater32.exe	101
PID 2768 wrote to memory of 2860	2768	net_updater32.exe	101
PID 2768 wrote to memory of 2860	2768	net_updater32.exe	101
PID 2768 wrote to memory of 4184	2768	net_updater32.exe	102
PID 2768 wrote to memory of 4184	2768	net_updater32.exe	102
PID 2768 wrote to memory of 4184	2768	net_updater32.exe	102
PID 1188 wrote to memory of 3440	1188	eagleget_setup.tmp	104
PID 1188 wrote to memory of 3440	1188	eagleget_setup.tmp	104
PID 1188 wrote to memory of 3440	1188	eagleget_setup.tmp	104
PID 604 wrote to memory of 3236	604	net_updater32.exe	106
PID 604 wrote to memory of 3236	604	net_updater32.exe	106
PID 604 wrote to memory of 3236	604	net_updater32.exe	106
PID 1188 wrote to memory of 3824	1188	eagleget_setup.tmp	107
PID 1188 wrote to memory of 3824	1188	eagleget_setup.tmp	107
PID 1188 wrote to memory of 3824	1188	eagleget_setup.tmp	107
PID 1188 wrote to memory of 384	1188	eagleget_setup.tmp	109
PID 1188 wrote to memory of 384	1188	eagleget_setup.tmp	109
PID 1188 wrote to memory of 384	1188	eagleget_setup.tmp	109
PID 384 wrote to memory of 3256	384	EagleGet.exe	111
PID 384 wrote to memory of 3256	384	EagleGet.exe	111
PID 384 wrote to memory of 3256	384	EagleGet.exe	111
PID 604 wrote to memory of 3900	604	net_updater32.exe	110
PID 604 wrote to memory of 3900	604	net_updater32.exe	110
PID 604 wrote to memory of 3764	604	net_updater32.exe	112
PID 604 wrote to memory of 3764	604	net_updater32.exe	112
PID 1188 wrote to memory of 4496	1188	eagleget_setup.tmp	113
PID 1188 wrote to memory of 4496	1188	eagleget_setup.tmp	113
PID 4496 wrote to memory of 4936	4496	msedge.exe	114
PID 4496 wrote to memory of 4936	4496	msedge.exe	114
PID 3764 wrote to memory of 684	3764	net_svc.exe	115
PID 3764 wrote to memory of 684	3764	net_svc.exe	115
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117
PID 4496 wrote to memory of 636	4496	msedge.exe	117

C:\Users\Admin\AppData\Local\Temp\eagleget_setup.exe
"C:\Users\Admin\AppData\Local\Temp\eagleget_setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Users\Admin\AppData\Local\Temp\is-KM2U8.tmp\eagleget_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-KM2U8.tmp\eagleget_setup.tmp" /SL5="$60062,10160016,175104,C:\Users\Admin\AppData\Local\Temp\eagleget_setup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1188
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill.exe" /f /im "net_updater32.exe"
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2808
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\EagleGet\eagleSniffer.dll"
    3⤵
    - Loads dropped DLL
    - Installs/modifies Browser Helper Object
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:4596
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\EagleGet\npEagleget.dll"
    3⤵
    - Loads dropped DLL
    - Registers COM server for autorun
    - Modifies registry class
    PID:1468
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\EagleGet\IEGraberBHO.dll"
    3⤵
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:2264
- - C:\Program Files (x86)\EagleGet\net_updater32.exe
    "C:\Program Files (x86)\EagleGet\net_updater32.exe" --install-ui win_eagleget.com --dlg-app-name EagleGet --dlg-tos-link "http://www.eagleget.com/privacy-policy" --dlg-logo-link "http://admin.eagleget.com/latest/EagleGet-Icon.png" --dlg-bg-color "#ffcfe3c4" --dlg-pos "screen" --dlg-btn-color "#ff32363f" --dlg-txt-color "#ff32363f" --dlg-not-peer-txt ads
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Program Files (x86)\EagleGet\test_wpf.exe
      C:\Program Files (x86)\EagleGet\test_wpf.exe
      4⤵
      Executes dropped EXE
      PID:2860
  - - C:\Program Files (x86)\EagleGet\net_updater32.exe
      "C:\Program Files (x86)\EagleGet\net_updater32.exe" --install win_eagleget.com --no-cleanup
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      PID:4184
- - C:\Program Files (x86)\EagleGet\EGMonitor.exe
    "C:\Program Files (x86)\EagleGet\EGMonitor.exe" /installnewtab
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3440
- - C:\Program Files (x86)\EagleGet\EGMonitor.exe
    "C:\Program Files (x86)\EagleGet\EGMonitor.exe" /install
    3⤵
    - Drops file in Drivers directory
    - Sets service image path in registry
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3824
- - C:\Program Files (x86)\EagleGet\EagleGet.exe
    "C:\Program Files (x86)\EagleGet\EagleGet.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:384
  - - C:\Program Files (x86)\EagleGet\test_wpf.exe
      C:\Program Files (x86)\EagleGet\test_wpf.exe
      4⤵
      Executes dropped EXE
      PID:3256
  - - C:\Program Files (x86)\EagleGet\EGMonitor.exe
      "C:\Program Files (x86)\EagleGet\EGMonitor.exe" /rm
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.eagleget.com/welcome
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of WriteProcessMemory
    PID:4496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffb9ac246f8,0x7ffb9ac24708,0x7ffb9ac24718
      4⤵
      PID:4936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,12576098069495138585,18323969618757227311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,12576098069495138585,18323969618757227311,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2284 /prefetch:2
      4⤵
      PID:636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,12576098069495138585,18323969618757227311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
      4⤵
      PID:4720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12576098069495138585,18323969618757227311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
      4⤵
      PID:5096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12576098069495138585,18323969618757227311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
      4⤵
      PID:3916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,12576098069495138585,18323969618757227311,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
      4⤵
      PID:2196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,12576098069495138585,18323969618757227311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
      4⤵
      PID:2096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:4736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff788a25460,0x7ff788a25470,0x7ff788a25480
        5⤵
        
        PID:796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,12576098069495138585,18323969618757227311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4896

C:\Program Files (x86)\EagleGet\net_updater32.exe
"C:/Program Files (x86)/EagleGet/net_updater32.exe" --updater win_eagleget.com
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:604
- C:\Program Files (x86)\EagleGet\test_wpf.exe
  C:\Program Files (x86)\EagleGet\test_wpf.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:3236
- C:\Program Files (x86)\EagleGet\luminati\net_svc.exe
  "C:\Program Files (x86)\EagleGet\luminati\net_svc.exe" --info
  2⤵
  - Executes dropped EXE
  PID:3900
- C:\Program Files (x86)\EagleGet\luminati\net_svc.exe
  "C:\Program Files (x86)\EagleGet\luminati\net_svc.exe" --workdir "C:/Program Files (x86)/EagleGet/luminati" --no-root --parent-die-stdin --sdk --sdk-version 1.166.833 --appid win_eagleget.com --uuid sdk-win-589feaf8a5e3743859f6251c5b6d5fe6
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3764
- - C:\Program Files (x86)\EagleGet\luminati\net_svc.exe
    "C:\Program Files (x86)\EagleGet\luminati\net_svc.exe" --report-idle
    3⤵
    - Executes dropped EXE
    PID:684

C:\Program Files (x86)\EagleGet\EGMonitor.exe
"C:\Program Files (x86)\EagleGet\EGMonitor.exe" /svc
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

T1176

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\EagleGet\is-EHEGC.tmp

Filesize
1013KB

MD5
b87b80e55c218e30b6d130d881714efe

SHA1
00816ae02538f0a69fe57b27c6674ec03eb1238d

SHA256
6db10a3f85934cc8fc265922b3ed9ccfa724da19c6a50303c23bb379d0b9219a

SHA512
07071535af4910b4acaa4d7110312f6535539859c4d389ced409fe248fd970174b1731d1b741ed9d06f5bdbb52751b3835fb6b17f08c1fb537640a04833a228a

Download Submit
C:\Program Files (x86)\EagleGet\CallbackCtrl.dll

Filesize
4KB

MD5
f07e819ba2e46a897cfabf816d7557b2

SHA1
8d5fd0a741dd3fd84650e40dd3928ae1f15323cc

SHA256
68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d

SHA512
7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

Download Submit
C:\Program Files (x86)\EagleGet\CallbackCtrl.dll

Filesize
4KB

MD5
f07e819ba2e46a897cfabf816d7557b2

SHA1
8d5fd0a741dd3fd84650e40dd3928ae1f15323cc

SHA256
68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d

SHA512
7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

Download Submit
C:\Program Files (x86)\EagleGet\CrashRpt.dll

Filesize
299KB

MD5
c61889f94d864f9f185467bad956b840

SHA1
245b294c3bcf6c34df128fdd20a0c6896c1a4491

SHA256
c94ca9e45e286d31723b2e88ff29cbd782c1d86f65e783046fee1239a980e672

SHA512
9cfdfacfeb5ed532bca9f2255f16bbc78ad5cd03b0066dc6a57fa6a1c018f043a4c131b8aaeb429d2f583520f511a16696ef3ac72a72ae033ad160f3e32e20e2

Download Submit
C:\Program Files (x86)\EagleGet\EGMonitor.exe

Filesize
331KB

MD5
1712a04f250324c60f358bee1dcff37f

SHA1
464344eb06d5b18fe4dd510f65a53f7f7af6c396

SHA256
46671e177118f6233a44826ad026a5f19f4a656de65bcab03797450eccd26631

SHA512
f3190bd4d1759ab7e70857eb6116b0be2abddc9cca6af93a75d0c3af40536db3ebf84c4d3d2075be606aaa6b0a1226f9c9460e671b3e5b26443a8d41806bea81

Download Submit
C:\Program Files (x86)\EagleGet\EagleGet.exe

Filesize
2.3MB

MD5
70f5f003ce966e8862e21011fd8b90d8

SHA1
535bc4052b92f3149ed088feadd12a32aa73be08

SHA256
f570fdc15ef0f16374812ec5f6e2f093f09fda49b043b69d3b9ffabdf42423ff

SHA512
e72e7950fa1dfbcb5abd3d0d17a271b5184e5bf91ac15c7519f99666a69f8b9dd5ce51173976898ad307a76869b6a98c8b93e29a7a5dda4a04b2577a8a5629b4

Download Submit
C:\Program Files (x86)\EagleGet\EagleGet.exe

Filesize
2.3MB

MD5
70f5f003ce966e8862e21011fd8b90d8

SHA1
535bc4052b92f3149ed088feadd12a32aa73be08

SHA256
f570fdc15ef0f16374812ec5f6e2f093f09fda49b043b69d3b9ffabdf42423ff

SHA512
e72e7950fa1dfbcb5abd3d0d17a271b5184e5bf91ac15c7519f99666a69f8b9dd5ce51173976898ad307a76869b6a98c8b93e29a7a5dda4a04b2577a8a5629b4

Download Submit
C:\Program Files (x86)\EagleGet\IEGraberBHO.dll

Filesize
244KB

MD5
07f4793acd1d9dd3a08ccc898e00eddc

SHA1
031c5a846e6fbc389dcd358e0f704d01c40394d9

SHA256
f3da023b197a4979f526d5d6807e53ce8ab4b16343b4bfe415d5020994d28961

SHA512
424284f7589f626ace00cb3fce5ac252750cec807d09deb1a5aa3174c10767e8c082eea9692150109547ce3afeaab6c06d8dd6f788040c2c2113a8e6ed1889b8

Download Submit
C:\Program Files (x86)\EagleGet\IEGraberBHO.dll

Filesize
244KB

MD5
07f4793acd1d9dd3a08ccc898e00eddc

SHA1
031c5a846e6fbc389dcd358e0f704d01c40394d9

SHA256
f3da023b197a4979f526d5d6807e53ce8ab4b16343b4bfe415d5020994d28961

SHA512
424284f7589f626ace00cb3fce5ac252750cec807d09deb1a5aa3174c10767e8c082eea9692150109547ce3afeaab6c06d8dd6f788040c2c2113a8e6ed1889b8

Download Submit
C:\Program Files (x86)\EagleGet\UninstallIco.ico

Filesize
17KB

MD5
009d9bdffb6ee378d30150031b620695

SHA1
11dea417c23f5682bf8102e6dd566f05ae9d7e3e

SHA256
5b003443e41fd99f26ecb3049b887bb9e2dec66fbe495f5f1dabc7d2fde1e801

SHA512
8972887f569f845a2312f0fcacc1e881990c5ab999b14184c1907931766fb7e6efd2e079efb1245007a0114ede419c41d8581c844f1936a9de4fbb029aaa9975

Download Submit
C:\Program Files (x86)\EagleGet\_eagleGet_x64.sys

Filesize
77KB

MD5
7cebfad0c6236844d930aaa0f6502e9b

SHA1
67a451f41d453e7c0cc8eb6f56b4c9ec257cf689

SHA256
2e2d1651f3b57376f0e100ead43c95481d27a9815ad13742f3034c7ebcc43f59

SHA512
33136266b8f4433dbfd728ed3ed3a70e0afc2d0064628dd056add79c78648e9012408341817097a128a5264e85191a7b43ebe46be53937eaae2d9f8d51b06311

Download Submit
C:\Program Files (x86)\EagleGet\_eagleGet_x86.sys

Filesize
62KB

MD5
7149e56fe2673c5a82d99848d61f5823

SHA1
7c74a82c264661ee511952727812e4fe63324579

SHA256
ee61881a1a99836a2a580e08aea53e6eba295ead01b76139b09d0741345fade3

SHA512
59921aa7740ea28b64833d60038f57dba1474352b1e6ad833fe57859867fccbe5c2b0ea69535533316bc726f7f70959d61bec69197677828cc00109081afa76e

Download Submit
C:\Program Files (x86)\EagleGet\addon\[email protected]

Filesize
96KB

MD5
a40b9a135b1aac95a3f4e776990ad685

SHA1
ebba814f2801e67d581bd6f2327f071bcfe1d7a5

SHA256
e6d31dc6c83b9700d204b9ddeeaf688e62e17a8bf7dafe84beae934ab496338a

SHA512
f15babe70a9413cf0e4098f19f728321465bff0ecfb6f0ee2ac955ecba4e2c00d92be17142d13274b6bb5639ccb78f7c02959ba19b229376210a75efdbeabdb5

Download Submit
C:\Program Files (x86)\EagleGet\addon\[email protected]

Filesize
104KB

MD5
bb9452d61f8e9637265a08935893d999

SHA1
ec4a265a8d3d1ad5e962fbce9ac4e827e62d9456

SHA256
9f84f0cfb863b9c31adbed63b5392b6ad562c80354c3494c6aed0da178d20ea4

SHA512
448346beb56fa925701add8c9faab5c864cc716c353dc641d79f6775ed4de9d6a1764570eb7ea32d70659ef9fc626b767187adff5982df94c4d3f3709471062d

Download Submit
C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx

Filesize
961KB

MD5
b41e30bdb9035bdb2d73a22320263930

SHA1
8232e2431565a1e7274059808f7f75a358b451d7

SHA256
145ea4ada358df598bfbc9faf1fc73f1b41df15d72799712b7b8f410aac963d9

SHA512
e1efbfa845c218c751fdcf2b9cc70fedbe3c2305ec70648f55e68a7c6b63c63f48f583a25a3c6206ef2937d7e34d87206410c51cfdf7811e40bf7b7a124ca20f

Download Submit
C:\Program Files (x86)\EagleGet\addon\[email protected]

Filesize
18KB

MD5
a1af69c6512bd7641c2ccdb4025c8fd2

SHA1
1898a9e48f9fca77ba11e882d127839749ee8e96

SHA256
ef2e2baad155b62ae37138c190127aede4d86948db0be96e952e97052395f837

SHA512
9f64e5b95318edffac6ec1dd09f5b1ddf3324e8e1eaebeead5ea4e25367a0d262b95428a47665f6fc215980da773e31d94ab6e6b3fa4159a4a08fba0daf31568

Download Submit
C:\Program Files (x86)\EagleGet\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Program Files (x86)\EagleGet\com.eagleget.chrome_extension.json

Filesize
398B

MD5
ce86ee686db7743eb5bc3850159092c9

SHA1
69434018ee6e609da7a3ed27a89af852217e458e

SHA256
cf951b06fc0b9c97ad1e731b68bb5fa09642900e9b615760caf63aad96251a99

SHA512
ed2664e86ea50ad4ecfa717f0c4bc311ebb92b02d7080bb11cedc73000387282e1b112d5a6cc1561ea18202dfc0c8ec871ce67e53539c8497a98519190993e54

Download Submit
C:\Program Files (x86)\EagleGet\dl.dll

Filesize
4.1MB

MD5
61791998574b320b6791c1416a4a5ada

SHA1
efd1d4827d2b81cd215b3588ae85f0a030cfe9f2

SHA256
d8d7c57efd836b230607e7ab46caddc9d38705e5f9af08637933d4d41a0fcb20

SHA512
8c1a6d21e16ba480b17ac6678e5148ba9263877f8cae2e7a22d542663d35bf5830f9593ccc6c76f0a7e5f88cf79d10ef0aace44e65398024e3621deada7d617c

Download Submit
C:\Program Files (x86)\EagleGet\download-complete.wav

Filesize
120KB

MD5
0efa3ef40736d08b8504575dbcd281ba

SHA1
bf900a29a60a2d109db849ae33b89e6544e48b02

SHA256
5c734125eaabaad56362f76c311fedeb86bfea5f19bd68a11d696be561f59651

SHA512
094e901553317895400190d66529f02e048e513be1a1a5b21f9eef25715dce2ac32adf197620f82a630d495380188972162d40635b290b688776afb916d8fd28

Download Submit
C:\Program Files (x86)\EagleGet\eagleGet_wfp_x64.sys

Filesize
84KB

MD5
cb9a12bde2db323740692f0f54f83dd8

SHA1
87f02a72c44ea04ad38d8d726c0c253fe0783d69

SHA256
69287e35b96f50df7fb628b8132f9a58bbb2d1312705aeccd15fc1cf3048fa2a

SHA512
e3153606a1c2d2c86c967ed2e680b714bc1ac6127dedb85409b16f582e9bee1fcf6f4fefcedd969dc3a9c1e9768318f46ffa735b5fca806b9364b9f57ae9af9a

Download Submit
C:\Program Files (x86)\EagleGet\eagleGet_wfp_x86.sys

Filesize
67KB

MD5
549219f86174d095f30b4f1da4189358

SHA1
432e98a1118e82160d5abf5e4658d0f7f5fa8404

SHA256
a1c5453dc41ab2176c985422e02a14f7b9113ed9af2fe5b9141c6d32a4e8a93e

SHA512
5adfb74807b39ac5ce0c91e501f68bbb85267cc2bc77b3ecddf91393d339c0bcc22dcb8200ab84798d30818a367ce945e4549877e960d0243c4d3cf07af614f7

Download Submit
C:\Program Files (x86)\EagleGet\eagleGet_x64.sys

Filesize
74KB

MD5
61745181308202b14cc2f47d50e85cf6

SHA1
b665b8004ae3fe4a5d141a5a95b0e28135d23ca8

SHA256
2875cdbd6960ada13590ee6569a077e36271653c03eca9996af166aad64e6385

SHA512
6424dd4c395326410a5222d26a6518a650524aad8a3e9428f16d06117e8c9b72a990f1b1df53ce342b87a3bb10ad609e640d290f2180f93ee2aaa571142dcda5

Download Submit
C:\Program Files (x86)\EagleGet\eagleGet_x86.sys

Filesize
59KB

MD5
5bf0b3477ce8b7c40d7f3fbd083147f4

SHA1
ee72e488b6ddd022fa0d4377ef8e6c4aec813d34

SHA256
617ecb74de35e7d27d6ea1e556aaab0b5e038e9a96963f5011b6fea203666cae

SHA512
bbc4e3da130b4b1963a0eca3fcb93287135057b3d1ec43384d083c90c11d810ee138f2306979912ec149fd94ae3be53d9eddcaa5f79b1842d7ef039d46480526

Download Submit
C:\Program Files (x86)\EagleGet\eagleSniffer.dll

Filesize
795KB

MD5
53d3c028da24192021cf0905eb0ba7e8

SHA1
c3b51ed01dd1af254044776cf36060d8c824c643

SHA256
e8c3684b0203022aa73238a8f01b2cb7b4c41d08f0655fc34cbf40450763a95b

SHA512
17c592e6412a857b7b6cd6fd881ae8d90f3ae1d8056a270dd3fafdb2213fc7753b0b27a531f46c11a3ef7ccb69572655168868c187ee1e8bf0134ebf39f0fc95

Download Submit
C:\Program Files (x86)\EagleGet\eagleSniffer.dll

Filesize
795KB

MD5
53d3c028da24192021cf0905eb0ba7e8

SHA1
c3b51ed01dd1af254044776cf36060d8c824c643

SHA256
e8c3684b0203022aa73238a8f01b2cb7b4c41d08f0655fc34cbf40450763a95b

SHA512
17c592e6412a857b7b6cd6fd881ae8d90f3ae1d8056a270dd3fafdb2213fc7753b0b27a531f46c11a3ef7ccb69572655168868c187ee1e8bf0134ebf39f0fc95

Download Submit
C:\Program Files (x86)\EagleGet\error.wav

Filesize
1KB

MD5
72309f20f2bfee0595fe8d20b8cbefb0

SHA1
efc2b2b263722dddffea44ffc7a116daf09709b3

SHA256
dce3297d94996c91126446e133145e4395c87ba47c4b731ca86c4c845dad8049

SHA512
0de89f9b0ca62cd9977e2becf30d8e9c416ad42f66d1bfbf78e34dc6301e0cec559813d76a05f11abeb39c7cac45e6c20bdf88c86c398c09158cb9f6c3af5942

Download Submit
C:\Program Files (x86)\EagleGet\is-D9MS4.tmp

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Program Files (x86)\EagleGet\is-G9HON.tmp

Filesize
596KB

MD5
ee7e9a4cb1bc952e356145eb6306a6ee

SHA1
e32952efe8daf7c58821cd008ae5169719c0e580

SHA256
50f7c306c28a22cd277daffa5d3f28ac7cb4c561b260aa8c4626587f8e82f103

SHA512
44fb2e38fd36e860685bad86fde03a9b829c98d4b8fa1bccbc061eb038a9e9031166f2249caeee135d584ee8b9fa1cdf27902ff017dfe6fa7285e75eb1c96c8b

Download Submit
C:\Program Files (x86)\EagleGet\libcurl.dll

Filesize
302KB

MD5
139d6ec3bf482e8d7f13b1b8faccf3d6

SHA1
ac3efd9a6094fd3be8235a47fe7232b4a4aff989

SHA256
e1f312ad674bad87d351b54e4f4367c7a8841cda8c00a45dab119cc67e516a25

SHA512
f31045e3f557357de2470dca49d6c071d6e9258ea1f97c1d2e5bc7feba594d721011e9ccde7e5f21375dda0eb347675e0d05554492f109a8ce4338a0874f926f

Download Submit
C:\Program Files (x86)\EagleGet\libeay32.dll

Filesize
2.2MB

MD5
61d8d7cbbd1cc7d544c8168d6c917ce4

SHA1
c003fbc9167817d98e34269c3f45eb5113aa7f89

SHA256
4a7768932385e490443dfd0f8b1402a0028f2a5736ebded5093c128a45b5da72

SHA512
b4790ca751abb622abaeea8b766f16d57a2b8f1f14442399a7ecc150ec605881f372481190c750ae5bf1f8b2e2ae63ca3a42e4c04d83207ac480dd8e92bb82c2

Download Submit
C:\Program Files (x86)\EagleGet\libgcc_s_dw2-1.dll

Filesize
42KB

MD5
c4b4409f186da70fcf2bcc60d5f05489

SHA1
056663c9fd2851cd64f39d882f6758e7a987bd42

SHA256
b35f2a8f4c8f1833f3cdec20739c58e295758ce22021d03d4335043148bd7610

SHA512
cdcb945a82a0304e4d7cfc9ae9d7e5a5e81d4e3025e982494c87c283f6fac542181e9e1e3028456b9b0b5b6279990cb3e1a50f9df0f6e707c70fa0e23c7a808c

Download Submit
C:\Program Files (x86)\EagleGet\lum_sdk32.dll

Filesize
2.5MB

MD5
ebd726064b21bfbae7cfe1c4df79e4e4

SHA1
34bcff8e8700a54fc6602ac0d8858b1bf50be02d

SHA256
7bc855278c56ded386ead23e38176fc8878d232ea7ece750e8b910c23133adf2

SHA512
8a2ae0af0a7c93af20d6425ef32d05efd7821018a1dc397379b0e6f72658fe758c02ac8f571600d2938057ea47241eeb2b0baa1aab67c11168b470842b24d693

Download Submit
C:\Program Files (x86)\EagleGet\lum_sdk32.dll

Filesize
2.5MB

MD5
ebd726064b21bfbae7cfe1c4df79e4e4

SHA1
34bcff8e8700a54fc6602ac0d8858b1bf50be02d

SHA256
7bc855278c56ded386ead23e38176fc8878d232ea7ece750e8b910c23133adf2

SHA512
8a2ae0af0a7c93af20d6425ef32d05efd7821018a1dc397379b0e6f72658fe758c02ac8f571600d2938057ea47241eeb2b0baa1aab67c11168b470842b24d693

Download Submit
C:\Program Files (x86)\EagleGet\lum_sdk32.dll

Filesize
2.5MB

MD5
ebd726064b21bfbae7cfe1c4df79e4e4

SHA1
34bcff8e8700a54fc6602ac0d8858b1bf50be02d

SHA256
7bc855278c56ded386ead23e38176fc8878d232ea7ece750e8b910c23133adf2

SHA512
8a2ae0af0a7c93af20d6425ef32d05efd7821018a1dc397379b0e6f72658fe758c02ac8f571600d2938057ea47241eeb2b0baa1aab67c11168b470842b24d693

Download Submit
C:\Program Files (x86)\EagleGet\lum_sdk32_clr.dll

Filesize
1.4MB

MD5
f6a5f00c374421fb1dfcfbcf4c7da827

SHA1
51444d4fd23b3489fbf5d09f42e2f1d537211d87

SHA256
3f02eef57685cbb39cb4408f625f6b23f36aa9622067fce9bdbc0b7f361ae316

SHA512
d0bc1f3140891376991af08e8d90ab5cc1482fd4b27c144412c51ca5c7520e170caa11b5463a02ec46bd0322db022048e9f542670dfd0721ac1006019e3ff274

Download Submit
C:\Program Files (x86)\EagleGet\lum_sdk32_clr.dll

Filesize
1.4MB

MD5
f6a5f00c374421fb1dfcfbcf4c7da827

SHA1
51444d4fd23b3489fbf5d09f42e2f1d537211d87

SHA256
3f02eef57685cbb39cb4408f625f6b23f36aa9622067fce9bdbc0b7f361ae316

SHA512
d0bc1f3140891376991af08e8d90ab5cc1482fd4b27c144412c51ca5c7520e170caa11b5463a02ec46bd0322db022048e9f542670dfd0721ac1006019e3ff274

Download Submit
C:\Program Files (x86)\EagleGet\lum_sdk32_clr.dll

Filesize
1.4MB

MD5
f6a5f00c374421fb1dfcfbcf4c7da827

SHA1
51444d4fd23b3489fbf5d09f42e2f1d537211d87

SHA256
3f02eef57685cbb39cb4408f625f6b23f36aa9622067fce9bdbc0b7f361ae316

SHA512
d0bc1f3140891376991af08e8d90ab5cc1482fd4b27c144412c51ca5c7520e170caa11b5463a02ec46bd0322db022048e9f542670dfd0721ac1006019e3ff274

Download Submit
C:\Program Files (x86)\EagleGet\lum_sdk32_clr.dll

Filesize
1.4MB

MD5
f6a5f00c374421fb1dfcfbcf4c7da827

SHA1
51444d4fd23b3489fbf5d09f42e2f1d537211d87

SHA256
3f02eef57685cbb39cb4408f625f6b23f36aa9622067fce9bdbc0b7f361ae316

SHA512
d0bc1f3140891376991af08e8d90ab5cc1482fd4b27c144412c51ca5c7520e170caa11b5463a02ec46bd0322db022048e9f542670dfd0721ac1006019e3ff274

Download Submit
C:\Program Files (x86)\EagleGet\lum_sdk32_clr.dll

Filesize
1.4MB

MD5
f6a5f00c374421fb1dfcfbcf4c7da827

SHA1
51444d4fd23b3489fbf5d09f42e2f1d537211d87

SHA256
3f02eef57685cbb39cb4408f625f6b23f36aa9622067fce9bdbc0b7f361ae316

SHA512
d0bc1f3140891376991af08e8d90ab5cc1482fd4b27c144412c51ca5c7520e170caa11b5463a02ec46bd0322db022048e9f542670dfd0721ac1006019e3ff274

Download Submit
C:\Program Files (x86)\EagleGet\luminati\lum_sdk.log

Filesize
1KB

MD5
e6ed6262773940d24a2c2e0e1420642e

SHA1
f103eb475ffb9ea4e554bf70b6e22bb1c0635ca1

SHA256
748bc3a649bb28bebbf30bb7f49390e58d3a5e830256dc52154e695182534d1b

SHA512
3bf751028bf1addac435fa354cea486ab6502eb79d1c85baa968a82be53d444a0d2fea56d4a55c1f8830eaaa47bd4663fa449aedb9f3e331db147c2289e50d00

Download Submit
C:\Program Files (x86)\EagleGet\luminati\lum_sdk_install_id

Filesize
32B

MD5
7dd75963cb7d9da739aac2f118e36769

SHA1
78ee4eea5dc8a9eff05e3c00b68fdc9ae9517fda

SHA256
f7ffca7422608c93f719b10b98fda6aaf27ae53bc3132210c4e7a166d5fdf23d

SHA512
ce05a86e656de4c234fe27f19448688ef28cb05bfcdf55eb420c62e16111abd13863b3652b6aad073da74b1d635060271306eedf2be515e870deff50649d130b

Download Submit
C:\Program Files (x86)\EagleGet\luminati\net_install.log

Filesize
4KB

MD5
d7a872fe30266b765275d02c1e92c5c0

SHA1
50bcd1afa9cbbd92e997a3108665ab1a5344739f

SHA256
c0669863f8633fbdbb23bd1c207400569f10778d7f210612c52cb23d448b4430

SHA512
576e1b57081345b0ff1a8441bede7cbb3027aa2a9c5d5244643b84378df2bbd036856578157b24dfdb38115a9c163d8cc336ac7ec38b4a80e25f497c451b9833

Download Submit
C:\Program Files (x86)\EagleGet\luminati\temp\net_svc.exe

Filesize
21.4MB

MD5
8f34457c690e5037672940452db574af

SHA1
8d48f26b69b8a580a72ff05a873baec17427e12e

SHA256
e7fc6e83e1e4bbf179ac0f4aa2196c3e397b95462ff8dd2260fa72c7333b131a

SHA512
724dbc36f725bef3083169a12766b0eafbef29b1be89ab3b7ba3077f73c96d74aef7827a33aa50e752dff76d2588b4bb2a036ec2bffb7f67a8358598e6397052

Download Submit
C:\Program Files (x86)\EagleGet\msvcr120.dll

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
C:\Program Files (x86)\EagleGet\net_updater32.exe

Filesize
2.4MB

MD5
558fd266c455963620c1be17369a303e

SHA1
1c37cf29c49080ce04358ee1e4effbe84c5e6073

SHA256
ed8347a00b3d77688f1602e92706b824801b13c6067a9b29113ea26b8f45f396

SHA512
7595fdd4c5ee5d0fbccca6e2b74b4b9d687595050c0a6cc3919d5ccd02be893d3aef4de5b64240e136ebbd948fef79073608a552993f3c7f19760e86eebb0d6d

Download Submit
C:\Program Files (x86)\EagleGet\net_updater32.exe

Filesize
2.4MB

MD5
558fd266c455963620c1be17369a303e

SHA1
1c37cf29c49080ce04358ee1e4effbe84c5e6073

SHA256
ed8347a00b3d77688f1602e92706b824801b13c6067a9b29113ea26b8f45f396

SHA512
7595fdd4c5ee5d0fbccca6e2b74b4b9d687595050c0a6cc3919d5ccd02be893d3aef4de5b64240e136ebbd948fef79073608a552993f3c7f19760e86eebb0d6d

Download Submit
C:\Program Files (x86)\EagleGet\net_updater32.exe

Filesize
2.4MB

MD5
558fd266c455963620c1be17369a303e

SHA1
1c37cf29c49080ce04358ee1e4effbe84c5e6073

SHA256
ed8347a00b3d77688f1602e92706b824801b13c6067a9b29113ea26b8f45f396

SHA512
7595fdd4c5ee5d0fbccca6e2b74b4b9d687595050c0a6cc3919d5ccd02be893d3aef4de5b64240e136ebbd948fef79073608a552993f3c7f19760e86eebb0d6d

Download Submit
C:\Program Files (x86)\EagleGet\net_updater32.exe

Filesize
2.4MB

MD5
558fd266c455963620c1be17369a303e

SHA1
1c37cf29c49080ce04358ee1e4effbe84c5e6073

SHA256
ed8347a00b3d77688f1602e92706b824801b13c6067a9b29113ea26b8f45f396

SHA512
7595fdd4c5ee5d0fbccca6e2b74b4b9d687595050c0a6cc3919d5ccd02be893d3aef4de5b64240e136ebbd948fef79073608a552993f3c7f19760e86eebb0d6d

Download Submit
C:\Program Files (x86)\EagleGet\npEagleget.dll

Filesize
1.1MB

MD5
054e9138c058522469c15914b6cac191

SHA1
3348718abe2975375a3a7edc3e458c66216ae62c

SHA256
fa775101b3e3d36934e716cc1718ae1008893d91a344aa94a9d2424092c2266e

SHA512
d1e713e7506e67a989e196ad3ad1899599ece192150b79595f68a5df70f30bb2dc3b092f1461a081ddf9fddc69717ce03934e431fbf2271b02eb9c3dcea2d455

Download Submit
C:\Program Files (x86)\EagleGet\npEagleget.dll

Filesize
1.1MB

MD5
054e9138c058522469c15914b6cac191

SHA1
3348718abe2975375a3a7edc3e458c66216ae62c

SHA256
fa775101b3e3d36934e716cc1718ae1008893d91a344aa94a9d2424092c2266e

SHA512
d1e713e7506e67a989e196ad3ad1899599ece192150b79595f68a5df70f30bb2dc3b092f1461a081ddf9fddc69717ce03934e431fbf2271b02eb9c3dcea2d455

Download Submit
C:\Program Files (x86)\EagleGet\proxy.dll

Filesize
935KB

MD5
efd86d051508f93eb579fe383c4a178d

SHA1
1245f64675be60a46f9bd06cd05c745f2434b249

SHA256
3e082acacba78908405821eb3e20385398e19548dfa8917a886794403ddf78c5

SHA512
730d4e72f8b47932904ec3f7d5b0b245de82c485d698fbe0c88e4c7dcb94d453fcdfbd4fe26235ebc729a4cd60e7ea8d18bcffddaaa5658aa713401efb2d7d90

Download Submit
C:\Program Files (x86)\EagleGet\sqlite3.dll

Filesize
596KB

MD5
ee7e9a4cb1bc952e356145eb6306a6ee

SHA1
e32952efe8daf7c58821cd008ae5169719c0e580

SHA256
50f7c306c28a22cd277daffa5d3f28ac7cb4c561b260aa8c4626587f8e82f103

SHA512
44fb2e38fd36e860685bad86fde03a9b829c98d4b8fa1bccbc061eb038a9e9031166f2249caeee135d584ee8b9fa1cdf27902ff017dfe6fa7285e75eb1c96c8b

Download Submit
C:\Program Files (x86)\EagleGet\ssl.dll

Filesize
849KB

MD5
33e605dccda13b7afc4846bc5056af41

SHA1
b1b7151137a616024079abdeaa243e6e907c1f4a

SHA256
1f6aded7bad36a6db25788eda836ea378fb4d6cd85f89f000683418e4a536897

SHA512
c7e56939ed037c7e1f20fc3afe82db9a8b8315db62e44d4514311f3df3634739c419bbf218f102259277f70c32a0574a557a9e1218b562f79653085c77cde12d

Download Submit
C:\Program Files (x86)\EagleGet\sslQuery.dll

Filesize
200KB

MD5
5daf1a805cfa13798fe84d42ef9cdf31

SHA1
e749b71b56d74218888976b11ba4e4330b3a8e28

SHA256
6259ab27937341e2ccb21dcb3b62b45b8a64bb80d968dc5047b4b9de02d72e78

SHA512
4c6a3375faebd819f8086ef980ad7117e94564a75cc83109fb3b33a8ef1af75811c210573659f7f6ad2230bbfc7db85aeca4aef0bc8ea274b107ad5108e44fc3

Download Submit
C:\Program Files (x86)\EagleGet\ssleay32.dll

Filesize
576KB

MD5
8c32276fe49dcf47b6f3364e3e6ad610

SHA1
839d246d96e12babf3963d62d0bdb378dc916638

SHA256
bcc7cc8af2f8d4ed65866a09640ca8391f9065f199526a32d783def445b0f3b8

SHA512
387f0296615355264bd48a15c7e7c8be3c4707ea02de40a2dfecdf61d5d041a8a60b71621c4f0835df5e1d9dda3dd1921b9bc2054dc1332d8097684f7eefa329

Download Submit
C:\Program Files (x86)\EagleGet\test_wpf.exe

Filesize
17KB

MD5
e37fc55e2375ede51b4f787ab426b89c

SHA1
9a252f1c22f596269b1880496d9722cd52a9f6c2

SHA256
e2b159c00d7cbe4c4994d1b9bfbdb7bd9214f89bb8e56a8dee96f0f8c3f93d3e

SHA512
aeff4196a573367d7bf0b8a8d5f7da4c1c79281d7309206324af1473c6bb8dcb2bf17996699c34baa5322afdca1373224dcd827809fa1ed02345cbcbe505b5d1

Download Submit
C:\Program Files (x86)\EagleGet\test_wpf.exe

Filesize
17KB

MD5
e37fc55e2375ede51b4f787ab426b89c

SHA1
9a252f1c22f596269b1880496d9722cd52a9f6c2

SHA256
e2b159c00d7cbe4c4994d1b9bfbdb7bd9214f89bb8e56a8dee96f0f8c3f93d3e

SHA512
aeff4196a573367d7bf0b8a8d5f7da4c1c79281d7309206324af1473c6bb8dcb2bf17996699c34baa5322afdca1373224dcd827809fa1ed02345cbcbe505b5d1

Download Submit
C:\Program Files (x86)\EagleGet\test_wpf.exe

Filesize
17KB

MD5
e37fc55e2375ede51b4f787ab426b89c

SHA1
9a252f1c22f596269b1880496d9722cd52a9f6c2

SHA256
e2b159c00d7cbe4c4994d1b9bfbdb7bd9214f89bb8e56a8dee96f0f8c3f93d3e

SHA512
aeff4196a573367d7bf0b8a8d5f7da4c1c79281d7309206324af1473c6bb8dcb2bf17996699c34baa5322afdca1373224dcd827809fa1ed02345cbcbe505b5d1

Download Submit
C:\Program Files (x86)\EagleGet\unins000.dat

Filesize
67KB

MD5
7f039c2b8087349d328f917b5462cdd6

SHA1
5f50934ad241b685ded253a4f715035e3d7f7661

SHA256
645ff92171fcca9c4bd5273f860641c7b0c6a542f6fddbc17c9bf0bd98281be5

SHA512
49a0d71376d1e2cf18c2242181b292fc5ff15343cbd646aa575868335774df724438578d88802b27c41651669c4081ed08bd5f48f1fec1d5da654aba575d6045

Download Submit
C:\Program Files (x86)\EagleGet\unins000.exe

Filesize
1.2MB

MD5
44d563ac5e67e28730b5bad898bd4518

SHA1
775c67f4912fafd639c12c1e38ef4624f54edcd7

SHA256
f9ae0a8a53e9d0314b25f92f29892316bb3e228a22173e312a05627bcde1e31f

SHA512
3502f35038b1a28b538fb203db0951a2fcf445817c14c4352f76bafe44ffc9066ff66c395c7efaf5290d2d29b566e3b217a48aac98b2fc163a85572a49039d89

Download Submit
C:\Program Files (x86)\EagleGet\util.dll

Filesize
1013KB

MD5
b87b80e55c218e30b6d130d881714efe

SHA1
00816ae02538f0a69fe57b27c6674ec03eb1238d

SHA256
6db10a3f85934cc8fc265922b3ed9ccfa724da19c6a50303c23bb379d0b9219a

SHA512
07071535af4910b4acaa4d7110312f6535539859c4d389ced409fe248fd970174b1731d1b741ed9d06f5bdbb52751b3835fb6b17f08c1fb537640a04833a228a

Download Submit
C:\Program Files (x86)\EagleGet\util.dll

Filesize
1013KB

MD5
b87b80e55c218e30b6d130d881714efe

SHA1
00816ae02538f0a69fe57b27c6674ec03eb1238d

SHA256
6db10a3f85934cc8fc265922b3ed9ccfa724da19c6a50303c23bb379d0b9219a

SHA512
07071535af4910b4acaa4d7110312f6535539859c4d389ced409fe248fd970174b1731d1b741ed9d06f5bdbb52751b3835fb6b17f08c1fb537640a04833a228a

Download Submit
C:\Program Files (x86)\EagleGet\util.dll

Filesize
1013KB

MD5
b87b80e55c218e30b6d130d881714efe

SHA1
00816ae02538f0a69fe57b27c6674ec03eb1238d

SHA256
6db10a3f85934cc8fc265922b3ed9ccfa724da19c6a50303c23bb379d0b9219a

SHA512
07071535af4910b4acaa4d7110312f6535539859c4d389ced409fe248fd970174b1731d1b741ed9d06f5bdbb52751b3835fb6b17f08c1fb537640a04833a228a

Download Submit
C:\Program Files (x86)\EagleGet\zlib.dll

Filesize
52KB

MD5
87eddceb9d22c129e386e652c5cda521

SHA1
0447ff30dfe7a5234624ea21a6947e88f6e80054

SHA256
792d768258eddaec86d9263e51ff64ee6f0bed2f28205f535ee150e94f8d6a2b

SHA512
83ae55dde165165b8001463cb3c4b3713ddc5108a68af5289055bdb10b2c10f1338e2eb6337703edc299e375f9c9f04e757d92eee535994ab61c841e2dff78ec

Download Submit
C:\Program Files (x86)\EagleGet\zlibwapi.dll

Filesize
382KB

MD5
b97a71c359c03cf1e9bc1c06e3aa9162

SHA1
c3d1971f3556a2d60df7683b601e7d0d42805588

SHA256
2c22a3dcad17df613e8bf2ae1db82387aef9826747136436c6d6f00b43dfa5ad

SHA512
f3e884abb645e101d80a33666bb610290fabd47da6855b4a5618d17d260730b9ffa0426f2c3ce9cc17068bdf496fed368b0c334f7421fc5575a58354718aa9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
4e36625d1c5999429e13aebd31e3dd68

SHA1
5dfff3d25a1a5f3497c812aa165cb2ba926c8435

SHA256
c1a806f53609131692ea8f6c3e347a04d4b4920aea5f15902d797e8a75be5204

SHA512
bff5d7d9c7c6548f20c3d3e3ffdd44e01ef1574f5a31edad778cbe6f7e5c936f37ee6e7409e42924dd0817ecf7cc0842aba5e155fac815d06cc66faa648ae561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f08a.TMP

Filesize
48B

MD5
01d7e2d9782e68b3ad816067d9859de0

SHA1
0b2e63e52f23a28e3ddf417d7ef45b4c1a24f309

SHA256
f5f69f4c3231f983a54c909155c1b4acc819569df2943e3b6fdb974d73b6b02a

SHA512
d5e5d677105e41ff349eca43c1303ef695876007addf5de846a2944963962df3f67fe8ede58a08526cac38f0fd6028bd2da61231df2c86cc94e4b39eeaf908f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
24c71cf3796bb9f4bef7dc1e2f13a589

SHA1
4005841305ca28408559dc7d9d4e87fc9bccbfd6

SHA256
dca0551f9fa379fae2deada95bc9bfe50879ad5ba35df6811e88353a5268f7aa

SHA512
938421fbae13521058c6de779df8cca0bfdfd572e7cb20c2eccf499a4c91d3ab7d2480d95745354753581dc97c363c56aff46e29545cef17097d0ecd516ebbb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
804B

MD5
eb04d290c014775c8dd0a94298548ee4

SHA1
f65747efff908288dfa77893a4cd6fefcb666362

SHA256
d7191b52f2211262cbd7a82b5bc13d6eae74c766f046f91c2701b2a809f96074

SHA512
790329ff1845f16d2d95e7fe4e7d223013a97d75a3bb9c8ef198e2f4c88e0f7e7027a9545cba238189b0be8d55ccae9a7de1981545e995261ea0755d8a680fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
4dd6dd7f2c14f42b7e9d4dc3cce2e82e

SHA1
5ce33867a069aff05d6462eba6b99737e1937368

SHA256
d4e85046185ff3e8c6298233b5f028c344266b1c84ab4b26f18b0d6099172df5

SHA512
6d056651c1dd64e0967c4be62a69d92c2bc032fbc798ab99496aa4575c46f3456986767adf16e6944ef52550d07f08926dd044ecd60340a7cac41095e9d1077f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be1c948c834d0ded6394164329be3198

SHA1
3de13e0bc2df0a7dff80ec2ae2b23bb467e9f8b5

SHA256
df2f309fbbe5b45e66cfe9da4014fa6a17b4b68d86b35b9a9c6eb19f24658cf7

SHA512
04d54b7eecfd95915403615679880fec76887a83e851b95520715b20baf3b6a5d4eb2f6636dbded92e45987b953cc03f692ed9b427d710b5ae0d515c997b3c02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
d0cdbc3a16006ad55fee830a79ebb339

SHA1
d77245732f3dbf8ef0a87f601b7723ba962b76a0

SHA256
e8069fb5a6348150cde84009f5bdf7a1f9e3c79f8f984189472b5e9377f712bd

SHA512
4148abdcc773f36b1867f0e69e894c148283659debfd7d793f8e52aa7387f8930110dd9ac48bb85756ced5569d94712fb9764ab0c11130db3e28332080b64b1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\CallbackCtrl.dll

Filesize
4KB

MD5
f07e819ba2e46a897cfabf816d7557b2

SHA1
8d5fd0a741dd3fd84650e40dd3928ae1f15323cc

SHA256
68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d

SHA512
7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\back.png

Filesize
2KB

MD5
ef9ed169ba900bc5250d0210d25619e3

SHA1
d333ee23b4441e7da0109886159f7c9e78819c5c

SHA256
806f42fddd09b24993ec053e6fdcae023e4833b371590843a498aacac20b8c7c

SHA512
042e7fef639b74e421ab456e41301dedd1a91f29795b5594eea89ee95ff6c44b3f72936e639f8671bba3874fb6f536c7ef01bc878c5e3a1bdc1e73ae2f716267

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\btn_browser.png

Filesize
2KB

MD5
8dd4f9f2c22073544694eca39c4f305d

SHA1
f7944cd8aa4f4b5233867dbdcea034a8d4be69e2

SHA256
0f6e9827ef681b88722d2013ae44fe5f8eeeaf22b6fe64904ecd0852de8197c8

SHA512
1c8708c77e8e61659ad7a903a4b5431e72532645486ca62e9b84d42f2e1fce2ebf07d17b64241656e08f32d766843dea6bc40fe7e8ff6e010201de8860a0d189

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\btn_close.png

Filesize
204B

MD5
b780d58e26ddf76733743501d00123d4

SHA1
594b7196378628bcc7107e8186e2f2f6da07ac0b

SHA256
8a6026306c1774d027022b3ee600c34b296ab8135f46c872d74c734baa239eac

SHA512
8691a1c2a00311f31224fee23803a91bc2a7597aa2ac928cfc43291b7c6cfd89bce7f7fd60d8448603b5c441ff2706f9686e1fa71c56041d0c5377eb1e14ba5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\btn_complete.png

Filesize
2KB

MD5
af03b33cb3b3fcce4b69e62cd1078dc6

SHA1
d15fc6f9ef7eb0d7d0d02981692dd355ffafdd5f

SHA256
a37b5af0b4ec0c9598e0fd6570f4b4f60a4d9d9d10e589b93f509a60f04ace55

SHA512
edd54d31a64d302ba0ba1ada691b464b9c3252ca752ad9817ec8caa0f8b375a94786d6ded8fa313666fc07d648463fc9b47a937877c3716bf245e53a649343df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\btn_min.png

Filesize
103B

MD5
2e9c0f6a83184050751c5cb0dfae2397

SHA1
f1c3e7a900db6572ac0940b833b1ec30141bc17d

SHA256
686967328122f54acd92f85f6c162d42a8f607148f511ec4f7ab41010fc7db66

SHA512
03256bfcf0df9e390e1cfa1b4571aece489270d6c72f231db1c0a1d22b9c181a89fb2865810af217956b052eb47f34d5636edef4606074f607203358370ffc90

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\btn_n.png

Filesize
1KB

MD5
66deff37283bca24ea963ae3a3963b38

SHA1
6c2410db0d9d77ed8019c01d68cb9fcdfa93b330

SHA256
d9f0859f6a5648b0a9060200cc9a7534161e1b22844f631766e4e3540090790a

SHA512
706a5f2b297694f48f623ba3ab9b0cbadd4a48be9d3b619ec76cf0aadf1638134d65a8de492b869573c136665778bfe86133cb9973d47f29f95683c4bb83faa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\btn_setup.png

Filesize
4KB

MD5
212afbaedaa752a5e8957a609a0ae9f1

SHA1
73e210e0fdd3ac797e6b30bb57a17f2ddd195002

SHA256
d95a68be5109a23db0d0dff20ba3453ca69d39f48f2ae996255b84557a96881b

SHA512
b83e22c50f011f2bb42ea6936bd2b776d9371c933119a7aa19181cb2a3f7e050478c8e679410aea39ecc750b408ecf55fd927bad1234fa041a89ebd737ac5061

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\checkboxdeep.png

Filesize
351B

MD5
3f5325a8962d480ccb89be73e7e054b5

SHA1
319e2f9e1c6c681f79265f6b24606574cbbeebbc

SHA256
ecfe768ec009c8cb24edb1dd3cfe8a8e8a583fcfc90ec90442ce1c8d59241cdc

SHA512
5994ba26c4fdc4ae3a94af2e0e48e3e173c8094fa8b069bfa47b1403ba8283e2ee312f49c308eed2f0d9d244373577244c6d8e4495d4f91f8b6597fff90b4db1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\license.png

Filesize
1KB

MD5
8277d98e048ba1adf360d63622f5b0bf

SHA1
0bdc270cd963b2b34e919250455062f782052a47

SHA256
9a004daa7630d4916c962e681f1a1f95db3ff476fe82272dc937f7ac200683a2

SHA512
5b8a354efe4073473a92118027b06d1fe599a422f395fbfa17ce0bf5c3a0cb94c7bfadb1c324e66829ad478e1561200259d32d05514fbaa22f6bbc3a90a8579a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\loading.png

Filesize
89B

MD5
589ac6ffe91a177aff97dabe25689011

SHA1
36e1bf95b0ddee3359b906aedcd1bdf74dfb646d

SHA256
2313bd947e407ccee25c6bcba3c7d45f5c92159950d9d1277d258a293760a732

SHA512
688dd947443dcb79a85843ccb845c5ec4a867dbb393e6fc0e4bf5d143faaf8ffc13360d4663aaa37862e30ca8a52f1adbb066c29e893feed8f057fcbd7ca1a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\loading_pic.png

Filesize
12KB

MD5
cd6306a12fc1fcedfa3b58da75386bda

SHA1
7ca8035de254c7daa138d4fbab14e3a1045538aa

SHA256
a6a1ee3dfe884126494a906cc36fb34f7a75ee0db932e0f4b4507b5cf9851765

SHA512
bda08fcfe9ccf5b9ac41adc4b5fd53cb510ad4f89aec611206d5e8125319e99972d6c28aabac4e492927efd9602bca51fdfe8ffaaca886dd224c3c50bf587b1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\loadingbk.png

Filesize
112B

MD5
bc922799a665701140e9f65da9722b61

SHA1
6f3248d471ac006145266498e6f0012423bd25c4

SHA256
08e0aa5886e0951fa48c3c1d6b6307e542dfcbed8e953c5d685e88433293b652

SHA512
b9ca303317906d6e9dd5efc30e10fadb5191725d03bcd7b99a7519409948543fa83f7e85db03428ab7594bbb42c8e598dac447a91e404aa2c31cfc80eeaaa5df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\sqlite3.dll

Filesize
596KB

MD5
ee7e9a4cb1bc952e356145eb6306a6ee

SHA1
e32952efe8daf7c58821cd008ae5169719c0e580

SHA256
50f7c306c28a22cd277daffa5d3f28ac7cb4c561b260aa8c4626587f8e82f103

SHA512
44fb2e38fd36e860685bad86fde03a9b829c98d4b8fa1bccbc061eb038a9e9031166f2249caeee135d584ee8b9fa1cdf27902ff017dfe6fa7285e75eb1c96c8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\util.dll

Filesize
1013KB

MD5
b87b80e55c218e30b6d130d881714efe

SHA1
00816ae02538f0a69fe57b27c6674ec03eb1238d

SHA256
6db10a3f85934cc8fc265922b3ed9ccfa724da19c6a50303c23bb379d0b9219a

SHA512
07071535af4910b4acaa4d7110312f6535539859c4d389ced409fe248fd970174b1731d1b741ed9d06f5bdbb52751b3835fb6b17f08c1fb537640a04833a228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2AVFD.tmp\xy.png

Filesize
11KB

MD5
e92f3fbf3876c4044722fd975281b3ff

SHA1
d92877cad872663616a48f25af291e8bffb246aa

SHA256
31137ad0ef19381e1778eb89b6cb9f70a9ee5244ad943ad494e1e57b18b48ab7

SHA512
46fdb373fe54ecf762adcba6a08a0e2e67080d97931fe1407d4f60b74921d9ef7d38ec7104271805635a015ba5230a09e16de60010aecc5c404ae376efddfac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KM2U8.tmp\eagleget_setup.tmp

Filesize
1.2MB

MD5
eb42e5720e09cd014694a22c86929f5e

SHA1
b619dccd5e1deb090d8eae6c6bac5e5dae91fdfb

SHA256
4dc2d414277e497490d2009f370051298bccaa649d0a335b064269a0bb9bbbf3

SHA512
4f5ea3e32f7da75799b8067351a860f6c840dba8108c92d34d4be7d6b811140e6b2dd161ba4bd90df77dff41b74e1e85b536b3776cadb656018a1914acc3ee2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-KM2U8.tmp\eagleget_setup.tmp

Filesize
1.2MB

MD5
eb42e5720e09cd014694a22c86929f5e

SHA1
b619dccd5e1deb090d8eae6c6bac5e5dae91fdfb

SHA256
4dc2d414277e497490d2009f370051298bccaa649d0a335b064269a0bb9bbbf3

SHA512
4f5ea3e32f7da75799b8067351a860f6c840dba8108c92d34d4be7d6b811140e6b2dd161ba4bd90df77dff41b74e1e85b536b3776cadb656018a1914acc3ee2f

Download Submit
C:\Users\Admin\AppData\Local\luminati\494419af5d7e83503dd53f7beed2d6841c1136e5

Filesize
32B

MD5
7dd75963cb7d9da739aac2f118e36769

SHA1
78ee4eea5dc8a9eff05e3c00b68fdc9ae9517fda

SHA256
f7ffca7422608c93f719b10b98fda6aaf27ae53bc3132210c4e7a166d5fdf23d

SHA512
ce05a86e656de4c234fe27f19448688ef28cb05bfcdf55eb420c62e16111abd13863b3652b6aad073da74b1d635060271306eedf2be515e870deff50649d130b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
59a5b377bdaded8dcd50f7fae5f11b21

SHA1
d22ded10fb0e747109a5f12adc44519a938b0fde

SHA256
87a48314309235df15bdc32abd2d18d84b9b60e3575f221b3a4d97f6747353fd

SHA512
75b3fbaadab42a9780fe6b198ef98ff9b3ca1bd103ec79850a0278936d9fe956000f6b68a909520d54fd1bed78771982050d9ee116aa6d90d469793b74d4773e

Download Submit
memory/384-777-0x0000000001E70000-0x0000000001F58000-memory.dmp

Filesize
928KB

Download
memory/384-822-0x0000000001D60000-0x0000000001D70000-memory.dmp

Filesize
64KB

Download
memory/384-846-0x0000000001D60000-0x0000000001D70000-memory.dmp

Filesize
64KB

Download
memory/384-709-0x0000000001070000-0x00000000010D5000-memory.dmp

Filesize
404KB

Download
memory/384-781-0x0000000003560000-0x0000000003976000-memory.dmp

Filesize
4.1MB

Download
memory/384-1103-0x0000000001D60000-0x0000000001D70000-memory.dmp

Filesize
64KB

Download
memory/384-937-0x000000006E400000-0x000000006E479000-memory.dmp

Filesize
484KB

Download
memory/384-1104-0x0000000001D60000-0x0000000001D70000-memory.dmp

Filesize
64KB

Download
memory/384-936-0x0000000063080000-0x0000000063254000-memory.dmp

Filesize
1.8MB

Download
memory/604-850-0x00000000018B0000-0x00000000018C0000-memory.dmp

Filesize
64KB

Download
memory/604-886-0x00000000018B0000-0x00000000018C0000-memory.dmp

Filesize
64KB

Download
memory/604-660-0x00000000018B0000-0x00000000018C0000-memory.dmp

Filesize
64KB

Download
memory/604-668-0x00000000018B0000-0x00000000018C0000-memory.dmp

Filesize
64KB

Download
memory/1188-239-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/1188-585-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/1188-657-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/1188-460-0x00000000074B0000-0x00000000074BE000-memory.dmp

Filesize
56KB

Download
memory/1188-139-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/1188-188-0x00000000074B0000-0x00000000074BE000-memory.dmp

Filesize
56KB

Download
memory/1188-459-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/1188-821-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/1188-658-0x00000000074B0000-0x00000000074BE000-memory.dmp

Filesize
56KB

Download
memory/1188-270-0x0000000007750000-0x0000000007751000-memory.dmp

Filesize
4KB

Download
memory/1188-271-0x00000000077C0000-0x00000000077C1000-memory.dmp

Filesize
4KB

Download
memory/1188-243-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/1188-613-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/1188-240-0x00000000074B0000-0x00000000074BE000-memory.dmp

Filesize
56KB

Download
memory/1188-241-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/2768-617-0x0000000003230000-0x0000000003240000-memory.dmp

Filesize
64KB

Download
memory/2768-607-0x0000000003230000-0x0000000003240000-memory.dmp

Filesize
64KB

Download
memory/2768-598-0x00000000064D0000-0x00000000064F2000-memory.dmp

Filesize
136KB

Download
memory/2768-609-0x0000000009530000-0x0000000009538000-memory.dmp

Filesize
32KB

Download
memory/2768-623-0x0000000007500000-0x0000000007522000-memory.dmp

Filesize
136KB

Download
memory/2768-610-0x0000000003230000-0x0000000003240000-memory.dmp

Filesize
64KB

Download
memory/2768-611-0x000000000A0C0000-0x000000000A246000-memory.dmp

Filesize
1.5MB

Download
memory/2768-615-0x0000000003230000-0x0000000003240000-memory.dmp

Filesize
64KB

Download
memory/2768-616-0x0000000003230000-0x0000000003240000-memory.dmp

Filesize
64KB

Download
memory/2860-542-0x0000000000610000-0x0000000000618000-memory.dmp

Filesize
32KB

Download
memory/2860-545-0x0000000002A90000-0x0000000002AA0000-memory.dmp

Filesize
64KB

Download
memory/2860-544-0x0000000005020000-0x000000000502E000-memory.dmp

Filesize
56KB

Download
memory/2860-543-0x0000000005040000-0x0000000005078000-memory.dmp

Filesize
224KB

Download
memory/3256-726-0x0000000001650000-0x0000000001660000-memory.dmp

Filesize
64KB

Download
memory/4472-828-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4472-133-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4472-238-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download