customerloader | hxxps://createmygif[.]com/download[.]html

Analysis

max time kernel
184s
max time network
201s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
25/10/2023, 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://createmygif.com/download.html

Score

10^/10

customerloader downloader loader

Malware Config

Signatures

Customer Loader
Customer Loader is a downloader written in C#.
downloader loader customerloader

Executes dropped EXE 5 IoCs

pid	Process
1788	CreateMyGif.exe
4412	CreateMyGif.exe
1564	CreateMyGif.exe
5888	CreateMyGif.exe
6092	CreateMyGif.exe

Loads dropped DLL 64 IoCs

pid	Process
4412	CreateMyGif.exe
4412	CreateMyGif.exe
4412	CreateMyGif.exe
1564	CreateMyGif.exe
1564	CreateMyGif.exe
1564	CreateMyGif.exe
1788	CreateMyGif.exe
1788	CreateMyGif.exe
1788	CreateMyGif.exe
5888	CreateMyGif.exe
5888	CreateMyGif.exe
5888	CreateMyGif.exe
1788	CreateMyGif.exe
5888	CreateMyGif.exe
1564	CreateMyGif.exe
4412	CreateMyGif.exe
4412	CreateMyGif.exe
1564	CreateMyGif.exe
1788	CreateMyGif.exe
5888	CreateMyGif.exe
4412	CreateMyGif.exe
1564	CreateMyGif.exe
4412	CreateMyGif.exe
1564	CreateMyGif.exe
4412	CreateMyGif.exe
1564	CreateMyGif.exe
5888	CreateMyGif.exe
5888	CreateMyGif.exe
1788	CreateMyGif.exe
1788	CreateMyGif.exe
1788	CreateMyGif.exe
5888	CreateMyGif.exe
1564	CreateMyGif.exe
1788	CreateMyGif.exe
1564	CreateMyGif.exe
1788	CreateMyGif.exe
1564	CreateMyGif.exe
1788	CreateMyGif.exe
1564	CreateMyGif.exe
1788	CreateMyGif.exe
1788	CreateMyGif.exe
1564	CreateMyGif.exe
1788	CreateMyGif.exe
1564	CreateMyGif.exe
1564	CreateMyGif.exe
1788	CreateMyGif.exe
5888	CreateMyGif.exe
5888	CreateMyGif.exe
5888	CreateMyGif.exe
5888	CreateMyGif.exe
5888	CreateMyGif.exe
5888	CreateMyGif.exe
5888	CreateMyGif.exe
4412	CreateMyGif.exe
4412	CreateMyGif.exe
4412	CreateMyGif.exe
4412	CreateMyGif.exe
4412	CreateMyGif.exe
4412	CreateMyGif.exe
4412	CreateMyGif.exe
1788	CreateMyGif.exe
5888	CreateMyGif.exe
1788	CreateMyGif.exe
5888	CreateMyGif.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 844863.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4552	msedge.exe
4552	msedge.exe
2076	identity_helper.exe
2076	identity_helper.exe
1088	msedge.exe
1088	msedge.exe
5888	CreateMyGif.exe
1788	CreateMyGif.exe
1788	CreateMyGif.exe
5888	CreateMyGif.exe
4412	CreateMyGif.exe
4412	CreateMyGif.exe
1564	CreateMyGif.exe
1564	CreateMyGif.exe
1564	CreateMyGif.exe
5188	msedge.exe
5188	msedge.exe
5188	msedge.exe
5188	msedge.exe
6092	CreateMyGif.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1788	CreateMyGif.exe
Token: SeDebugPrivilege	5888	CreateMyGif.exe
Token: SeDebugPrivilege	4412	CreateMyGif.exe
Token: SeDebugPrivilege	1564	CreateMyGif.exe
Token: SeDebugPrivilege	6092	CreateMyGif.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe
4812	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 720	4812	msedge.exe	85
PID 4812 wrote to memory of 720	4812	msedge.exe	85
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4744	4812	msedge.exe	89
PID 4812 wrote to memory of 4552	4812	msedge.exe	90
PID 4812 wrote to memory of 4552	4812	msedge.exe	90
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91
PID 4812 wrote to memory of 3044	4812	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://createmygif.com/download.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe10c46f8,0x7ffbe10c4708,0x7ffbe10c4718
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1088
- C:\Users\Admin\Downloads\CreateMyGif.exe
  "C:\Users\Admin\Downloads\CreateMyGif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1788
- C:\Users\Admin\Downloads\CreateMyGif.exe
  "C:\Users\Admin\Downloads\CreateMyGif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4412
- C:\Users\Admin\Downloads\CreateMyGif.exe
  "C:\Users\Admin\Downloads\CreateMyGif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1564
- C:\Users\Admin\Downloads\CreateMyGif.exe
  "C:\Users\Admin\Downloads\CreateMyGif.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,11855175915389141295,13194895217900566293,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1396

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4152

C:\Users\Admin\Downloads\CreateMyGif.exe
"C:\Users\Admin\Downloads\CreateMyGif.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5ba396d1-31c3-49e8-81d6-f6231e9f357e.tmp

Filesize
6KB

MD5
10612486bd41bb670a8e04ed1cc7fbc5

SHA1
3c601c18be56e7b9f3a76cc95d38ca4ec9bace8d

SHA256
073f0c64b698c8c7d1365bb11223ad29b71a88023e8cfa016c0235ac3039bd9a

SHA512
948ad867990296db34de98fc1e2fa47ac195de2f0ca18832dab5cd07f40a9eb36575d46c24e897374a96a94cb71f79f5aee1d57af08b1ce12ba1e9f259d9f466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
168B

MD5
6d2e3762ee0bc6f01cfcf67984df78fa

SHA1
c4936c37365a95d27b585da8ecd32e9fc3a4e3e6

SHA256
4b686d7637f9c47b43def1f36a81bb01a193a19e90b9437e015b9cf63f6105cd

SHA512
8aba2a2ac407076f4687a2a1129d809605e0af162f4088f381fbe8c46e1a273234fccbedf7c8fb96b3c6d9e0cd7465ebfe71e5300663eb9fd3d173323ac7f2fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
25e2a632f24757fa752ab0e6e78f8c64

SHA1
7280b1e216da8eb336a3fbcce90cff8b2884170e

SHA256
b748979e8361bb17ce014ccb3747a8904ab54de16be798244515ae5851ae2904

SHA512
f24a4b0e2e7bfb455512fedc32057a0542e59d3c01a2685cf011a352354a0ba59f9717e79eb80465ca9cdd390ffaed0d45fbd1555549a2cbe8a7fd0f9b310b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
68938288813287111bea4d6096e434f6

SHA1
884307a1cb3dfb188cfa48a83c82dd0d3f79d7c1

SHA256
f2aa59f649520c04ce4e37acb0bf732444530bf3e6285cca0399e22b1913e207

SHA512
7c7c4dd8f8ed6f951b219643e07ea02d2902d0ce96709c16f724b7dfdf1333f04dd8ed33252877c77c638e4d7aafc39c51a40bf5314615f948c2994df31f2872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a8defba80643a5e1455e44e805ee3b9

SHA1
6bd02da64d58df6674f01feb85c7b242b0555355

SHA256
4f1a54be976c043238e1f7ccbb348f33218cf5152ad06bff86fcaeb5b7812603

SHA512
29471640fcbdb00d34e513860314d39900ebe6843899edd874c1fa90190968080405af18dd4408195f8afad4488deeb37a1b17920a88af24d814d311d70484b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8ac5a5c7f570603ef2abfdd457310a7

SHA1
52c268088093a9ea2324cae34e140c6610d8fd5f

SHA256
ab1fb7f5f041c5b6b34a3ff0fa45c3b7412cadb4411c3e8af1402cd23140e0a7

SHA512
12008cbecc699a70ce1d3ffec2f524cc5a66cb1b5361b65e75f2bf7a4a963ca0bf2bc84b24b20ff6b30a3a1774840bd7b32480bd667ddc56e93e48e353c34483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
218cf18b8df9e6bb067d14e1d7131fc8

SHA1
8af7dcc82d5b33c1b3da703f6472fafcba41b6e4

SHA256
87700eb60a07cc4da09e0bf01118ba65d8c28a752449f856b4e24262c8cf958b

SHA512
6e2043f99b61b9560f40cf230c848f2b9c05fd2e1e13d4804921195a606a7d395057f503a2f97b17aacd97a321ed0216c034ecaa5ba6beb1311f9fcce5dda13f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bd89d25bed1968e7013a63c7eaf7036

SHA1
009e48a3b83dca7d34bfe95b35844291788f79eb

SHA256
0c3893277e1d83ea97e6a204a990d737c68a5980481aee41bf53c64618a5cbc7

SHA512
cccaf6d24a5bc948e80cbf3409fb1facd8d8ce6222bd0478e70a95b73756457df838d3f7bc9ddc9800e3f140c34264678bba03c73c19bc90611916b539eb29e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b436999c5bd824d77ebc49ae234560b2

SHA1
9c25fab1a6145f255f1f6e04b73ac32fc8c40a61

SHA256
6946274559703e1bbd0f720002730030dec3f63a86815d16a3b9c5d63d3aa106

SHA512
7623e94af8c9adb801f6249cfe07792564e0633ba7c87605839acc2fb51737fb3b090bd0e97cce3235ffd0afb7477abb73c859dd2069d8a4bd2a4f4faac5271d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b0f9b854aff97a080c0dee9f6984fce

SHA1
c66d4a476fdc499bd46bc3db1af823760903d029

SHA256
12cf4e185dcfb5fa3542de38017f495d6c4c20ca82f49e2675fb5a89b3fe517b

SHA512
0d3c8c9039683fec5edd7b1c81d7afd95a37b88462af6606afe13bedcc5abf1a0b215a74b2e92af795129e771661389fd7b880de3ca615096f32790f966d7f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fe8e0ccbd13645e95605341bfec29927

SHA1
b61c3c1386a119ca6f5ab41fb4f94b80e4ad10b3

SHA256
44326b8c65a70b4671d566014d3edfdebfbf0112f002a957bd2e67ff518002bd

SHA512
3d9a2f6614f4245fa203a22644d7e0568ec82bc7a1257260b34654ca9ed82c16f2b445347a0f86275adb9eaa66de97f43c00c177e026c1c15afe4b9f9453e9e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
049adead039ce190e65d105c4953524b

SHA1
5eb3adb01b2683981dec3a36f7a64e371aa51cfe

SHA256
0a62f98014c464339637e56015ea8158f802fc22acca0f3e5876af1872e11c6e

SHA512
b65ef78dfaa8d1dc0d9c9f651ab5416db80d97299f8cf449245635db350fe56d4f18ecb863bb89e4237c1e4b13a088acfa95f9b497f552e88c3a0f7478fec763

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.ComponentModel.Primitives.dll

Filesize
48KB

MD5
f70bcb4a777e63817ca35963dc964923

SHA1
f60f88e8d388fe5954d9e1b2a1dbcd9f4de4b91c

SHA256
b93edd180187cbc753f429a792c4d08173e9183a206ca9ee358b0a0e9ddfa740

SHA512
95e64404be21ab765f38832e46f47c17d472620131da3259ae5a4df144d8a2e95292a48d17515889b2cfa11ad2078c5d255a2fac088e61898bbbd80b1b6ee5b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.Private.CoreLib.dll

Filesize
8.3MB

MD5
d7cf959f116b764db8a0d8d556b50925

SHA1
dff30b342248adae4801d17e0310648dba4ea63d

SHA256
9ce4d015b9350831a05fc43ca0230148efac40ad0f3f2e7483c5bf131cc458ce

SHA512
d145561ea7d7312c81d59a56ee4f884fa8fe6ac82b6a2eff76c8ed09021fb16ab73722d800bab9318467798693c926b9a8c05c68e1441fa5c3bae2e1ae60a86c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.Private.CoreLib.dll

Filesize
8.3MB

MD5
d7cf959f116b764db8a0d8d556b50925

SHA1
dff30b342248adae4801d17e0310648dba4ea63d

SHA256
9ce4d015b9350831a05fc43ca0230148efac40ad0f3f2e7483c5bf131cc458ce

SHA512
d145561ea7d7312c81d59a56ee4f884fa8fe6ac82b6a2eff76c8ed09021fb16ab73722d800bab9318467798693c926b9a8c05c68e1441fa5c3bae2e1ae60a86c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.Private.CoreLib.dll

Filesize
8.3MB

MD5
d7cf959f116b764db8a0d8d556b50925

SHA1
dff30b342248adae4801d17e0310648dba4ea63d

SHA256
9ce4d015b9350831a05fc43ca0230148efac40ad0f3f2e7483c5bf131cc458ce

SHA512
d145561ea7d7312c81d59a56ee4f884fa8fe6ac82b6a2eff76c8ed09021fb16ab73722d800bab9318467798693c926b9a8c05c68e1441fa5c3bae2e1ae60a86c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.Private.CoreLib.dll

Filesize
8.3MB

MD5
d7cf959f116b764db8a0d8d556b50925

SHA1
dff30b342248adae4801d17e0310648dba4ea63d

SHA256
9ce4d015b9350831a05fc43ca0230148efac40ad0f3f2e7483c5bf131cc458ce

SHA512
d145561ea7d7312c81d59a56ee4f884fa8fe6ac82b6a2eff76c8ed09021fb16ab73722d800bab9318467798693c926b9a8c05c68e1441fa5c3bae2e1ae60a86c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.Private.CoreLib.dll

Filesize
8.3MB

MD5
d7cf959f116b764db8a0d8d556b50925

SHA1
dff30b342248adae4801d17e0310648dba4ea63d

SHA256
9ce4d015b9350831a05fc43ca0230148efac40ad0f3f2e7483c5bf131cc458ce

SHA512
d145561ea7d7312c81d59a56ee4f884fa8fe6ac82b6a2eff76c8ed09021fb16ab73722d800bab9318467798693c926b9a8c05c68e1441fa5c3bae2e1ae60a86c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.Runtime.dll

Filesize
51KB

MD5
64b6db4e5edc35b1f0f4f8661b1bb5e8

SHA1
816f75651ce029b26284796f1436e229e06da9f3

SHA256
9e1b4b18ea91fee6a83957212e2c33ca1b332d56726e45482e00dc28d82e4444

SHA512
219d8163df984415d580737dc23720f1b2d64b4ebb03ee40a5aef94b50e5b6b2ce206cf307d58dd9690ef021ca9df1cdb35380256bfce637212f4695b57032e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.Runtime.dll

Filesize
51KB

MD5
64b6db4e5edc35b1f0f4f8661b1bb5e8

SHA1
816f75651ce029b26284796f1436e229e06da9f3

SHA256
9e1b4b18ea91fee6a83957212e2c33ca1b332d56726e45482e00dc28d82e4444

SHA512
219d8163df984415d580737dc23720f1b2d64b4ebb03ee40a5aef94b50e5b6b2ce206cf307d58dd9690ef021ca9df1cdb35380256bfce637212f4695b57032e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.Runtime.dll

Filesize
51KB

MD5
64b6db4e5edc35b1f0f4f8661b1bb5e8

SHA1
816f75651ce029b26284796f1436e229e06da9f3

SHA256
9e1b4b18ea91fee6a83957212e2c33ca1b332d56726e45482e00dc28d82e4444

SHA512
219d8163df984415d580737dc23720f1b2d64b4ebb03ee40a5aef94b50e5b6b2ce206cf307d58dd9690ef021ca9df1cdb35380256bfce637212f4695b57032e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.Runtime.dll

Filesize
51KB

MD5
64b6db4e5edc35b1f0f4f8661b1bb5e8

SHA1
816f75651ce029b26284796f1436e229e06da9f3

SHA256
9e1b4b18ea91fee6a83957212e2c33ca1b332d56726e45482e00dc28d82e4444

SHA512
219d8163df984415d580737dc23720f1b2d64b4ebb03ee40a5aef94b50e5b6b2ce206cf307d58dd9690ef021ca9df1cdb35380256bfce637212f4695b57032e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.Runtime.dll

Filesize
51KB

MD5
64b6db4e5edc35b1f0f4f8661b1bb5e8

SHA1
816f75651ce029b26284796f1436e229e06da9f3

SHA256
9e1b4b18ea91fee6a83957212e2c33ca1b332d56726e45482e00dc28d82e4444

SHA512
219d8163df984415d580737dc23720f1b2d64b4ebb03ee40a5aef94b50e5b6b2ce206cf307d58dd9690ef021ca9df1cdb35380256bfce637212f4695b57032e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.Windows.Forms.dll

Filesize
11.8MB

MD5
29e7bca05ad06acef81ed4c25c489020

SHA1
6a34bd3c75eb19ff25f35f1d89a6a1fd9335ea28

SHA256
878ee3c26121608f5b0ddb13448fdc4c9b78c5ceb54c56f9d0814bd010b702f0

SHA512
e6316ac148115b1774c0935003e211fac55e202f4a39e524f60315dcd23bd57c3b5dce0b0213008706acaa66f936ac0925804da621a4265296c0bc011d99e69d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.Windows.Forms.dll

Filesize
11.8MB

MD5
29e7bca05ad06acef81ed4c25c489020

SHA1
6a34bd3c75eb19ff25f35f1d89a6a1fd9335ea28

SHA256
878ee3c26121608f5b0ddb13448fdc4c9b78c5ceb54c56f9d0814bd010b702f0

SHA512
e6316ac148115b1774c0935003e211fac55e202f4a39e524f60315dcd23bd57c3b5dce0b0213008706acaa66f936ac0925804da621a4265296c0bc011d99e69d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\System.Windows.Forms.dll

Filesize
11.8MB

MD5
29e7bca05ad06acef81ed4c25c489020

SHA1
6a34bd3c75eb19ff25f35f1d89a6a1fd9335ea28

SHA256
878ee3c26121608f5b0ddb13448fdc4c9b78c5ceb54c56f9d0814bd010b702f0

SHA512
e6316ac148115b1774c0935003e211fac55e202f4a39e524f60315dcd23bd57c3b5dce0b0213008706acaa66f936ac0925804da621a4265296c0bc011d99e69d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\app.deps.json

Filesize
52KB

MD5
1f9804103191a99c31dfd408f404105f

SHA1
caf08ae201611d33bd258ba42c427169fe95ff58

SHA256
87e4cdda0bb02f413a1749951c975caf7c4787f348ed327c486d2a9333e62fa5

SHA512
3f55061d5509c856729fd2e70aee53d6a5a89d8ade5c69c525a3feb5713c9c509fc1a1ae01bee183865572359f830166fa8c55eb130d631a338f365607b39c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\app.dll

Filesize
149KB

MD5
a4e728b274ad283e1d5d1663afce6423

SHA1
9ade76e6b07c69a677d249893df238721deb38a3

SHA256
64c137182d882ae63eb858db0ea38d1fd9f6435ad72ed3872c5bad70176e62d2

SHA512
edcc866dfe8a43b8f5b096f1845b3edd3b50e33af451ed6146aa3911119a72ddb5ae51e1d7fc68b9ab486397c7b91907f64cb10f7bce7b6342a954958f26dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\app.dll

Filesize
149KB

MD5
a4e728b274ad283e1d5d1663afce6423

SHA1
9ade76e6b07c69a677d249893df238721deb38a3

SHA256
64c137182d882ae63eb858db0ea38d1fd9f6435ad72ed3872c5bad70176e62d2

SHA512
edcc866dfe8a43b8f5b096f1845b3edd3b50e33af451ed6146aa3911119a72ddb5ae51e1d7fc68b9ab486397c7b91907f64cb10f7bce7b6342a954958f26dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\app.dll

Filesize
149KB

MD5
a4e728b274ad283e1d5d1663afce6423

SHA1
9ade76e6b07c69a677d249893df238721deb38a3

SHA256
64c137182d882ae63eb858db0ea38d1fd9f6435ad72ed3872c5bad70176e62d2

SHA512
edcc866dfe8a43b8f5b096f1845b3edd3b50e33af451ed6146aa3911119a72ddb5ae51e1d7fc68b9ab486397c7b91907f64cb10f7bce7b6342a954958f26dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\app.dll

Filesize
149KB

MD5
a4e728b274ad283e1d5d1663afce6423

SHA1
9ade76e6b07c69a677d249893df238721deb38a3

SHA256
64c137182d882ae63eb858db0ea38d1fd9f6435ad72ed3872c5bad70176e62d2

SHA512
edcc866dfe8a43b8f5b096f1845b3edd3b50e33af451ed6146aa3911119a72ddb5ae51e1d7fc68b9ab486397c7b91907f64cb10f7bce7b6342a954958f26dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\app.dll

Filesize
149KB

MD5
a4e728b274ad283e1d5d1663afce6423

SHA1
9ade76e6b07c69a677d249893df238721deb38a3

SHA256
64c137182d882ae63eb858db0ea38d1fd9f6435ad72ed3872c5bad70176e62d2

SHA512
edcc866dfe8a43b8f5b096f1845b3edd3b50e33af451ed6146aa3911119a72ddb5ae51e1d7fc68b9ab486397c7b91907f64cb10f7bce7b6342a954958f26dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\app.dll

Filesize
149KB

MD5
a4e728b274ad283e1d5d1663afce6423

SHA1
9ade76e6b07c69a677d249893df238721deb38a3

SHA256
64c137182d882ae63eb858db0ea38d1fd9f6435ad72ed3872c5bad70176e62d2

SHA512
edcc866dfe8a43b8f5b096f1845b3edd3b50e33af451ed6146aa3911119a72ddb5ae51e1d7fc68b9ab486397c7b91907f64cb10f7bce7b6342a954958f26dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\app.dll

Filesize
149KB

MD5
a4e728b274ad283e1d5d1663afce6423

SHA1
9ade76e6b07c69a677d249893df238721deb38a3

SHA256
64c137182d882ae63eb858db0ea38d1fd9f6435ad72ed3872c5bad70176e62d2

SHA512
edcc866dfe8a43b8f5b096f1845b3edd3b50e33af451ed6146aa3911119a72ddb5ae51e1d7fc68b9ab486397c7b91907f64cb10f7bce7b6342a954958f26dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\app.dll

Filesize
149KB

MD5
a4e728b274ad283e1d5d1663afce6423

SHA1
9ade76e6b07c69a677d249893df238721deb38a3

SHA256
64c137182d882ae63eb858db0ea38d1fd9f6435ad72ed3872c5bad70176e62d2

SHA512
edcc866dfe8a43b8f5b096f1845b3edd3b50e33af451ed6146aa3911119a72ddb5ae51e1d7fc68b9ab486397c7b91907f64cb10f7bce7b6342a954958f26dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\app.dll

Filesize
149KB

MD5
a4e728b274ad283e1d5d1663afce6423

SHA1
9ade76e6b07c69a677d249893df238721deb38a3

SHA256
64c137182d882ae63eb858db0ea38d1fd9f6435ad72ed3872c5bad70176e62d2

SHA512
edcc866dfe8a43b8f5b096f1845b3edd3b50e33af451ed6146aa3911119a72ddb5ae51e1d7fc68b9ab486397c7b91907f64cb10f7bce7b6342a954958f26dc68

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\app.runtimeconfig.json

Filesize
389B

MD5
97f81f01645efc1b501b1f947ec6367d

SHA1
3e3442737f38da6e85f83cbd2332f0487b6ae231

SHA256
5a56d8934a12389b8f7276399a06ce2c8d05bd15a9f2529f14c843ac78e4a88a

SHA512
f486d97554fa72f35067a5484958c21adc4a8b2ffb2ad4cb524a2ebe00133a47f6ea99136d0221fe538451661db305e8c1585b330e075992c36f489034fe7904

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\clrjit.dll

Filesize
1.1MB

MD5
a873ebf8b135192456bb47edffa641c9

SHA1
533375c44d5f0ed5a194975817972ca5e2e646ab

SHA256
520ef22ad5cdc40025f8964d0cefb39b0c88cec4e0f7d49863f004887adecc95

SHA512
c8a46a050530287451101ebe89b2ee4149d3d3402127c78be5b201d8a66c1b2c3adbdf33f7fc866008e8d4920a24635719baa1c172c84089afeb8019c76c8f17

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\clrjit.dll

Filesize
1.1MB

MD5
a873ebf8b135192456bb47edffa641c9

SHA1
533375c44d5f0ed5a194975817972ca5e2e646ab

SHA256
520ef22ad5cdc40025f8964d0cefb39b0c88cec4e0f7d49863f004887adecc95

SHA512
c8a46a050530287451101ebe89b2ee4149d3d3402127c78be5b201d8a66c1b2c3adbdf33f7fc866008e8d4920a24635719baa1c172c84089afeb8019c76c8f17

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\clrjit.dll

Filesize
1.1MB

MD5
a873ebf8b135192456bb47edffa641c9

SHA1
533375c44d5f0ed5a194975817972ca5e2e646ab

SHA256
520ef22ad5cdc40025f8964d0cefb39b0c88cec4e0f7d49863f004887adecc95

SHA512
c8a46a050530287451101ebe89b2ee4149d3d3402127c78be5b201d8a66c1b2c3adbdf33f7fc866008e8d4920a24635719baa1c172c84089afeb8019c76c8f17

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\clrjit.dll

Filesize
1.1MB

MD5
a873ebf8b135192456bb47edffa641c9

SHA1
533375c44d5f0ed5a194975817972ca5e2e646ab

SHA256
520ef22ad5cdc40025f8964d0cefb39b0c88cec4e0f7d49863f004887adecc95

SHA512
c8a46a050530287451101ebe89b2ee4149d3d3402127c78be5b201d8a66c1b2c3adbdf33f7fc866008e8d4920a24635719baa1c172c84089afeb8019c76c8f17

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\clrjit.dll

Filesize
1.1MB

MD5
a873ebf8b135192456bb47edffa641c9

SHA1
533375c44d5f0ed5a194975817972ca5e2e646ab

SHA256
520ef22ad5cdc40025f8964d0cefb39b0c88cec4e0f7d49863f004887adecc95

SHA512
c8a46a050530287451101ebe89b2ee4149d3d3402127c78be5b201d8a66c1b2c3adbdf33f7fc866008e8d4920a24635719baa1c172c84089afeb8019c76c8f17

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\coreclr.dll

Filesize
4.1MB

MD5
fdb0d51a8c7ad31a75001ec87efc2039

SHA1
264a5dd57656841987f6f73d2b15290340049ad5

SHA256
d8877ba978e5ffb733026d15fc6e7b60862c8c43ad04ca3e5b663b6dcc7dd6bc

SHA512
590d8d45c59cd42ba0d0be068baf5d339228f6ff38f7282909679f3a2ea3f25f5110c072276888c986f020bbddeef48b69917900e7c94bcaa22bc3d0d6c978c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\coreclr.dll

Filesize
4.1MB

MD5
fdb0d51a8c7ad31a75001ec87efc2039

SHA1
264a5dd57656841987f6f73d2b15290340049ad5

SHA256
d8877ba978e5ffb733026d15fc6e7b60862c8c43ad04ca3e5b663b6dcc7dd6bc

SHA512
590d8d45c59cd42ba0d0be068baf5d339228f6ff38f7282909679f3a2ea3f25f5110c072276888c986f020bbddeef48b69917900e7c94bcaa22bc3d0d6c978c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\coreclr.dll

Filesize
4.1MB

MD5
fdb0d51a8c7ad31a75001ec87efc2039

SHA1
264a5dd57656841987f6f73d2b15290340049ad5

SHA256
d8877ba978e5ffb733026d15fc6e7b60862c8c43ad04ca3e5b663b6dcc7dd6bc

SHA512
590d8d45c59cd42ba0d0be068baf5d339228f6ff38f7282909679f3a2ea3f25f5110c072276888c986f020bbddeef48b69917900e7c94bcaa22bc3d0d6c978c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\coreclr.dll

Filesize
4.1MB

MD5
fdb0d51a8c7ad31a75001ec87efc2039

SHA1
264a5dd57656841987f6f73d2b15290340049ad5

SHA256
d8877ba978e5ffb733026d15fc6e7b60862c8c43ad04ca3e5b663b6dcc7dd6bc

SHA512
590d8d45c59cd42ba0d0be068baf5d339228f6ff38f7282909679f3a2ea3f25f5110c072276888c986f020bbddeef48b69917900e7c94bcaa22bc3d0d6c978c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\coreclr.dll

Filesize
4.1MB

MD5
fdb0d51a8c7ad31a75001ec87efc2039

SHA1
264a5dd57656841987f6f73d2b15290340049ad5

SHA256
d8877ba978e5ffb733026d15fc6e7b60862c8c43ad04ca3e5b663b6dcc7dd6bc

SHA512
590d8d45c59cd42ba0d0be068baf5d339228f6ff38f7282909679f3a2ea3f25f5110c072276888c986f020bbddeef48b69917900e7c94bcaa22bc3d0d6c978c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\hostfxr.dll

Filesize
335KB

MD5
36e668a570def150bc37c64bcc824af5

SHA1
c475d9bbfbf8e71197c06d86515cb84d06be0ff8

SHA256
26ed6778f4d368df211d035b548fa9b3d22976def5055d33c0f2a2d7086ed54a

SHA512
cf728f060688cc2a19186f029ecbe2f11c68dc56ed12e2759af0b21a74ef69d1a6f40d777efed4eb32b581acdee5bd5c668339c928556987dbf1cdb2533143db

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\hostfxr.dll

Filesize
335KB

MD5
36e668a570def150bc37c64bcc824af5

SHA1
c475d9bbfbf8e71197c06d86515cb84d06be0ff8

SHA256
26ed6778f4d368df211d035b548fa9b3d22976def5055d33c0f2a2d7086ed54a

SHA512
cf728f060688cc2a19186f029ecbe2f11c68dc56ed12e2759af0b21a74ef69d1a6f40d777efed4eb32b581acdee5bd5c668339c928556987dbf1cdb2533143db

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\hostfxr.dll

Filesize
335KB

MD5
36e668a570def150bc37c64bcc824af5

SHA1
c475d9bbfbf8e71197c06d86515cb84d06be0ff8

SHA256
26ed6778f4d368df211d035b548fa9b3d22976def5055d33c0f2a2d7086ed54a

SHA512
cf728f060688cc2a19186f029ecbe2f11c68dc56ed12e2759af0b21a74ef69d1a6f40d777efed4eb32b581acdee5bd5c668339c928556987dbf1cdb2533143db

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\hostfxr.dll

Filesize
335KB

MD5
36e668a570def150bc37c64bcc824af5

SHA1
c475d9bbfbf8e71197c06d86515cb84d06be0ff8

SHA256
26ed6778f4d368df211d035b548fa9b3d22976def5055d33c0f2a2d7086ed54a

SHA512
cf728f060688cc2a19186f029ecbe2f11c68dc56ed12e2759af0b21a74ef69d1a6f40d777efed4eb32b581acdee5bd5c668339c928556987dbf1cdb2533143db

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\hostfxr.dll

Filesize
335KB

MD5
36e668a570def150bc37c64bcc824af5

SHA1
c475d9bbfbf8e71197c06d86515cb84d06be0ff8

SHA256
26ed6778f4d368df211d035b548fa9b3d22976def5055d33c0f2a2d7086ed54a

SHA512
cf728f060688cc2a19186f029ecbe2f11c68dc56ed12e2759af0b21a74ef69d1a6f40d777efed4eb32b581acdee5bd5c668339c928556987dbf1cdb2533143db

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\hostpolicy.dll

Filesize
328KB

MD5
862514252dc75f2275445ca4798eea1f

SHA1
6241c1ef41b521a7766a87732382e0c940c96dee

SHA256
1f81009336fed33b50bf187d70a16929f4d1b4f78b4d1e16bbbf7f6a87ec5bb1

SHA512
b070c5a4d4d649da59df88ef0030f74a7e1096da21f27fccb72d3027e7b9cc87193fde695b32419982249b8e7fce7d5fea679a6c085a4605a09bfdd976a26a7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\hostpolicy.dll

Filesize
328KB

MD5
862514252dc75f2275445ca4798eea1f

SHA1
6241c1ef41b521a7766a87732382e0c940c96dee

SHA256
1f81009336fed33b50bf187d70a16929f4d1b4f78b4d1e16bbbf7f6a87ec5bb1

SHA512
b070c5a4d4d649da59df88ef0030f74a7e1096da21f27fccb72d3027e7b9cc87193fde695b32419982249b8e7fce7d5fea679a6c085a4605a09bfdd976a26a7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\hostpolicy.dll

Filesize
328KB

MD5
862514252dc75f2275445ca4798eea1f

SHA1
6241c1ef41b521a7766a87732382e0c940c96dee

SHA256
1f81009336fed33b50bf187d70a16929f4d1b4f78b4d1e16bbbf7f6a87ec5bb1

SHA512
b070c5a4d4d649da59df88ef0030f74a7e1096da21f27fccb72d3027e7b9cc87193fde695b32419982249b8e7fce7d5fea679a6c085a4605a09bfdd976a26a7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\hostpolicy.dll

Filesize
328KB

MD5
862514252dc75f2275445ca4798eea1f

SHA1
6241c1ef41b521a7766a87732382e0c940c96dee

SHA256
1f81009336fed33b50bf187d70a16929f4d1b4f78b4d1e16bbbf7f6a87ec5bb1

SHA512
b070c5a4d4d649da59df88ef0030f74a7e1096da21f27fccb72d3027e7b9cc87193fde695b32419982249b8e7fce7d5fea679a6c085a4605a09bfdd976a26a7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.net\CreateMyGif\YsVoLkqGOeU7offIdsgYhy_xetMEKCU=\hostpolicy.dll

Filesize
328KB

MD5
862514252dc75f2275445ca4798eea1f

SHA1
6241c1ef41b521a7766a87732382e0c940c96dee

SHA256
1f81009336fed33b50bf187d70a16929f4d1b4f78b4d1e16bbbf7f6a87ec5bb1

SHA512
b070c5a4d4d649da59df88ef0030f74a7e1096da21f27fccb72d3027e7b9cc87193fde695b32419982249b8e7fce7d5fea679a6c085a4605a09bfdd976a26a7d

Download Submit
C:\Users\Admin\Downloads\CreateMyGif.exe

Filesize
150.5MB

MD5
6177d165b0128f6925aad51648dfeacd

SHA1
bf188099e3ca3eeaf81ff756f5ed52998fd5e984

SHA256
9fde20c98ee56f77d0ebaf65c078179c78b04752a955d3a72a305d998b261171

SHA512
70af65fb6c4cad97736bd34de0d57cbd7ca7133666f17ebf68ee6feb7cef7dbb6d0ed726d791e5c9fc61bb1ac8d0085b8e582db1ff31ea00c8ca2c57038812ce

Download Submit
C:\Users\Admin\Downloads\CreateMyGif.exe

Filesize
150.5MB

MD5
6177d165b0128f6925aad51648dfeacd

SHA1
bf188099e3ca3eeaf81ff756f5ed52998fd5e984

SHA256
9fde20c98ee56f77d0ebaf65c078179c78b04752a955d3a72a305d998b261171

SHA512
70af65fb6c4cad97736bd34de0d57cbd7ca7133666f17ebf68ee6feb7cef7dbb6d0ed726d791e5c9fc61bb1ac8d0085b8e582db1ff31ea00c8ca2c57038812ce

Download Submit
C:\Users\Admin\Downloads\CreateMyGif.exe

Filesize
150.5MB

MD5
6177d165b0128f6925aad51648dfeacd

SHA1
bf188099e3ca3eeaf81ff756f5ed52998fd5e984

SHA256
9fde20c98ee56f77d0ebaf65c078179c78b04752a955d3a72a305d998b261171

SHA512
70af65fb6c4cad97736bd34de0d57cbd7ca7133666f17ebf68ee6feb7cef7dbb6d0ed726d791e5c9fc61bb1ac8d0085b8e582db1ff31ea00c8ca2c57038812ce

Download Submit
C:\Users\Admin\Downloads\CreateMyGif.exe

Filesize
150.5MB

MD5
6177d165b0128f6925aad51648dfeacd

SHA1
bf188099e3ca3eeaf81ff756f5ed52998fd5e984

SHA256
9fde20c98ee56f77d0ebaf65c078179c78b04752a955d3a72a305d998b261171

SHA512
70af65fb6c4cad97736bd34de0d57cbd7ca7133666f17ebf68ee6feb7cef7dbb6d0ed726d791e5c9fc61bb1ac8d0085b8e582db1ff31ea00c8ca2c57038812ce

Download Submit
C:\Users\Admin\Downloads\CreateMyGif.exe

Filesize
150.5MB

MD5
6177d165b0128f6925aad51648dfeacd

SHA1
bf188099e3ca3eeaf81ff756f5ed52998fd5e984

SHA256
9fde20c98ee56f77d0ebaf65c078179c78b04752a955d3a72a305d998b261171

SHA512
70af65fb6c4cad97736bd34de0d57cbd7ca7133666f17ebf68ee6feb7cef7dbb6d0ed726d791e5c9fc61bb1ac8d0085b8e582db1ff31ea00c8ca2c57038812ce

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 389272.crdownload

Filesize
38.4MB

MD5
e746c9704a182e8dd8a31d1cd7c3a86c

SHA1
1dd97510abaf741e50a60b7258e51ac2bc6f7617

SHA256
120d33548e5f77d15b6b9ed31b0eaeafa6e13a99433eae852ceda55af4e8d044

SHA512
e55471ee40472346f91d47dbd5d18bb12543bd520bc49a091d1b5cba25a732f4ac5555cb35e75e84ea1235b70fad45ea0e8463e632fabb193b3d92c9187998be

Download Submit
memory/1564-1822-0x0000000074CD0000-0x00000000750FF000-memory.dmp

Filesize
4.2MB

Download
memory/1564-1887-0x0000000004E90000-0x0000000004EA0000-memory.dmp

Filesize
64KB

Download
memory/1564-1873-0x0000000074CD0000-0x00000000750FF000-memory.dmp

Filesize
4.2MB

Download
memory/1788-1876-0x0000000074CD0000-0x00000000750FF000-memory.dmp

Filesize
4.2MB

Download
memory/1788-1871-0x0000000074CD0000-0x00000000750FF000-memory.dmp

Filesize
4.2MB

Download
memory/1788-1820-0x0000000074CD0000-0x00000000750FF000-memory.dmp

Filesize
4.2MB

Download
memory/4412-1821-0x0000000074CD0000-0x00000000750FF000-memory.dmp

Filesize
4.2MB

Download
memory/4412-1875-0x0000000074CD0000-0x00000000750FF000-memory.dmp

Filesize
4.2MB

Download
memory/4412-1872-0x0000000074CD0000-0x00000000750FF000-memory.dmp

Filesize
4.2MB

Download
memory/5888-1877-0x0000000074CD0000-0x00000000750FF000-memory.dmp

Filesize
4.2MB

Download
memory/5888-1874-0x0000000074CD0000-0x00000000750FF000-memory.dmp

Filesize
4.2MB

Download
memory/5888-1828-0x0000000074CD0000-0x00000000750FF000-memory.dmp

Filesize
4.2MB

Download
memory/6092-1919-0x0000000074CD0000-0x00000000750FF000-memory.dmp

Filesize
4.2MB

Download
memory/6092-1920-0x0000000074CD0000-0x00000000750FF000-memory.dmp

Filesize
4.2MB

Download