hxxps://cdn[.]discordapp[.]com/attachments/1250123717283942571/1257297706884534282/Loader[.]exe?ex=66ae153c&is=66acc3bc&hm=5984b63bead50f7311434ab816dd785cb6f31588f6c886728e76a3aceabf2757&

Analysis

max time kernel
63s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 19:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1250123717283942571/1257297706884534282/Loader.exe?ex=66ae153c&is=66acc3bc&hm=5984b63bead50f7311434ab816dd785cb6f31588f6c886728e76a3aceabf2757&

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 64 IoCs

pid	Process
4476	Loader.exe
1888	Loader.exe
364	Loader.exe
4904	Loader.exe
4048	Loader.exe
948	Loader.exe
4736	Loader.exe
1580	Loader.exe
2288	Loader.exe
3140	Loader.exe
3104	Loader.exe
1096	Loader.exe
2088	Loader.exe
432	Loader.exe
3868	Loader.exe
3100	Loader.exe
472	Loader.exe
3700	Loader.exe
2104	Loader.exe
4708	Loader.exe
2596	Loader.exe
2452	Loader.exe
1324	Loader.exe
4428	Loader.exe
1076	Loader.exe
4648	Loader.exe
4716	Loader.exe
2736	Loader.exe
1344	Loader.exe
4592	Loader.exe
2404	Loader.exe
660	Loader.exe
4544	Loader.exe
4676	Loader.exe
4980	Loader.exe
2136	Loader.exe
2036	Loader.exe
3068	Loader.exe
2944	Loader.exe
4272	Loader.exe
3968	Loader.exe
4436	Loader.exe
976	Loader.exe
3368	Loader.exe
728	Loader.exe
1092	Loader.exe
4844	Loader.exe
1032	Loader.exe
1356	Loader.exe
1432	Loader.exe
3192	Loader.exe
3556	Loader.exe
2704	Loader.exe
3544	Loader.exe
5080	Loader.exe
2804	Loader.exe
2928	Loader.exe
220	Loader.exe
3716	Loader.exe
1652	Loader.exe
3680	Loader.exe
2208	Loader.exe
4356	Loader.exe
4744	Loader.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 51 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	Loader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Loader.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Loader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "2"	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Loader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	Loader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Loader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Loader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	Loader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	Loader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Loader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	Loader.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	Loader.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	Loader.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Loader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "4294967295"	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Loader.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Loader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	Loader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Loader.exe
Key created	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	Loader.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Loader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	Loader.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 154526.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
3648	msedge.exe
3648	msedge.exe
3628	identity_helper.exe
3628	identity_helper.exe
1680	msedge.exe
1680	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4476	Loader.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe
3648	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4476	Loader.exe
4476	Loader.exe
1888	Loader.exe
364	Loader.exe
4904	Loader.exe
4048	Loader.exe
948	Loader.exe
4736	Loader.exe
1580	Loader.exe
2288	Loader.exe
3140	Loader.exe
3104	Loader.exe
1096	Loader.exe
2088	Loader.exe
432	Loader.exe
3868	Loader.exe
3100	Loader.exe
472	Loader.exe
3700	Loader.exe
2104	Loader.exe
4708	Loader.exe
2596	Loader.exe
2452	Loader.exe
1324	Loader.exe
4428	Loader.exe
1076	Loader.exe
4648	Loader.exe
4716	Loader.exe
2736	Loader.exe
1344	Loader.exe
4592	Loader.exe
2404	Loader.exe
660	Loader.exe
4544	Loader.exe
4676	Loader.exe
4980	Loader.exe
2136	Loader.exe
2036	Loader.exe
3068	Loader.exe
2944	Loader.exe
4272	Loader.exe
3968	Loader.exe
4436	Loader.exe
976	Loader.exe
3368	Loader.exe
728	Loader.exe
1092	Loader.exe
4844	Loader.exe
1032	Loader.exe
1356	Loader.exe
1432	Loader.exe
3192	Loader.exe
3556	Loader.exe
2704	Loader.exe
3544	Loader.exe
5080	Loader.exe
2804	Loader.exe
2928	Loader.exe
220	Loader.exe
3716	Loader.exe
1652	Loader.exe
3680	Loader.exe
2208	Loader.exe
4356	Loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3648 wrote to memory of 3704	3648	msedge.exe	81
PID 3648 wrote to memory of 3704	3648	msedge.exe	81
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 1432	3648	msedge.exe	82
PID 3648 wrote to memory of 2220	3648	msedge.exe	83
PID 3648 wrote to memory of 2220	3648	msedge.exe	83
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84
PID 3648 wrote to memory of 4764	3648	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1250123717283942571/1257297706884534282/Loader.exe?ex=66ae153c&is=66acc3bc&hm=5984b63bead50f7311434ab816dd785cb6f31588f6c886728e76a3aceabf2757&
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbf0b46f8,0x7ffdbf0b4708,0x7ffdbf0b4718
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,44616155383443833,16191999359683728358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1680
- C:\Users\Admin\Downloads\Loader.exe
  "C:\Users\Admin\Downloads\Loader.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2764

C:\Users\Admin\Downloads\Loader.exe
"C:\Users\Admin\Downloads\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1888
- C:\Users\Admin\Downloads\Loader.exe
  C:\Users\Admin\Downloads\Loader.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:364
- - C:\Users\Admin\Downloads\Loader.exe
    C:\Users\Admin\Downloads\Loader.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4904
  - - C:\Users\Admin\Downloads\Loader.exe
      C:\Users\Admin\Downloads\Loader.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4048
    - - C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4736
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3140
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3104
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:432
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        14⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3868
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        15⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3100
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        16⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:472
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        17⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3700
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        18⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        19⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4708
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        20⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        21⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        22⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        23⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4428
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        24⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        25⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4648
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        26⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4716
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        27⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        28⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        29⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4592
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        30⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        31⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:660
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        32⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4544
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        33⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4676
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        34⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4980
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        35⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        36⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        37⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        38⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        39⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4272
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        40⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3968
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        41⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4436
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        42⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:976
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        43⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3368
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        44⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:728
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        45⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        46⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4844
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        47⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        48⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        49⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        50⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3192
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        51⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3556
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        52⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        53⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3544
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        54⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5080
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        55⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        56⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        57⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:220
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        58⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3716
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        59⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        60⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3680
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        61⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        62⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4356
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        63⤵
        Executes dropped EXE
        
        PID:4744
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        64⤵
        
        PID:644
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        65⤵
        
        PID:3820
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        66⤵
        
        PID:4072
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        67⤵
        
        PID:4792
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        68⤵
        
        PID:1492
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        69⤵
        
        PID:4584
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        70⤵
        
        PID:2300
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        71⤵
        
        PID:1876
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        72⤵
        
        PID:224
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        73⤵
        
        PID:3520
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        74⤵
        
        PID:4536
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        75⤵
        
        PID:2016
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        76⤵
        
        PID:4572
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        77⤵
        
        PID:2244
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        78⤵
        
        PID:1532
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        79⤵
        
        PID:2960
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        80⤵
        
        PID:3232
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        81⤵
        
        PID:3636
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        82⤵
        
        PID:4596
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        83⤵
        
        PID:3284
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        84⤵
        
        PID:5136
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        85⤵
        
        PID:5156
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        86⤵
        
        PID:5176
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        87⤵
        
        PID:5196
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        88⤵
        
        PID:5216
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        89⤵
        
        PID:5236
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        90⤵
        
        PID:5256
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        91⤵
        
        PID:5276
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        92⤵
        
        PID:5296
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        93⤵
        
        PID:5316
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        94⤵
        
        PID:5336
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        95⤵
        
        PID:5356
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        96⤵
        
        PID:5376
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        97⤵
        
        PID:5396
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        98⤵
        
        PID:5416
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        99⤵
        
        PID:5440
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        100⤵
        
        PID:5460
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        101⤵
        
        PID:5480
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        102⤵
        
        PID:5500
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        103⤵
        
        PID:5524
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        104⤵
        
        PID:5544
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        105⤵
        
        PID:5564
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        106⤵
        
        PID:5588
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        107⤵
        
        PID:5608
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        108⤵
        
        PID:5628
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        109⤵
        
        PID:5652
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        110⤵
        
        PID:5676
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        111⤵
        
        PID:5696
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        112⤵
        
        PID:5716
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        113⤵
        
        PID:5736
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        114⤵
        
        PID:5756
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        115⤵
        
        PID:5776
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        116⤵
        
        PID:5796
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        117⤵
        
        PID:5816
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        118⤵
        
        PID:5836
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        119⤵
        
        PID:5860
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        120⤵
        
        PID:5880
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        121⤵
        
        PID:5900
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        122⤵
        
        PID:5920
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        123⤵
        
        PID:5944
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        124⤵
        
        PID:5968
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        125⤵
        
        PID:5988
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        126⤵
        
        PID:6008
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        127⤵
        
        PID:6028
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        128⤵
        
        PID:6048
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        129⤵
        
        PID:6068
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        130⤵
        
        PID:6088
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        131⤵
        
        PID:6108
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        132⤵
        
        PID:6128
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        133⤵
        
        PID:5144
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        134⤵
        
        PID:4580
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        135⤵
        
        PID:5364
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        136⤵
        
        PID:5468
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        137⤵
        
        PID:5572
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        138⤵
        
        PID:5684
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        139⤵
        
        PID:5784
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        140⤵
        
        PID:5908
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        141⤵
        
        PID:6016
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        142⤵
        
        PID:6116
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        143⤵
        
        PID:5508
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        144⤵
        
        PID:6056
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        145⤵
        
        PID:6156
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        146⤵
        
        PID:6176
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        147⤵
        
        PID:6196
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        148⤵
        
        PID:6220
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        149⤵
        
        PID:6240
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        150⤵
        
        PID:6260
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        151⤵
        
        PID:6280
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        152⤵
        
        PID:6304
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        153⤵
        
        PID:6328
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        154⤵
        
        PID:6348
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        155⤵
        
        PID:6368
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        156⤵
        
        PID:6388
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        157⤵
        
        PID:6408
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        158⤵
        
        PID:6428
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        159⤵
        
        PID:6452
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        160⤵
        
        PID:6472
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        161⤵
        
        PID:6492
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        162⤵
        
        PID:6516
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        163⤵
        
        PID:6536
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        164⤵
        
        PID:6560
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        165⤵
        
        PID:6584
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        166⤵
        
        PID:6604
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        167⤵
        
        PID:6624
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        168⤵
        
        PID:6644
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        169⤵
        
        PID:6664
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        170⤵
        
        PID:6688
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        171⤵
        
        PID:6708
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        172⤵
        
        PID:6728
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        173⤵
        
        PID:6748
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        174⤵
        
        PID:6768
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        175⤵
        
        PID:6788
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        176⤵
        
        PID:6808
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        177⤵
        
        PID:6828
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        178⤵
        
        PID:6848
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        179⤵
        
        PID:6872
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        180⤵
        
        PID:6892
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        181⤵
        
        PID:6912
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        182⤵
        
        PID:6932
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        183⤵
        
        PID:6952
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        184⤵
        
        PID:6976
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        185⤵
        
        PID:6996
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        186⤵
        
        PID:7016
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        187⤵
        
        PID:7036
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        188⤵
        
        PID:7056
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        189⤵
        
        PID:7076
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        190⤵
        
        PID:7100
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        191⤵
        
        PID:7120
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        192⤵
        
        PID:7140
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        193⤵
        
        PID:7160
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        194⤵
        
        PID:6228
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        195⤵
        
        PID:6336
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        196⤵
        
        PID:6436
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        197⤵
        
        PID:6544
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        198⤵
        
        PID:6652
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        199⤵
        
        PID:6756
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        200⤵
        
        PID:6856
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        201⤵
        
        PID:6960
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        202⤵
        
        PID:7064
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        203⤵
        
        PID:5724
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        204⤵
        
        PID:6592
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        205⤵
        
        PID:7108
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        206⤵
        
        PID:7180
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        207⤵
        
        PID:7200
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        208⤵
        
        PID:7220
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        209⤵
        
        PID:7240
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        210⤵
        
        PID:7260
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        211⤵
        
        PID:7280
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        212⤵
        
        PID:7300
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        213⤵
        
        PID:7320
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        214⤵
        
        PID:7340
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        215⤵
        
        PID:7360
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        216⤵
        
        PID:7380
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        217⤵
        
        PID:7404
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        218⤵
        
        PID:7424
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        219⤵
        
        PID:7444
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        220⤵
        
        PID:7464
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        221⤵
        
        PID:7488
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        222⤵
        
        PID:7508
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        223⤵
        
        PID:7532
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        224⤵
        
        PID:7556
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        225⤵
        
        PID:7576
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        226⤵
        
        PID:7596
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        227⤵
        
        PID:7616
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        228⤵
        
        PID:7636
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        229⤵
        
        PID:7656
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        230⤵
        
        PID:7676
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        231⤵
        
        PID:7696
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        232⤵
        
        PID:7716
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        233⤵
        
        PID:7740
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        234⤵
        
        PID:7760
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        235⤵
        
        PID:7780
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        236⤵
        
        PID:7800
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        237⤵
        
        PID:7820
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        238⤵
        
        PID:7840
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        239⤵
        
        PID:7860
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        240⤵
        
        PID:7880
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        241⤵
        
        PID:7900
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        242⤵
        
        PID:7920
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        243⤵
        
        PID:7940
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        244⤵
        
        PID:7960
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        245⤵
        
        PID:7984
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        246⤵
        
        PID:8004
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        247⤵
        
        PID:8024
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        248⤵
        
        PID:8044
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        249⤵
        
        PID:8064
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        250⤵
        
        PID:8084
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        251⤵
        
        PID:8104
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        252⤵
        
        PID:8124
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        253⤵
        
        PID:8144
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        254⤵
        
        PID:8164
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        255⤵
        
        PID:8184
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        256⤵
        
        PID:7228
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        257⤵
        
        PID:7328
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        258⤵
        
        PID:7432
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        259⤵
        
        PID:7540
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        260⤵
        
        PID:7644
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        261⤵
        
        PID:7768
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        262⤵
        
        PID:7868
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        263⤵
        
        PID:7968
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        264⤵
        
        PID:8072
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        265⤵
        
        PID:8172
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        266⤵
        
        PID:7584
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        267⤵
        
        PID:8112
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        268⤵
        
        PID:8204
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        269⤵
        
        PID:8224
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        270⤵
        
        PID:8244
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        271⤵
        
        PID:8268
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        272⤵
        
        PID:8288
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        273⤵
        
        PID:8312
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        274⤵
        
        PID:8332
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        275⤵
        
        PID:8356
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        276⤵
        
        PID:8376
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        277⤵
        
        PID:8396
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        278⤵
        
        PID:8416
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        279⤵
        
        PID:8440
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        280⤵
        
        PID:8460
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        281⤵
        
        PID:8480
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        282⤵
        
        PID:8504
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        283⤵
        
        PID:8524
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        284⤵
        
        PID:8544
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        285⤵
        
        PID:8568
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        286⤵
        
        PID:8588
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        287⤵
        
        PID:8608
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        288⤵
        
        PID:8628
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        289⤵
        
        PID:8652
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        290⤵
        
        PID:8672
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        291⤵
        
        PID:8692
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        292⤵
        
        PID:8712
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        293⤵
        
        PID:8732
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        294⤵
        
        PID:8752
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        295⤵
        
        PID:8776
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        296⤵
        
        PID:8796
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        297⤵
        
        PID:8816
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        298⤵
        
        PID:8840
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        299⤵
        
        PID:8860
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        300⤵
        
        PID:8880
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        301⤵
        
        PID:8900
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        302⤵
        
        PID:8920
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        303⤵
        
        PID:8940
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        304⤵
        
        PID:8960
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        305⤵
        
        PID:8984
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        306⤵
        
        PID:9004
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        307⤵
        
        PID:9024
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        308⤵
        
        PID:9044
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        309⤵
        
        PID:9068
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        310⤵
        
        PID:9088
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        311⤵
        
        PID:9108
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        312⤵
        
        PID:9128
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        313⤵
        
        PID:9152
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        314⤵
        
        PID:9172
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        315⤵
        
        PID:9192
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        316⤵
        
        PID:9212
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        317⤵
        
        PID:8276
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        318⤵
        
        PID:8404
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        319⤵
        
        PID:8532
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        320⤵
        
        PID:8636
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        321⤵
        
        PID:8760
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        322⤵
        
        PID:8868
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        323⤵
        
        PID:8992
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        324⤵
        
        PID:9096
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        325⤵
        
        PID:9200
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        326⤵
        
        PID:8804
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        327⤵
        
        PID:9032
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        328⤵
        
        PID:9236
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        329⤵
        
        PID:9256
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        330⤵
        
        PID:9276
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        331⤵
        
        PID:9296
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        332⤵
        
        PID:9316
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        333⤵
        
        PID:9336
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        334⤵
        
        PID:9356
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        335⤵
        
        PID:9376
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        336⤵
        
        PID:9396
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        337⤵
        
        PID:9416
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        338⤵
        
        PID:9436
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        339⤵
        
        PID:9456
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        340⤵
        
        PID:9476
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        341⤵
        
        PID:9496
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        342⤵
        
        PID:9516
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        343⤵
        
        PID:9536
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        344⤵
        
        PID:9556
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        345⤵
        
        PID:9576
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        346⤵
        
        PID:9596
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        347⤵
        
        PID:9616
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        348⤵
        
        PID:9636
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        349⤵
        
        PID:9660
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        350⤵
        
        PID:9680
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        351⤵
        
        PID:9700
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        352⤵
        
        PID:9724
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        353⤵
        
        PID:9744
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        354⤵
        
        PID:9768
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        355⤵
        
        PID:9788
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        356⤵
        
        PID:9808
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        357⤵
        
        PID:9832
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        358⤵
        
        PID:9852
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        359⤵
        
        PID:9872
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        360⤵
        
        PID:9892
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        361⤵
        
        PID:9912
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        362⤵
        
        PID:9932
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        363⤵
        
        PID:9956
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        364⤵
        
        PID:9976
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        365⤵
        
        PID:9996
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        366⤵
        
        PID:10016
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        367⤵
        
        PID:10036
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        368⤵
        
        PID:10056
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        369⤵
        
        PID:10080
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        370⤵
        
        PID:10100
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        371⤵
        
        PID:10120
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        372⤵
        
        PID:10160
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        373⤵
        
        PID:10180
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        374⤵
        
        PID:10200
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        375⤵
        
        PID:10220
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        376⤵
        
        PID:9244
        
        C:\Users\Admin\Downloads\Loader.exe
        
        C:\Users\Admin\Downloads\Loader.exe
        377⤵
        
        PID:9344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff63763eedb406987ced076e36ec9acf

SHA1
16365aa97cd1a115412f8ae436d5d4e9be5f7b5d

SHA256
8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c

SHA512
ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2783c40400a8912a79cfd383da731086

SHA1
001a131fe399c30973089e18358818090ca81789

SHA256
331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5

SHA512
b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95526705785114618fe49a50c27d38bf

SHA1
359f0c6ce246cc9e6a162f10f9e7786d7001a664

SHA256
66d4f0b5aaed08148682284c3e646497b668581533a5a23e7785d24d50607c3e

SHA512
1a6cb250603cb9b767c9b452a1c3b151af526061a55e8a7201a272eb59cf4aa1d34100bbfe0f7c1e7bd9ca7ffe8e81cc2feaadbb8da5014b498575211b0dc8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6cde4821fbb7fa0ad4f3c2a181343c7c

SHA1
d78f99034436a160b99026dd3e3f0affe58cbc06

SHA256
64c315f1380164a59de1e5520cc586b8ce7434affc7000cbe2a7a3d754857319

SHA512
3c5b451c93e5b4e80f394d1e7386c3cb6f55286aa35a67feda3098210f0c472e70fd5b2a37a032f00defe9e53739ff36d746606d193e28936f24622cb44420e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b6955054979d04709e51c1e31f99c04

SHA1
fc9b8751a5c8bbc9879ec0fc05737e56463c9232

SHA256
fd9e77eb088678ddf496ec14bbb698db372c94b3230f105e270c9d598fa5e203

SHA512
4d69e0f8008e252887357a4f73674ec362d876686866ac094cfd7e46aed1b7d256f9bb9083dd864b2ffb89ef378d172fe8c0f41749f72d863480e62125efded4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
73e5f6d6596bfa8c020ae363fb478737

SHA1
8a5e3cc31700344dcf710c453e09229bb7807632

SHA256
8926f734f4ecc76346c6de69e92b4135fd4aa1e804db8c037fe2a287de462a0c

SHA512
aed1f4b217b511a85f788c960b59b375c75321478433533d7eea56a6a17108943fdea22b423c5daf71e4174fc51770d45ddc7e733abcae2fa882382256ebfade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9a38a947a7f613ff217857e4877294f4

SHA1
f88f8c8dd274353f04c3ea966d33a2b9b45f0180

SHA256
46be7bbd27a24f987715e884dd45f7757b4126d0290f20c80a619c0491a0a654

SHA512
5bbda6c2e521d114bbd1105996ad8d4bdaa940341be4275a6502fa7d13718c353e1cf3c2eb014188dbafaf1397dd37b1971647b910e3bf25cfd3373db68829e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c1764b13e2690a12a7205ae89f64a28f

SHA1
4159e5b50e2931dadc1b44015bb91b3e7bf97182

SHA256
daa68a189dde2c7299a6e5b59e7d85c366cc266a7aa91e9ee18d2bc9866022ec

SHA512
a778429e57a6c6a9bee8d3257f17388d2a0229928f23cdd5b8814732752e08c2d94fc71b2eccea47a3503dae119482313dcb73eb1ce1535b349f3f1ca315ce48

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 154526.crdownload

Filesize
48KB

MD5
3668e97d95b35672e4a8eb7cb1da1cf5

SHA1
2dc3e500ac21d9c07af38e5f70f83ec7bc30bace

SHA256
dc06db1dc05fad16aa820074f03db3cf2cea5f5b9e5ff9136f5cad896ccf0ab8

SHA512
61952fedcec08d8d940899381bef50a0e82cb86f226a4d207eccaa0958da6f71f517fb5ba2e704dfce320812bf1ba7e03fa934fb860cd57d69f43cc625195507

Download Submit
C:\hellokittyfan48\gamepath.txt

Filesize
35B

MD5
e20c01ac04b753d6f316231336512ceb

SHA1
7391bea1460053893fab2aa9be186e3e294bca8e

SHA256
788e83a77aa8372bb64846fcbe2e6c9feb5f4907924f752381b2eb545aae8dc6

SHA512
44ec0ae89b712f310f669f7e01e136267a5f1700b82774acf309ad0a742e2a869aca54613b519abf97687536af54b59716313fda6e09f99fde9952fe1831cf96

Download Submit