povertystealer | hxxps://app[.]mediafire[.]com/yfz5pjw13emor

Analysis

max time kernel
358s
max time network
364s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
24-02-2024 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.mediafire.com/yfz5pjw13emor

Score

10^/10

povertystealer redline discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

45.15.156.142:33597

Signatures

Detect Poverty Stealer Payload 16 IoCs

resource	yara_rule
behavioral1/memory/3624-496-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/3624-499-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/3624-503-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/3624-504-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/3624-505-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/3052-502-0x0000000002990000-0x0000000004990000-memory.dmp	family_povertystealer
behavioral1/memory/3624-508-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/5472-525-0x00000000028A0000-0x00000000048A0000-memory.dmp	family_povertystealer
behavioral1/memory/5228-526-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/5228-528-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/5228-531-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/1876-552-0x0000000003170000-0x0000000005170000-memory.dmp	family_povertystealer
behavioral1/memory/3592-550-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/3592-551-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/3592-555-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/1876-567-0x0000000003170000-0x0000000005170000-memory.dmp	family_povertystealer

Poverty Stealer
Poverty Stealer is a crypto and infostealer written in C++.
stealer povertystealer
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral1/memory/4200-458-0x00000000009A0000-0x00000000009F4000-memory.dmp	family_redline
behavioral1/memory/5564-557-0x0000000002C20000-0x0000000002C74000-memory.dmp	family_redline

Executes dropped EXE 5 IoCs

pid	Process
4200	installer4K.exe
3052	loader4K.exe
5472	loader4K.exe
1876	loader4K.exe
5564	installer4K.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 3052 set thread context of 3624	3052	loader4K.exe	111
PID 5472 set thread context of 5228	5472	loader4K.exe	114
PID 1876 set thread context of 3592	1876	loader4K.exe	120

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532351384316603"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1681664450-2645008397-319333953-1000_Classes\Local Settings	7zFM.exe

Suspicious behavior: EnumeratesProcesses 49 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
1844	chrome.exe
1844	chrome.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
4200	installer4K.exe
5896	7zFM.exe
5896	7zFM.exe
5896	7zFM.exe
5896	7zFM.exe
5896	7zFM.exe
5896	7zFM.exe
5896	7zFM.exe
5896	7zFM.exe
5564	installer4K.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5896	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe
Token: SeShutdownPrivilege	2356	chrome.exe
Token: SeCreatePagefilePrivilege	2356	chrome.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
5896	7zFM.exe
5896	7zFM.exe
5896	7zFM.exe
5896	7zFM.exe
5896	7zFM.exe
5896	7zFM.exe
5896	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe
2356	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2100	2356	chrome.exe	73
PID 2356 wrote to memory of 2100	2356	chrome.exe	73
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 5008	2356	chrome.exe	77
PID 2356 wrote to memory of 196	2356	chrome.exe	75
PID 2356 wrote to memory of 196	2356	chrome.exe	75
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76
PID 2356 wrote to memory of 2252	2356	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://app.mediafire.com/yfz5pjw13emor
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffabf889758,0x7ffabf889768,0x7ffabf889778
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:2
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4988 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5460 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5316 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5204 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5660 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5836 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6076 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:68
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6168 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6372 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6504 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4856 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6928 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7348 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6684 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7196 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
  2⤵
  PID:5740
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\installer4K.rar"
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:5896
- - C:\Users\Admin\AppData\Local\Temp\7zO8077865C\loader4K.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO8077865C\loader4K.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:5472
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:5228
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO8079134C\PASSWORD FOR ARCHIVE - 2024.txt
    3⤵
    PID:5516
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO807FAE1C\README!!!.txt
    3⤵
    PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7372 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:8
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=916 --field-trial-handle=1860,i,16401624707363260665,10253456212093487406,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1844

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4260

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:5784

C:\Users\Admin\Desktop\installer4K.exe
"C:\Users\Admin\Desktop\installer4K.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4200

C:\Users\Admin\Desktop\loader4K.exe
"C:\Users\Admin\Desktop\loader4K.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:3052
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:3624

C:\Users\Admin\Desktop\loader4K.exe
"C:\Users\Admin\Desktop\loader4K.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1876
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:3588
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:3592

C:\Users\Admin\Desktop\installer4K.exe
"C:\Users\Admin\Desktop\installer4K.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
72eae15d9e00f6199f99869be2fdec65

SHA1
ef04d90785f7c663850ff7e922c8686088bb20c1

SHA256
0106666315858c1b5b9c571926914fc384fe6abcd5373ad150a93d1d4444f146

SHA512
93567b7e2f24cf4aa668a8616062762edd46fa2ede91e3e1fb1befafde4e108444cb7c0d94746eaf4041e72e564633ca24ab6beb228f052ded8b0c7d6cbe3ef8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a96d5d75c34a6c23e6ac1161239e59ad

SHA1
c2c3140d161bcfa91d55276a89fc4a2545ac26ba

SHA256
a4e2cf70e6c83c948063621df736d24c68f3eb256d73782d49620b80c5cf072f

SHA512
f3e1d17f85f7500eca6129bdb7cb9a8b8c71a44a197faf640d50e24329af974da654a6ec56641035f87bb4ebaee9dd9b33f2b77a5a9ff19d0018cb733e465807

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
40KB

MD5
2297e451ca63d615676d3a6e1648d979

SHA1
e515687a911637058769cec13c6dd913fc5ec189

SHA256
f34b27ce98db29a3c2ce10f204c138fddf8a3281c736de8ef1d765729b400719

SHA512
079cec9216ca8fd80c98d28d1657e40ef812de1ffb8bb4a2b8adb6ea35d7dfbef2442533bbd00af09b6232838f4c0d766797f81cc2c2bd2169a4f05c466a5d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
adb725c64a986473241474d8fe59cdee

SHA1
0c0891acf37e28cff4603d4c7385c51b5f99a9b8

SHA256
094f132c30f5ecd43736557b600c21a53a09ca351ca1585ef4a5b1a374469215

SHA512
b7f92168ad60996799418949a6dc7e8506819b7d814857d6afdcbe7071edc20980d201885b0b500e0d55f4cdd1fe1dde9eaba6ba59b644fa3a7368ab46c73297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
96a10d4def79c29fe23eb53ff3255612

SHA1
efc58fada084f84f4aa7dc9b9f0cc63f56b419b9

SHA256
12ab6cdbebca3b894de16e8a97e4761e17dfcab96525e16481e7aa1fd69c74f1

SHA512
b59cbc0ed3f006ebc6178c284e8f83fd4bac2d3ad16045bbdfe780458d11d5a59d3874ceffc3d021a0ced240c96f78b7dbc012e7c8e268e657d445264c2c521f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2b939ec9a20151e1aead98663183dbe6

SHA1
9c67b749878f00b039ac9aa6e2d900c87e521146

SHA256
6255c544440e23b9637ef83b2d4e4bb6adcc24ef3231c13b95694b696fa30d22

SHA512
596bd107cfe551eb1e8099e5a0de161f51b73eb26c62b90cd74d32deb546fc67877ac8ccf9eea4db52f512ae51c0e853254996db199ba8827d3f6c6474a18114

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d3e8a05dd2f3814b27882fb4d6652c63

SHA1
a7413a439646bfd447467181e09f213c1473176f

SHA256
0aa843745a7a29e11b040ef6e2e37a2142c4a83e01679ef442481eacced18a0d

SHA512
3e52a51c8d622f7569be274c78faae9ac6c11ce6535816b8db476ac815ef61744892714b84a48560514d8ae0838dfdc3276cc0e2b81d23f8eb2f1dd3a90e8072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bf1e4f4b59a3214037b31237a33fce8d

SHA1
fc8c6d8610018b812c8ad4fef188e4eed6f5e85e

SHA256
6f25a8d4e098045373d09bc7091e615f0b1a91caf3136ded35f7228c75ec7c30

SHA512
a9c8f9edd77bf410f0f9014bd23dca43f2c2e21d8c16ca4f29cc1a5ebe880c939908850ca0f218f9f5a4d241cca1dcd5f9fd90eb76aa8f3912f4bbbdfbcadf47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
609a71d058706d1ed150e960f7b3a4b5

SHA1
560a42be588937357dcd499d45bbd109369a739b

SHA256
56ba1b24b89f9113631d98fd39842de7ccc9b8572a1502c9a8e8238632abc56f

SHA512
02fbb04bc2af6aaf0b5634c19bf9a934335200772dd7a53f73fb86a932a69debfd9c9bf1c834fe0a11c6ecd25c6b8c540a55b49cd6058144a5c972f11eccfd54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e248dfca91553efa5ebcba014a863689

SHA1
9733ede91560bac358a97bb10812f52db6c04995

SHA256
95b6bc09fa1278053784d901e40272e0f3c398933e00c4e479cfc0c7ed714ccf

SHA512
ca5714d4977ae211a288db36bdd715fbe89fafdb6a9dae4e2e6baa74707089e4afa52df24ac1cb21d6ad1305d996db57808b724e1b519250eee0b1b928f0b0b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4a4f0ec3bb7a312a759332276725a203

SHA1
08e9c16c717db76c86cacd34a62b698b0f48c4f0

SHA256
5fb022bc8e22db3090de437e8265586d6cbaf01f7a0aee09aa8bac3c55d8dd18

SHA512
639a3bb3e919ab7e0f058408289e4994169aa9a4f75298683f54205c4332253236a77cc96e5002835792bcfe0b0f641082aad67d29d016f6705886985b217f4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bd69454e3b1dfcec803a15c5c49ca2ee

SHA1
d44260f54460de1695821e5d3df4c7b9d7b139ff

SHA256
2a518c3d812b2304b2a2a14c430dce10044c21ff02c093c36a24be8b0e521064

SHA512
53bf5fb200ccf8942782d8b22bc9cdce0839dc68b556a3bfdf6b823684fe85672ceee7696236a644c393f38b3b1c1ff3aa22746cf9fdfd27370623bcc42cda2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
353bb56d56d5f21ed7a44259bd79922a

SHA1
23e0f360c45262905bc7e558a6b5b7e38d189437

SHA256
f6235c2be818300432de55effb71d406f3796c8046e1ce76b756185ce54377c5

SHA512
67d33ad5fab5722b45c0f715800566dd1734444bd236ad30fcb94b4401e2c349e7f11185f334212433830a45acb5a7cb99a071754d17a4f687f0296ca0cea06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
63644f3774b85c55b3c6248f01d9b4ba

SHA1
fc52a9e63d87d07c489d093c40372dc9a47edde1

SHA256
585a0edc80a09cc728d160781a37b72f5b44609ff92cf0c9e54e72d925dd761d

SHA512
a72349c8fa19e8c657f942e4ac103b1ca346b623456b464404ddacb31535dd9073496d312f664d0561d6205e847dcce3308fe18dc99e02ad89864d3216d02d40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
7e5ab3a223b97701992b45b369a53a18

SHA1
ff99db45f5c839d85efafb58a53fc7cd46eabf72

SHA256
23d3781cb5c0be3eda01023ce1050156a310ac3af397b4916506bc4bf99c3eb7

SHA512
32a1f119b7b17c2d7249daebe396a9d931797363ef8df197e9e78378ac37027592ea6042bd33e67c0dffa72a3f87d4313ccd0f723d7f4e2f0a6a882fb616581c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
f3a278ef86f2bb91708fff4497f47c4c

SHA1
9e2df6b9e130b6d2358ca20b0a66638bbbb6b775

SHA256
4cbdfafcb05ffa4f98455c24a58d30ec2e38d50b7309a50e8cf2d706b1637da2

SHA512
f387e880426ce63d17be0306f33b9f7acd7f0b73abcdcbfe4d25c523d97b344d18bc804096d61f45706c4873836bfd13391344eaf0e967bbffc682df2b65eb87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
b6260a7a50c663af9f82b04cd0eb4a67

SHA1
62d91544869c3d64a5a5dca156ce19a3f22a1511

SHA256
8faf82b698b4a9e1bc68cb3d60b649658f8ff16310234c36952af3744dfb056b

SHA512
2b6da4bb7a79c585b40d455d6479dbb3ca4cf4603492ea3780cbbb6196c5526e0687abe273bfc139785d383582e39eb9f4cd54a617d012bde88f12dab81ea062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584f73.TMP

Filesize
99KB

MD5
629742717b0660a03e9ab78b181f8e9e

SHA1
dbe65325508d9facde45380b180cb1ae28f94bc9

SHA256
10dbae33aca49ac900ac2145c0e7d89154c2ba561b114d25cf2ccef16165fdf5

SHA512
bd881f1844f9b116d0a6c9a70a5db57b05c6c26170779041b7fbb398486dae38165c58dc646ba69a1d4493152acd3289ef1424a3915292defc3bf4d6d235e1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\loader4K.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8079134C\PASSWORD FOR ARCHIVE - 2024.txt

Filesize
27B

MD5
2843eeda6a606d23467e8ae584e914dd

SHA1
019fefdcdad4e76e350c8ea5941e29bb8102cb06

SHA256
0b675c1802d19ed3e8190ebf5778f6af39d4b0406ad6c837d4d045e551085f64

SHA512
430cf672153c161922d62aec3691ee8477cf709adc754b34c0aa8ebe4db94fc59814d93f06da46c0f9d1aaafeaa0a2d3a8f449fbccce147dc66443f045cb78fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO807FAE1C\README!!!.txt

Filesize
308B

MD5
91d90643d610ef52f96effdc000e1c33

SHA1
f566e82902d7e4f5a943414be193bbb48cfd1ecd

SHA256
5b46ce0b0a28b985bccedd690231f9a76a4e002efcc41d884b910fe71f8c59da

SHA512
06cca7bf22fbfa47ee46b0434b2114f1913178048312ce6e70d2bff139e6994f217003a8460796efeb9e91b86ae1f618275a4b60d21ad184b52e90601bcc47da

Download Submit
C:\Users\Admin\Desktop\installer4K.exe

Filesize
455KB

MD5
28544e97bfffe6faefe86b4e72875f1e

SHA1
e442030c77d0f163dc567bacd7165c60b347fc6e

SHA256
d95f4d43357fc94e73641c39ddb6703298dbac8b61dbe437e92c6b2162c49492

SHA512
2dbe4cbfa32a45d6055ffe1257e4e084bbc197ac770620e9e5c82b76f7c5d633801ce7718e4c3c5d2fabfcac5c39cad657b5f619d96e21d0b2d02791c0cc4edd

Download Submit
C:\Users\Admin\Desktop\loader4K.exe

Filesize
51KB

MD5
87e8e5cc9f29defc6a1830dc51cbee81

SHA1
120a066a17dc7611de5b080eb1caf1c65898717c

SHA256
04574d097b30594f382f537a80a2de88f29121908dbc3f223cc43326ffd16000

SHA512
f2007740c01e5e96efe18cadd5316fe04533282bcfe1eda80af6a72b98722fe6f7d181be12511f4ffd56bbfa8d4c8e26c13be0b86c2acbd239058cf86768532f

Download Submit
C:\Users\Admin\Downloads\installer4K.rar

Filesize
9.5MB

MD5
97048301f41fe6b3d1121931d0659e8b

SHA1
db06375d26f1c905a3392f9bcf22b08a5cc62ff1

SHA256
1148577834893af0379e660e2fc109f8fc1511d0bce55958ce5881a55fc819b2

SHA512
4a8c30587ad60a5f7205147a7f62247c5170ec95783be058493d5f9739b7f0b5d4749c499fc628c54c12cb3e7bf69385d641aa4d249f6ba281a5f71e1a2ad32a

Download Submit
memory/1876-567-0x0000000003170000-0x0000000005170000-memory.dmp

Filesize
32.0MB

Download
memory/1876-543-0x0000000073200000-0x00000000738EE000-memory.dmp

Filesize
6.9MB

Download
memory/1876-549-0x0000000073200000-0x00000000738EE000-memory.dmp

Filesize
6.9MB

Download
memory/1876-552-0x0000000003170000-0x0000000005170000-memory.dmp

Filesize
32.0MB

Download
memory/3052-492-0x0000000000630000-0x0000000000644000-memory.dmp

Filesize
80KB

Download
memory/3052-509-0x0000000002990000-0x0000000004990000-memory.dmp

Filesize
32.0MB

Download
memory/3052-494-0x0000000073160000-0x000000007384E000-memory.dmp

Filesize
6.9MB

Download
memory/3052-501-0x0000000073160000-0x000000007384E000-memory.dmp

Filesize
6.9MB

Download
memory/3052-502-0x0000000002990000-0x0000000004990000-memory.dmp

Filesize
32.0MB

Download
memory/3592-555-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3592-550-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3592-551-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3624-507-0x0000000000F80000-0x0000000000F81000-memory.dmp

Filesize
4KB

Download
memory/3624-505-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3624-508-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3624-496-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3624-499-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3624-504-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3624-503-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4200-485-0x00000000074D0000-0x00000000079FC000-memory.dmp

Filesize
5.2MB

Download
memory/4200-464-0x0000000004FA0000-0x0000000005032000-memory.dmp

Filesize
584KB

Download
memory/4200-484-0x0000000006DD0000-0x0000000006F92000-memory.dmp

Filesize
1.8MB

Download
memory/4200-482-0x00000000067C0000-0x0000000006810000-memory.dmp

Filesize
320KB

Download
memory/4200-472-0x0000000005A10000-0x0000000005A76000-memory.dmp

Filesize
408KB

Download
memory/4200-471-0x0000000005330000-0x000000000537B000-memory.dmp

Filesize
300KB

Download
memory/4200-470-0x00000000051B0000-0x00000000051EE000-memory.dmp

Filesize
248KB

Download
memory/4200-458-0x00000000009A0000-0x00000000009F4000-memory.dmp

Filesize
336KB

Download
memory/4200-462-0x0000000073160000-0x000000007384E000-memory.dmp

Filesize
6.9MB

Download
memory/4200-463-0x00000000054A0000-0x000000000599E000-memory.dmp

Filesize
5.0MB

Download
memory/4200-489-0x0000000073160000-0x000000007384E000-memory.dmp

Filesize
6.9MB

Download
memory/4200-465-0x0000000004F20000-0x0000000004F30000-memory.dmp

Filesize
64KB

Download
memory/4200-466-0x0000000004EE0000-0x0000000004EEA000-memory.dmp

Filesize
40KB

Download
memory/4200-469-0x0000000005150000-0x0000000005162000-memory.dmp

Filesize
72KB

Download
memory/4200-468-0x0000000005220000-0x000000000532A000-memory.dmp

Filesize
1.0MB

Download
memory/4200-467-0x0000000005FB0000-0x00000000065B6000-memory.dmp

Filesize
6.0MB

Download
memory/5228-531-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/5228-528-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/5228-526-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/5472-540-0x00000000028A0000-0x00000000048A0000-memory.dmp

Filesize
32.0MB

Download
memory/5472-525-0x00000000028A0000-0x00000000048A0000-memory.dmp

Filesize
32.0MB

Download
memory/5472-524-0x0000000073160000-0x000000007384E000-memory.dmp

Filesize
6.9MB

Download
memory/5472-519-0x0000000073160000-0x000000007384E000-memory.dmp

Filesize
6.9MB

Download
memory/5564-557-0x0000000002C20000-0x0000000002C74000-memory.dmp

Filesize
336KB

Download
memory/5564-561-0x0000000073200000-0x00000000738EE000-memory.dmp

Filesize
6.9MB

Download
memory/5564-562-0x0000000005840000-0x0000000005850000-memory.dmp

Filesize
64KB

Download
memory/5564-563-0x0000000005930000-0x000000000597B000-memory.dmp

Filesize
300KB

Download
memory/5564-566-0x0000000073200000-0x00000000738EE000-memory.dmp

Filesize
6.9MB

Download