hxxps://anonymfile[.]com/49K3a/red-giant-magic-bullet-suite-20241-x64[.]rar

Analysis

max time kernel
149s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2024 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anonymfile.com/49K3a/red-giant-magic-bullet-suite-20241-x64.rar

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4420	Magic Bullet Suite Installer.exe
1784	rgdeploy.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Red Giant Magic Bullet Suite 2024.1 (x64).rar:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4420	Magic Bullet Suite Installer.exe
4420	Magic Bullet Suite Installer.exe
372	msedge.exe
372	msedge.exe
1284	msedge.exe
1284	msedge.exe
5472	identity_helper.exe
5472	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	3116	firefox.exe
Token: SeDebugPrivilege	3116	firefox.exe
Token: SeDebugPrivilege	3116	firefox.exe
Token: SeRestorePrivilege	3316	7zG.exe
Token: 35	3316	7zG.exe
Token: SeSecurityPrivilege	3316	7zG.exe
Token: SeSecurityPrivilege	3316	7zG.exe
Token: SeDebugPrivilege	3116	firefox.exe
Token: SeDebugPrivilege	3116	firefox.exe
Token: SeDebugPrivilege	3116	firefox.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3316	7zG.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
3116	firefox.exe
4420	Magic Bullet Suite Installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3560 wrote to memory of 3116	3560	firefox.exe	83
PID 3560 wrote to memory of 3116	3560	firefox.exe	83
PID 3560 wrote to memory of 3116	3560	firefox.exe	83
PID 3560 wrote to memory of 3116	3560	firefox.exe	83
PID 3560 wrote to memory of 3116	3560	firefox.exe	83
PID 3560 wrote to memory of 3116	3560	firefox.exe	83
PID 3560 wrote to memory of 3116	3560	firefox.exe	83
PID 3560 wrote to memory of 3116	3560	firefox.exe	83
PID 3560 wrote to memory of 3116	3560	firefox.exe	83
PID 3560 wrote to memory of 3116	3560	firefox.exe	83
PID 3560 wrote to memory of 3116	3560	firefox.exe	83
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 2148	3116	firefox.exe	84
PID 3116 wrote to memory of 1204	3116	firefox.exe	85
PID 3116 wrote to memory of 1204	3116	firefox.exe	85
PID 3116 wrote to memory of 1204	3116	firefox.exe	85
PID 3116 wrote to memory of 1204	3116	firefox.exe	85
PID 3116 wrote to memory of 1204	3116	firefox.exe	85
PID 3116 wrote to memory of 1204	3116	firefox.exe	85
PID 3116 wrote to memory of 1204	3116	firefox.exe	85
PID 3116 wrote to memory of 1204	3116	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://anonymfile.com/49K3a/red-giant-magic-bullet-suite-20241-x64.rar"
1⤵
- Suspicious use of WriteProcessMemory
PID:3560
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://anonymfile.com/49K3a/red-giant-magic-bullet-suite-20241-x64.rar
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {addf862f-d987-4f36-988d-af872a8caa5f} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" gpu
    3⤵
    PID:2148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2432 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7656113-40cf-4ca8-a383-d5f66cdbdc10} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" socket
    3⤵
    PID:1204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2908 -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3084 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41aa846a-58de-4635-8885-58d102e0a852} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" tab
    3⤵
    PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2948 -childID 2 -isForBrowser -prefsHandle 1308 -prefMapHandle 3240 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d743c2b8-469a-4fb1-8540-8678602f69e1} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" tab
    3⤵
    PID:4940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4688 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4684 -prefMapHandle 4736 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1e6cf32-1cf2-4391-bbee-e184af1e1728} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" utility
    3⤵
    - Checks processor information in registry
    PID:3532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5464 -childID 3 -isForBrowser -prefsHandle 5456 -prefMapHandle 5432 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42c93ea9-7137-41b8-93d1-5290b90d0bd3} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" tab
    3⤵
    PID:1348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 4 -isForBrowser -prefsHandle 5408 -prefMapHandle 5436 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {174a74b5-106e-4555-ae9e-16baf5c764cb} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" tab
    3⤵
    PID:1836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5692 -childID 5 -isForBrowser -prefsHandle 5588 -prefMapHandle 5432 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11f97220-7493-47df-bf03-c085a8a2fe26} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" tab
    3⤵
    PID:2460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6080 -childID 6 -isForBrowser -prefsHandle 5904 -prefMapHandle 5912 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f5480c4-2c16-4848-b858-15048cf7e34f} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" tab
    3⤵
    PID:4024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 7 -isForBrowser -prefsHandle 5652 -prefMapHandle 3240 -prefsLen 30902 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {487aabb9-759b-4177-b864-099ff9bf2ee2} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" tab
    3⤵
    PID:3008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5628 -childID 8 -isForBrowser -prefsHandle 6472 -prefMapHandle 6476 -prefsLen 30902 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {faa3d875-e5ce-4e2c-8560-60adc3b94501} 3116 "\\.\pipe\gecko-crash-server-pipe.3116" tab
    3⤵
    PID:2728

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5112

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap11133:144:7zEvent9101
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3316

C:\Users\Admin\Downloads\Setup\Magic Bullet Suite Installer.exe
"C:\Users\Admin\Downloads\Setup\Magic Bullet Suite Installer.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.maxon.net/application-manager/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdfacd46f8,0x7ffdfacd4708,0x7ffdfacd4718
    3⤵
    PID:1012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,12055777392586313151,10856881587139408910,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
    3⤵
    PID:808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,12055777392586313151,10856881587139408910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,12055777392586313151,10856881587139408910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
    3⤵
    PID:1628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12055777392586313151,10856881587139408910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
    3⤵
    PID:4072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12055777392586313151,10856881587139408910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:5112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,12055777392586313151,10856881587139408910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
    3⤵
    PID:5508
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,12055777392586313151,10856881587139408910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
    3⤵
    PID:5976
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,12055777392586313151,10856881587139408910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5824 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5148

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Setup\Scripts\install.bat" "
1⤵
PID:4996
- C:\Users\Admin\Downloads\Setup\Scripts\bin\rgdeploy.exe
  "C:\Users\Admin\Downloads\Setup\Scripts\\bin\rgdeploy.exe" --verbose dir="C:\Users\Admin\Downloads\Setup\Scripts\..\packages"
  2⤵
  - Executes dropped EXE
  PID:1784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cf4acb5d37ac31dde5c6dcbdde6b1ec3

SHA1
3d0dbc1e6a2a343054b129acf56d2598c5210554

SHA256
d3f1a6c4b861627df19af252fab04ac60dcd71007c5ee1d352c65acd0f21317d

SHA512
06157207a5c88abde47751b30d8f6818d8204bdd3150cf80de6d26eb8c2984f751b43af36a50b07289e907790ad2951d1a7b891a9b56844764f95fe63c0a5657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
af6a8af67a821aefc1c8a679251ee42e

SHA1
917f57eaced3ab0dbe9bf623431805e4475bb2cd

SHA256
b0a6f5f36828272a55830ae079f2ec3a97661ed72e47e89a8bc68ea775d15774

SHA512
e23da5b6671c0cbf0a608baa184201478f3576ff4b4e5f4341372ef51a8ac8d416e5d4bfa417eceb2e7e370406ff9ccb41054749d440e50e5792d61533a93b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55c11ecc81b565ce1d7124e408915701

SHA1
3e611fff7c115d983ecb98d2d60a0ef589e025f2

SHA256
b6c91403bbadda89f8e0a727e322f3315a5e8a27b8ecd99c99c20c4761897400

SHA512
1e9674df69c674ff129176157009377f70d3b9b7a978eb1113cda717647cb977c4e6d8b051b9d94c8809f9747ea2eb68e3c1bb92bed867460f65434feb35f5b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
14b9c1d35ccb6e2380b6948a4e9ddb48

SHA1
c6d765d767074dab653eebd1a10d77a6123e5b60

SHA256
0d79876c2c638dda205e2c7c8bc7004767705cda0a237ff2b22c468af23ea6a1

SHA512
5f35fd2dba0f5d67db692063dd554ceec15d9512d667358a3c1633a8bee9db693d7aab73b30322d48d0f00218b1e9a79b16b18fea4cc77dec242657f41140547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0a11796dd28f84f5dc6057ddf4247de4

SHA1
e9189f4f619c5283795c03f6c122c5b1ceb6d4d3

SHA256
3fdcb43772ca8614e3335f53caaa8e80f150a2ae1a4b3d71d365f07dc58ad9ae

SHA512
b814e3f7a9b8bf59bbfb5579bcf5aba3347cd974ade9a050f787aa0d6036647c7d31c6ca527208bb38dec09eb0a70a77e8fd6f672739450de05875d2deac9a18

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
84287c1554eca794a5692d29eb7e871f

SHA1
d667663f095c5f8ae864ab648ed297dda2491e7f

SHA256
a6f16ffc8116c28f92ceaca83976a5a9dfc41d83af5a1968c1ebd61601d63ea3

SHA512
dac436c094898cb00421c4c0fbd671f2dc3bc25d80d7aed5b2ed8ec7024afd4bf899780cfe128db74526641ba3973e47465d6182b127f0ac7f30690e749f6dec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
3c06a577eaab868a8cdd56bb15bae63d

SHA1
28dcc8ee13ff6d706bb4f0a9e5eb5678ec5cf6be

SHA256
588b559b89483a283b8f99d02af6bff234ea697d21393b2207dd5ff940c1a98a

SHA512
87194999e090b3047ccc6e55fdfe49cd7a7d9bf61a6256da75647353710f1d53e49d07f54dc9a27894a27d543ce501cd6b1243ab7511c7b6de2a1feacc9a3d7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
17KB

MD5
7be863edf9d8aa7b36f6b7370770f080

SHA1
08712813e91f2df4eed26621572f732d6b44110c

SHA256
9e25b75a9e1ea0355429ddf055d301512ca10c61a755d1d0c16b18eb2ba0a962

SHA512
0741fc8dfdd479a9e8b137b36d6fe7964619f0ea38d12f6b9cd6323f7da4c7a7e2ebd5dd7f8e0f85d72f76f7b27584182b28aace09a0df738c7a40276970ed6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
8KB

MD5
a4ff7d46c0d9db1b1b55fd6192a3f920

SHA1
8cae16a4764125404ff2ef4757fc364f203f7cd6

SHA256
dc2049558522933a9353156b07194a845667350f534dcc2d8dfd2d89f8fd7b31

SHA512
81e1e87ab22e4ff8fa3babdc351d8a20d948de93f15f4f1aa1375035920b0058c19f4a32fb3fc07a743e48d7b2dd22284f32901175555f555cb7d86963241185

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
359368e1fff02f10f26d11d4b097c8ba

SHA1
58dba16e4e6735902aaa2bdbb3fae35a65b7adc6

SHA256
db2ad727e66ce2575ef316af05a9672ab55e6103a5819c63cdfa8c4e61b45c20

SHA512
89a8b748234a7de5a26f8a6841f184d21407230e10d6abd203fe25b0356fea1d494ebea95610bb481d7b4a83c70a0bb56d650466e29f43511303f5684b719a10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
49975b11d4b86d15ad85d07f335a565b

SHA1
469b315f0ab67c078c50e0734924bbed7cc95cb9

SHA256
a03afa4063691d06470046780ed813e8a6fb45f4e0dda3c998fb4925bdd7fbf5

SHA512
11ae2a597fd6a5178691a531de54c0d0912622b30cdb78dea191297d54c9a1e69337764b8a9b458ed7f0d6ea3cbf3bbf1996a58d63772d909e78a12353f9c696

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
5dfc7e0dbddc5aadd520ed38893f8dc1

SHA1
ec35e6c4e0e53774adeae2f2da7c52e9a4df46e5

SHA256
c4adf9cdc1a872b4e379919f3f1fd054ef8fd1fea9d8e8b0321394a4c69a8eb0

SHA512
ec72b0facd5b8c2a3d3a82e881aeec975bb054899335522f0eb2bd9163a18f69c539219e906af43102d4ec9037b1ff781daebb21778029e793b486e37bfee08f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\33e64b1b-db72-47b6-82e8-64e204cf75ad

Filesize
982B

MD5
6a6530a20c19890014df175c08a98639

SHA1
bab5da4fe76e3cab17fa219887ad1abe503f5129

SHA256
2568339bf4a09d135b1375187a8e133efedccfdf824a5762fc2053d2eeddc851

SHA512
bbf4069bd1a241741a8b0c420911e29b2a1fb2c8dfa46ef0385682359e9a776ff8fd679ed7e04fbf3916235a7753eba172b2020d793ab4daf34e3d0033e2dc58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\530498ff-2685-4387-96a0-4e37805437ed

Filesize
671B

MD5
abcfc7a040a1e758ca5e4fa893d49985

SHA1
7b5b309771ff8cd52f2e2969b6922c8f9f4645e9

SHA256
cd80f717bd8e8239140574bad503ae0c1e5adf5ef52052a3be320f4c6c31a9de

SHA512
c54210ed791f237f9d3930fb9ab7f39977db1241dca82c2e91f93ccd4c1b7cdadca5dd74ce69be48d23d4cc23840ff4841ad62f7edd4a20298016726ba2f6f96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\71163f8d-9d81-402c-b311-f85098a7f92d

Filesize
28KB

MD5
ea2a3df849fc668565c68f490ab11b74

SHA1
769e6f01049575fd9cf39247def3793f55447c2e

SHA256
8459007b401eb419554496b0d8e92e2867323fc1ab6cc720f89ac2d39de72a30

SHA512
d9c9e404273d11bfece23c12745eb8a210d2f2e2ca2abc5ea23eced023ef9cff264870d1185474e8256f422ade77166769d41b1bec6571dbcdb9c9769a66588d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
13KB

MD5
b4f35c1ab47290f04f3268f293c92d2f

SHA1
168d71bdeac27e6bd10cf7589269b40f83dd7399

SHA256
a45245c2fa8a50527d3c85b73092cc612d7bc0527f0f025cb780741a72272abd

SHA512
3c5036af5beb7c4f6a17022b776a3bf9e1b93a33c067e921ab1d544c4c520592100b67db2fc30f262bc6d67de812ce62b88e17e4ea4dbca177750c329347b087

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
16KB

MD5
4ffc685dc7dd6fa86c9a03926c4ebb32

SHA1
50a81cf74894d577ce0dc616a592c162ded1c96b

SHA256
55af1013a5a8d7673a466dd896ae9cf65d7af47ecf3bef1ca9f049959eab81ed

SHA512
113077113e4381c1a739c83647b9a11bc76ba0110f46954985f272881c20a507f7b441dbe834b1409511b0f49f967e54946438525d5e6c86dc2fd8e0dbd217d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js

Filesize
11KB

MD5
cd20d59e0710f87213a951fccf69f5a4

SHA1
8d3b6a53d7896b77c59dfe71f84e0345e006b789

SHA256
6964e9fe041a906b5bf30b083041f2d283e1f280263023b43a9e7217f1938e20

SHA512
6babff38e7c5f6ca8059d23d00faa0e96edabadb7be3dd1ca6ce64be80773b9a6a728d3e62f0358c10ae77f63c3043f78ca4897965ea4b669a276a4f39a18204

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
50KB

MD5
d3050794cda7ab334240713e73afac2c

SHA1
0e3d1ffebd5044b3a0da6a4a6020510e79ea1542

SHA256
64f9f9a8d857af5c745acdd94c065784d213fddd25e872c25114c6699ed0c482

SHA512
bed4cc4f3985e419a1f69f0310b8964c3f5eec010448c6ae7d5592bcc34f0b6c22513d8c3838d34d590d33ac984aae32ffdb8bc5a09592f8e51ee3273cc03733

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
54KB

MD5
bc14413e4197e47ce168b7b990bd6bab

SHA1
ba0dacd1813719ab431e2a9bc65547e40db8c91c

SHA256
feb8d36fb595fe7df579f5f7d20dc4c1bc5a42d22192c74a3946c3e158968425

SHA512
eea0a425aa3eb96d34c2506d4f26e07cec0e4461395fa514efc83c7c341461283e64a44cf1dca458001847a936f14002135ee9ad757e72062e53a298b2529005

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
50KB

MD5
2b92df874b851159706fbb54e61e6e10

SHA1
e5c374efd6f26a570518ffe822567d35868aaf31

SHA256
30de9937d54cc92dc1926957aefb775397de2382747a22f8498db10cb49584f7

SHA512
b8090c5cea917b545e9a2e12dd0471a129e5e6ff491df12586cee6236a896a561b7762301d4a674a5973de3f389977b2b829e9af236d79d9eaef279d6ea30942

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\storage\default\https+++coinmarketcap.com\idb\2004891546ccm.sqlite

Filesize
48KB

MD5
b9d78edb6ebae8d4a0a4e8b36dec2919

SHA1
651b175f09cc969b2fdf3c8f36c5f0b2aa41950b

SHA256
9d42cc1a3461a6ef657ffd89a91c0b6b156e1dc28c3740fa682464175f3fefaf

SHA512
45534f9a95ab4fdf66d7e11077a763a5ae185c0b06216d7e47520ba7d3d98de63da60502b0fd38f0ad7a80ebb777943baea1ea83a8fe790899ab329ed6199191

Download Submit
C:\Users\Admin\Downloads\Setup\Magic Bullet Suite Installer.exe

Filesize
2.7MB

MD5
787b52ac70aefcc43b0eeaee475d55fa

SHA1
1c66d4b77258f0a986951464c864a281f899c6f0

SHA256
544846e8a108a1f31aeb61a50713851c5baf7927cf0a1cd8906aafcae432e450

SHA512
3b159f7f649322473cd486b3da71d664a588e53da09e4e92e7f1e90d29e1ce2c588a8a86c83e1253e43d7a42f156f211c01a0ae0ca616879d1a5aa5ab580e9b2

Download Submit
C:\Users\Admin\Downloads\Setup\Scripts\bin\rgdeploy.exe

Filesize
1.8MB

MD5
60ab80af7c1e0df829e7bbb4339c5863

SHA1
1e8e2646c2eeb7bad583902ba9c4b685cf3611be

SHA256
8dac4f5608d8e0cdeb8f3d61de1ec21b17c847e53eec83c7ba0db62dacccdef5

SHA512
89cd620692d06b34e00421c478d2ea018ba2efc3ee1021ce2308c00cfaa6bdb579e7c3af2a6627fcd312e8d650dde9550cfa13b931220efa3e4c8a4b37d518df

Download Submit
C:\Users\Admin\Downloads\Setup\Scripts\install.bat

Filesize
234B

MD5
17c1b044dc24be6156bc9e4309eaec92

SHA1
40f0d20d97e1e6e963633e0628a31ec555bcd94c

SHA256
706b2ab0d12d78592b0f3bd6763f80b9ab31a553bcc26ee2cca54d5ba108819f

SHA512
dba4948c47313ac64ba9e821b6b293f8796455196946e52f3bd2bacc5c94a86568d455662f72d478c4ad8db612e393f6487cd74e60d778b87a5f9c6a380a998a

Download Submit
C:\Users\Admin\Downloads\Setup\packages\com.redgiant.branding.zip

Filesize
1.6MB

MD5
68c373dd485d670b6854bae1c95dd4ca

SHA1
63b063734911066f20e02ee13d3834052738c23e

SHA256
3951d4dc8db94f466e9ae641fb530f02e796f14ea44a0153a1f0865f7ad11774

SHA512
018a01e71ed083ad493c0c4ef5f792a7058802ed0ea2e66cb2632c217dc8a69f26b9c814463a6eb95ae1e60ccc0d71bc7c6d4c2f9dd5d9fc012f421573a75abc

Download Submit
C:\Users\Admin\Downloads\Setup\packages\com.redgiant.content-coreui.zip

Filesize
27.9MB

MD5
0e6391aca71cae5eae905dfbce735706

SHA1
fe7906dc56e03242b351c500412dc6c12fb79bd1

SHA256
f0e4e7d5b3582bc1a19b2b17671f4adf9726c5203a75a1f0d708ea93a463068e

SHA512
d6f9bb1c0dd6811bac3b2e155d2aae1e2a3997b9e307b702dc9a0c234ffb69f673a6fa0293c5fa3518269a0954e8febe2d0735397aaa50b984ccbca5c6514ae1

Download Submit
C:\Users\Admin\Downloads\Setup\packages\com.redgiant.magicbullet.coloristaIV.zip

Filesize
13.2MB

MD5
fa84c5cd695ff5a2315d9007ecef37d7

SHA1
648a4b98e41102030b63d4d742c460c79bbf645a

SHA256
397434eec29fed1d689a58ca427dc30cfc0f2512bff82d50d2f82343fd7b42c3

SHA512
c0a14c530224e9cdf6d407b7a985a06a303cc1cd5c64057a4b6dd527e84d1d86cea6df5012804b433c0fb73105207bb8a7b009eb5e35df25ffbf2e93c86f90c2

Download Submit
C:\Users\Admin\Downloads\Setup\packages\com.redgiant.magicbullet.cosmo.zip

Filesize
4.5MB

MD5
b18399451ce321f01899f5122b724762

SHA1
8331f55af253415e5d64bfcf56197ad432b487f6

SHA256
7b7e7b19762172723a35a46059497dd6f7d3b114177c75c54ce3dbfb1a40cf89

SHA512
b1f516612b833bd2cc072e1993c0a04e72c30f573a0b5086aabe56ff8e9a3961ea745f1e05d1d63295f4d360339aa7184ad3ff198fa912ef0a3c5039e35f6986

Download Submit
C:\Users\Admin\Downloads\Setup\packages\com.redgiant.magicbullet.denoiser3.zip

Filesize
648KB

MD5
d0ae0202a6fa78ee9502c0ff2fe082ae

SHA1
50bb18d72cad027fb5dcb7cdc6d94fe11154749a

SHA256
76cdaf10b837323f084bfb2f569d30d8391a239eb5c4f3261dd547986e99c2c0

SHA512
0902b911dedab6c76fdd6b2e9cddd5a7430d6e91b8165901441ad3d718ec339b47a0437eb61e74b5697b97b97805165832e760bf77dee3013e04233f0754507f

Download Submit
C:\Users\Admin\Downloads\Setup\packages\com.redgiant.magicbullet.film.zip

Filesize
17.8MB

MD5
3918614c8c1ba1fcaa37daee56ca6d1e

SHA1
b8d32206af91d5651c016b2374b52089561d7004

SHA256
36d3b9f4a60aa555ef4881ba4f24c11c76d19a036e723dbbfcf43919b4011339

SHA512
918d7593f49875875b59dd029a40c08bd3e5598a5b069d531ef13b24eca3864120e0535d0bae0e6044884c206517f8b0eeeee12d6d3a07e38e6d9e5445ae344d

Download Submit
C:\Users\Admin\Downloads\Setup\packages\com.redgiant.magicbullet.json

Filesize
247B

MD5
8d4d05076650f469ce5d42304708aec1

SHA1
538f4b7b75d43bf40e2d048c2ad63192399ada60

SHA256
a59c52eef5bd0b04599a11086b89f1405ae70b403bd1a3da0caa3dcdd9e74ded

SHA512
9276abaee952666da39b186a9b2680bed9d1079379f1b0d4b483531db34bcbb800e2cc5d25517f2c1e0840283e0905fcc86b98a885a15b98b094d6d63f83643d

Download Submit
C:\Users\Admin\Downloads\Setup\packages\com.redgiant.magicbullet.luts.zip

Filesize
5.2MB

MD5
e7c9b6cba490ee123e39d37b2ef3b8a6

SHA1
dc2122a7a4026891ad8b8eaa6bd53880fc34b03b

SHA256
f90dc41d87f1ced97ebe064733093efaecc247342a9eb53797f75b010e1e5433

SHA512
c79586f4d37fe0ef4e0901d14665a918e5ffa8dbc5e3d34344748c24bf5ae9b5c4f110353c2d2b6281d84b9569ab325fd5c5b308c45b5f4c9709f6a1331d2f30

Download Submit
C:\Users\Admin\Downloads\Setup\packages\com.redgiant.magicbullet.mojo.zip

Filesize
5.7MB

MD5
499bb1ff2e9aaa5d2ed515e66384a68a

SHA1
ec71c7d2b3fe40a2b0ce16e95dbb74bf1f8f0513

SHA256
c5d130504c12875f3431fb47bd540c967b70806008cbfa286730c77f48a9c5e8

SHA512
42ba831f56624572c043a6c5929f644a0fa236a49650c1dfc0b43118356cfc7e53de388f31bd9834654f432173723f0e82a4666e06bad8d0a38ccb16d42342b0

Download Submit
C:\Users\Admin\Downloads\Setup\packages\com.redgiant.magicbullet.renoiser.zip

Filesize
4.8MB

MD5
c84ababec470d079070048373715e86f

SHA1
492e98841caed7ce6b82f8dfd8237d3335bbd6f9

SHA256
9c2c9681e5dda06a39d2de5ea893f4fc405321566dbfb199f2c9d78f2bcb3111

SHA512
63d15e03381715a18a616a3099b49cebacab4185b2fc35cb3dae3bce68a21636d4b1e77790dd218afa2dc57781dacc53c142baee1ca7b98fd503293df5f0572f

Download Submit
C:\Users\Admin\Downloads\Setup\packages\com.redgiant.rguninstaller.zip

Filesize
313KB

MD5
c8d2fa3bfe509da0ab0f12f09c6e9fb5

SHA1
9cce08a2a75bd0b902655235182f33638019ec3b

SHA256
1126a6c66fff6d851821b24daa5e090ce53752b34d725779311766506e0f6d51

SHA512
5fd9341ffc455f9aa7e23d144a9534fe643976d718c2b1bfafaeab1d4477108a9bb5d5efd73de05994c41b09a10c7c13e07c2a2ec5da0fdc40b1a1eb3cb6b1bd

Download Submit
C:\Users\Admin\Downloads\Setup\packages\com.redgiant.vcredist-x64-2012.zip

Filesize
6.7MB

MD5
99e84fd3559704727402d65d44eb973e

SHA1
34f9932e6fde170952a2e6ce1d76c6734ed8c298

SHA256
6872a9bf479348f0bc6cf71178ead86b4e47168896647722fa8249f4fe258a68

SHA512
43881d421637c6e39809c5414170c398d6ca692e3fc062f171e7d98122567052d6fa2c1a0f2a978a562e72a3c967f49ea27b41000ed3484a508429fe4af582fb

Download Submit
C:\Users\Admin\Downloads\Setup\packages\net.maxon.magicbullet.locales.zip

Filesize
6.0MB

MD5
3c404548745330de8bbfaa381515db21

SHA1
416e7579ba5b565e32440a4a19f0f937c37b2b69

SHA256
bc3f4fea517982d2d4861a6c6124bbafb641322697f49568eb40b631364cdc2b

SHA512
af103c597ad2020324e5708acbfc8ecb8a64a4578bd0d8ee500fd7372f55484c84c4c82649bc4a3e135f5081abd76b0dafd22085c1b2d3158d0a7738040dfebf

Download Submit
C:\Users\Admin\Downloads\Setup\packages\net.maxon.mxcontentservice.zip

Filesize
26.9MB

MD5
26adf02773a9d6a3ff49ac7cbe595b49

SHA1
6b881628152f8013f303d64b6abd73dd60164d9e

SHA256
5810cd61a51c56e05b2875b92e00638fddcc50caec6a8488c63cfad2a6e72fa7

SHA512
4b3db5c3854bbc1379cddf258ff3a5c84036b6bb02583f407a894a7d7a001bd17c9d748e8cd236134e2cf27469637ca3e69fa57eaf3ceb6f1dfcff6593b91912

Download Submit