zloader | 9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
Size

70.4MB
MD5

c603abdef890ec42355b158561aa3381
SHA1

ae0aaa9c8c8665aab09a088ca5cbe42e148ef358
SHA256

9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a
SHA512

40bde2aa5276e00de312d932698cb11ca6604f4d972bca0c653cce67dcc45ba32b4900a1d88bfdba49125ad43c49f7c46cc572370d727993afd810e92c4b0edd
SSDEEP

1572864:+uOdWa6wr7n17jdvIgVWL8ro+f3WUD+y1CxvmkOHFbPwk0iNFByzAK:x+WaPrrvwL95I+wCx0l4k8

Score

10^/10

zloader botnet discovery trojan

Malware Config

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Beaker Browser.exeBeaker Browser.exeBeaker Browser.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	Beaker Browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	Beaker Browser.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Control Panel\International\Geo\Nation	Beaker Browser.exe

Executes dropped EXE 7 IoCs

Processes:

Beaker Browser.exeBeaker Browser.exeBeaker Browser.exeBeaker Browser.exeBeaker Browser.exeBeaker Browser.exeBeaker Browser.exe

pid	process
212	Beaker Browser.exe
1812	Beaker Browser.exe
1868	Beaker Browser.exe
4160	Beaker Browser.exe
1772	Beaker Browser.exe
3184	Beaker Browser.exe
3828	Beaker Browser.exe

Loads dropped DLL 44 IoCs

Processes:

9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exeBeaker Browser.exeBeaker Browser.exeBeaker Browser.exeBeaker Browser.exeBeaker Browser.exeBeaker Browser.exeBeaker Browser.exe

pid	process
1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
212	Beaker Browser.exe
212	Beaker Browser.exe
212	Beaker Browser.exe
212	Beaker Browser.exe
212	Beaker Browser.exe
212	Beaker Browser.exe
212	Beaker Browser.exe
212	Beaker Browser.exe
212	Beaker Browser.exe
1812	Beaker Browser.exe
1812	Beaker Browser.exe
1812	Beaker Browser.exe
1812	Beaker Browser.exe
1812	Beaker Browser.exe
1868	Beaker Browser.exe
1868	Beaker Browser.exe
1868	Beaker Browser.exe
1868	Beaker Browser.exe
4160	Beaker Browser.exe
4160	Beaker Browser.exe
4160	Beaker Browser.exe
4160	Beaker Browser.exe
4160	Beaker Browser.exe
1868	Beaker Browser.exe
1868	Beaker Browser.exe
1772	Beaker Browser.exe
1772	Beaker Browser.exe
1772	Beaker Browser.exe
1772	Beaker Browser.exe
3184	Beaker Browser.exe
3184	Beaker Browser.exe
3184	Beaker Browser.exe
3184	Beaker Browser.exe
3828	Beaker Browser.exe
3828	Beaker Browser.exe
3828	Beaker Browser.exe
3828	Beaker Browser.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

Beaker Browser.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Beaker Browser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Beaker Browser.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Beaker Browser.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe

pid	process
1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe

Suspicious use of AdjustPrivilegeToken 43 IoCs

Processes:

9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exewmic.exe

description	pid	process
Token: SeSecurityPrivilege	1192	9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
Token: SeIncreaseQuotaPrivilege	1468	wmic.exe
Token: SeSecurityPrivilege	1468	wmic.exe
Token: SeTakeOwnershipPrivilege	1468	wmic.exe
Token: SeLoadDriverPrivilege	1468	wmic.exe
Token: SeSystemProfilePrivilege	1468	wmic.exe
Token: SeSystemtimePrivilege	1468	wmic.exe
Token: SeProfSingleProcessPrivilege	1468	wmic.exe
Token: SeIncBasePriorityPrivilege	1468	wmic.exe
Token: SeCreatePagefilePrivilege	1468	wmic.exe
Token: SeBackupPrivilege	1468	wmic.exe
Token: SeRestorePrivilege	1468	wmic.exe
Token: SeShutdownPrivilege	1468	wmic.exe
Token: SeDebugPrivilege	1468	wmic.exe
Token: SeSystemEnvironmentPrivilege	1468	wmic.exe
Token: SeRemoteShutdownPrivilege	1468	wmic.exe
Token: SeUndockPrivilege	1468	wmic.exe
Token: SeManageVolumePrivilege	1468	wmic.exe
Token: 33	1468	wmic.exe
Token: 34	1468	wmic.exe
Token: 35	1468	wmic.exe
Token: 36	1468	wmic.exe
Token: SeIncreaseQuotaPrivilege	1468	wmic.exe
Token: SeSecurityPrivilege	1468	wmic.exe
Token: SeTakeOwnershipPrivilege	1468	wmic.exe
Token: SeLoadDriverPrivilege	1468	wmic.exe
Token: SeSystemProfilePrivilege	1468	wmic.exe
Token: SeSystemtimePrivilege	1468	wmic.exe
Token: SeProfSingleProcessPrivilege	1468	wmic.exe
Token: SeIncBasePriorityPrivilege	1468	wmic.exe
Token: SeCreatePagefilePrivilege	1468	wmic.exe
Token: SeBackupPrivilege	1468	wmic.exe
Token: SeRestorePrivilege	1468	wmic.exe
Token: SeShutdownPrivilege	1468	wmic.exe
Token: SeDebugPrivilege	1468	wmic.exe
Token: SeSystemEnvironmentPrivilege	1468	wmic.exe
Token: SeRemoteShutdownPrivilege	1468	wmic.exe
Token: SeUndockPrivilege	1468	wmic.exe
Token: SeManageVolumePrivilege	1468	wmic.exe
Token: 33	1468	wmic.exe
Token: 34	1468	wmic.exe
Token: 35	1468	wmic.exe
Token: 36	1468	wmic.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Beaker Browser.exe

description	pid	process	target process
PID 212 wrote to memory of 1468	212	Beaker Browser.exe	wmic.exe
PID 212 wrote to memory of 1468	212	Beaker Browser.exe	wmic.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1812	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1868	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 1868	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe
PID 212 wrote to memory of 4160	212	Beaker Browser.exe	Beaker Browser.exe

C:\Users\Admin\AppData\Local\Temp\9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe
"C:\Users\Admin\AppData\Local\Temp\9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1192

C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe
"C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:212
- C:\Windows\System32\Wbem\wmic.exe
  wmic os get locale
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1468
- C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe" --type=gpu-process --enable-features=FixAltGraph --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=8B11E195FFD1869F5EB697EA7E1911C1 --mojo-platform-channel-handle=1488 --ignored=" --type=renderer " /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1812
- C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe" --type=renderer --enable-features=FixAltGraph --service-pipe-token=DF1C1E992A69971EDC773F421F868487 --lang=en-US --standard-schemes=dat,beaker,beaker-hidden-window --secure-schemes=dat,beaker,beaker-hidden-window --app-path="C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar" --node-integration=true --webview-tag=true --no-sandbox --background-color=#fff --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=DF1C1E992A69971EDC773F421F868487 --renderer-client-id=4 --mojo-platform-channel-handle=2112 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1868
- C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe" --type=gpu-process --enable-features=FixAltGraph --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --use-gl=swiftshader-webgl --service-request-channel-token=69AEBAE9200903EA8850CB499EB3DC40 --mojo-platform-channel-handle=2396 --ignored=" --type=renderer " /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4160
- C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe" --type=renderer --enable-features=FixAltGraph --disable-gpu-compositing --service-pipe-token=E080D5C380AA542F160DE180B10FBCEF --lang=en-US --standard-schemes=dat,beaker,beaker-hidden-window --secure-schemes=dat,beaker,beaker-hidden-window --register-service-worker-schemes=dat --app-path="C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar" --node-integration=true --webview-tag=true --enable-sandbox --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar\shell-window.build.js" --background-color=#ddd --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=E080D5C380AA542F160DE180B10FBCEF --renderer-client-id=7 --mojo-platform-channel-handle=2436 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1772
- C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe" --type=renderer --enable-features=FixAltGraph --disable-gpu-compositing --service-pipe-token=65CC6F901EC0D4C770AA9CFA0E051788 --lang=en-US --standard-schemes=dat,beaker,beaker-hidden-window --secure-schemes=dat,beaker,beaker-hidden-window --register-service-worker-schemes=dat --app-path="C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar" --node-integration=false --webview-tag=true --enable-sandbox --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar\webview-preload.build.js" --background-color=#fff --guest-instance-id=1 --enable-blink-features --disable-blink-features --hidden-page --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=65CC6F901EC0D4C770AA9CFA0E051788 --renderer-client-id=8 --mojo-platform-channel-handle=2752 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3184
- C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe
  "C:\Users\Admin\AppData\Local\Programs\beaker-browser\Beaker Browser.exe" --type=renderer --enable-features=FixAltGraph --disable-gpu-compositing --service-pipe-token=45C25388F3B833AD618AFD76ECBCBF37 --lang=en-US --standard-schemes=dat,beaker,beaker-hidden-window --secure-schemes=dat,beaker,beaker-hidden-window --register-service-worker-schemes=dat --app-path="C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar" --node-integration=false --webview-tag=true --enable-sandbox --native-window-open --preload="C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar\webview-preload.build.js" --background-color=#fff --guest-instance-id=1 --enable-blink-features --disable-blink-features --hidden-page --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-compositor-image-animations --service-request-channel-token=45C25388F3B833AD618AFD76ECBCBF37 --renderer-client-id=9 --mojo-platform-channel-handle=2736 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\beaker-browser\blink_image_resources_200_percent.pak

Filesize
4KB

MD5
9224336777238d8e7280611d30996f10

SHA1
8abe74c0ded180a42144efa1d32e2686f133f47a

SHA256
0ae299034fef86349a5b379d8c3c9db84bba725487e665102791701b24ba855d

SHA512
266eb89253786678ca0f66cfd84b81d54b81847e5064313dacdde4b62d8deb6a2d56c391cfd776aaa21de81dbdd024b7bbbd86883ac17389fae3467e5558c139

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\content_resources_200_percent.pak

Filesize
18B

MD5
65f69bd2d8b6458d3ecf77d84d70dc1c

SHA1
679bdfb03cbaa594ace5af4340a061ddc514309d

SHA256
ca73097bd968b363b7145e86b64f3c595e533808b0763dc8863a27fc363cfa51

SHA512
39f2728a1898bc9406516fa737c58c349e3bd7f779276a2f6679b3e3f0db43f956e03ad25e5d9bf4b07b19909febcc6c0560f71ab4f4fa6b5dd1f021ef742c60

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\content_shell.pak

Filesize
7.1MB

MD5
ab9992f3bef24d6ffd8e76ce56f96de5

SHA1
531cc9767c3d3b4a342516e97326b859b3b3ea5a

SHA256
8818e8af6a3475e6bb6ebbd9d69bbac67fc156eca73840125987c1e9f9f2c92a

SHA512
3570882596b5ffef77da8758287a997504664a07926bd639cf01b2ad35e8fbd0ab00de669cf87269a241e073a2038f9f369e8f76d04282c7fe894956b57eb888

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\d3dcompiler_47.dll

Filesize
4.0MB

MD5
b0ae3aa9dd1ebd60bdf51cb94834cd04

SHA1
ee2f5726ac140fb42d17aba033d678afaf8c39c1

SHA256
e994847e01a6f1e4cbdc5a864616ac262f67ee4f14db194984661a8d927ab7f4

SHA512
756ebf4fa49029d4343d1bdb86ea71b2d49e20ada6370fd7582515455635c73d37ad0dbdeef456a10ab353a12412ba827ca4d70080743c86c3b42fa0a3152aa3

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\ffmpeg.dll

Filesize
1.7MB

MD5
a3d256877901c315892685d06f9c9e75

SHA1
3d114fb5edb952986009d8f485f7a0725a4a0d2f

SHA256
2b3d220bd1ec00f21c1ef67320458e1f0e40203d36b777ec14b773ab4647e7eb

SHA512
c1e45d2f2c27e792786809d097a5678c8290cfed330b9c014a7bb7d6486cde01274e5e57f219e4a32a86722051cdd1c18cf7b460b21271a40689fd2a5b40bc96

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\icudtl.dat

Filesize
9.7MB

MD5
62ce282dfe0ab8f2a35a529faeb61ac2

SHA1
c35d6e4db540518263214697f589c54faac87533

SHA256
c3b6588446b4a48e36dc135f9920ad246f5c84fe59c634b4225b009dd1dace13

SHA512
a773bf66fcb9a12c1d8f3a760724c8438c7f240617b8099e4e2af979b84676892dbcaa866ca2fad59d2e56493ec3f96f0874e4e6e7fe7ca25e22ea2606e9a853

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\locales\en-US.pak

Filesize
3KB

MD5
538cc1045845fdbca65a588834b81429

SHA1
fa00b84700d909cc60360fb4e86656b478de7285

SHA256
a7a88ba80019f84745d9daab0d35b0c2a8d8c1c2d4b019393eb0c2fed25bb1e7

SHA512
b06549b9b2f6fa7d00f0a367ff6929ba2f2e1e9cdee3f66fde64f38721433794ad638fb93520e9645d3675c5f9bb19c2f5fce91f6c26a1dce43a7517870f7379

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\msvcp140.dll

Filesize
626KB

MD5
d396985225d85caa7d743d67c7da6316

SHA1
915d5829ed02171684c2a9e8b3b57f7a35bc1e2c

SHA256
be2ef4f6d540d0ac5fddd556dcb6bfaf6cb6288679e4d64882d625ff35f173aa

SHA512
d7b0df2865bf491c9caf34cbabefb7b7f04b35b85276a59fef0499d02b09651d8f6d0db9e87df4a9a1417f07784a8e5625e9805bc434b87d64e442ab98e24075

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\natives_blob.bin

Filesize
170KB

MD5
7f20917d39abdc8ccac48f8cce93bf09

SHA1
93c804ac74ce32c17538f04d175f775550946826

SHA256
a23d9b8422322157c7900b2cc35bf9a8129c08e4b9807dae26f412981b9c1b78

SHA512
183c4d606af1bc57a5d958d4ff34d9633a23493d18317544e8dd4b05dff010fce249d4ceee646b8f14c9367f509890292df1cd85957a0d2a0ea9f82045559f34

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\node.dll

Filesize
17.7MB

MD5
18fc37c302204fec082b5e261b75d07e

SHA1
5703f1df048d94230540b7204aa88d6f7b6102cd

SHA256
f3a6da8ffb2aba7028195fb2118d8e17c9890bbd29a3e36ea968f5c789633f9d

SHA512
4ddc2ba0b1887db1c92db302d3551ab9d6cb043a1ebe14fb1461ff020dfe541ff2d6853653128c325b91358a5f51be2242a342479750037d53dd70181ff03299

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\index.js

Filesize
75B

MD5
8e2a6819658724049c5a3ff67442fe52

SHA1
9b8ce84232ae75781dbcc272af3b611ab783e9e0

SHA256
ad69f6d46abb8085e63949b7ca2fb718d310065abfccbf0ef19a6b186c64d419

SHA512
06c7693c4b089880ca31f3b32f7bce6ccceab02965c0b45a3544f186eeb12e23f0ae776ba11f882d8f2c928068b94cf1d7892ea3014500f1831a2e46590cadac

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\libsodium\builds\msvc\vs2013\libsodium.import.props

Filesize
2KB

MD5
8f8333fddf38e2b9fdf806655d101dda

SHA1
88ba84931a39d28368dc1252d6251d9a4d06b15d

SHA256
9267d420248d20ddbf3a4a8a12d811beae00eedd3bbda614b95ca9cd41ab5c97

SHA512
7467ae8fba5af780c4780c2447de04726e9acef2007dba2d2f1e20bd3101fad97bcc1880027a0b9d395842bf7613781c5e7c17642ecfe94050eb305e1c325a0a

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\libsodium\builds\msvc\vs2013\libsodium.import.xml

Filesize
985B

MD5
61eebf52e30f0cc6b9cf2d783d4212dd

SHA1
a5fb8431f3ba73a93560cddb8b1c5f65bc1cf84d

SHA256
4dd7712abb4dc10f58c2c197b2a04a0c11f4de626ce03c09cb12661e32747141

SHA512
636199cf01e5d3f0317b87225cb87d2887a76dd37be2897844d8ea8319e4cf5822ef5d9bc397f1dec1852cf44af58a24d6b0595d5d52d1d463778ea188f6dc29

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\libsodium\builds\msvc\vs2013\libsodium\libsodium.props

Filesize
2KB

MD5
8e9fe47d6542964b2011483139507032

SHA1
211e5f8aed314c901a2e7bd46afa168aad528f21

SHA256
5020bc00bc118af8bcabf7cbeb7bee2a1690685b2dc94347dc9ae5eb0c0df75b

SHA512
e2f35def2687e9dac10af20adfcb82a6848a9c7f7e69d83f2bd6cd9c7c32d68107cb8b0fbe936385066aedc397c56d9922452b425857fc6bf838b0cc9dbd07b1

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\libsodium\builds\msvc\vs2013\libsodium\libsodium.vcxproj.filters

Filesize
49KB

MD5
5d1efcdd569ae75173b7df874bdbe9fe

SHA1
89588b8efe768fb13ca793f9be5cdb91e5b13eb0

SHA256
b366bc7d1e963f6b9fd3f9b9fcacf522cea77d467b839bb0d8901505489f31e7

SHA512
c58d0d34d0f85f8cf6b0a85dcef91116bd83ae7ab3f48443f7f3cc9e3625e8bb79d395802a257977f79fb8b3cae5b5e85105f82692fa8c1f4cee024ad23f5e8c

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\libsodium\builds\msvc\vs2013\libsodium\libsodium.xml

Filesize
783B

MD5
1dce04907b90f1477f2b93f1555dc0b5

SHA1
1561ccd77a1ab8c37cc5df76c516c72ffcdf17e9

SHA256
17cf99c2a9bb0bee2f721c9dce79208d55ec02ec570daf51902c7788e13077a9

SHA512
a0b27952ff8bb2d78898122fec3a6343bf750c484c2f815d6cb41981ef12a52e8b00c56fa1d7b63c47b36d20b0252ca89e213f2043a26813485ab0d4f7648ed2

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\libsodium\libsodium.vcxproj

Filesize
37KB

MD5
733ed4c6ca8ebf6b403fbe4eb85e08e8

SHA1
a254b06944d19ce472be16df080158d4aff7cdd4

SHA256
7aebe6e2696abbe8afa6099ff61011582adfa866a2ac4c7d4efd2b8f64401a05

SHA512
37de65f4a2028743d5edac4ebf6732d50fbaf858e5373fdf3bd3083a96da158e23b38bc183b7068c4aee91cb80b7fcc53a7eabfbe8009fb09f25f773ba159f58

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\libsodium\packaging\dotnet-core\recipes\ubuntu-x64

Filesize
97B

MD5
1c070f14ae4ad85b643147c31a0e56b5

SHA1
025665b6f2b676f13852009c2bd3b557002aa24b

SHA256
10e0fbad6e88c3b793d60e68a3ade959574d43efc483263f02d8c90e497e79a1

SHA512
9bfe298fcacec99cc26e2fe98d480257f2ddcedc40012beca1a4d2cdd7981a779435a7ff687d7042e302ec151afc4539ec7e6442fed191f1f91d85ac8ec86b47

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\libsodium\test\default\auth3.exp

Filesize
2B

MD5
897316929176464ebc9ad085f31e7284

SHA1
09d2af8dd22201dd8d48e5dcfcaed281ff9422c7

SHA256
9a271f2a916b0b6ee6cecb2426f0b3206ef074578be55d9bc94f6f3fe3ab86aa

SHA512
a546d1300f49037a465ecec8bc1ebd07d57015a5ff1abfa1c94da9b30576933fb68e3898ff764d4de6e6741da822a7c93adc6e845806a266a63aa14c8bb09ebb

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\libsodium\test\default\box.exp

Filesize
1KB

MD5
a83d045e071c8d7d3f6d2056a30a111e

SHA1
dd08bafbcd33518f3b19dd3334486a293fcf63ea

SHA256
aff23c0aa430ab59eeb19af114f5fdafe7479e674af4e431f1ffa55a0f79ef2d

SHA512
0c64d51eba9bde64d7d19c0e9c59168775e7572584a11e575890110e9806cf0b55882010040d88733db30b5c4fd2eb474d909c5e264df834ee897b369a7b1110

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\libsodium\test\default\core5.exp

Filesize
164B

MD5
7f73016e0f360c41825724156b40a310

SHA1
af9172d57f83c55f058b8ff535183604aeaa44c3

SHA256
88d3018805b5aa6a75343cbf86cc35a8c53d773f5b631392f98ef00435fd1e71

SHA512
ecb5ab456ae2b565f4642573450bf17d8dc7a1b79faa814d52d4626ff4430278ae69341a6a5905698084d38baef4f2e57754f01ff0324027619d28248e442191

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\libsodium\test\default\hash2.exp

Filesize
129B

MD5
c60f4976e2c5bb44a906a4b398c4bd0e

SHA1
8d94584ad1a945e381af0fc1aede7847dce8be8e

SHA256
2ed2a4c13df8bae775d18684a2477f12eb1d76e79aa0aad9f44b3fdb1b2277e2

SHA512
e64edd696799c16332dd3ee1bb6f0b20fa46cd477dad401848a2eeffc1d4a07fc533fc60733d70e7799130fa56988b24223454bf25a70780e8d08a158f130fd9

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\libsodium\test\default\metamorphic.exp

Filesize
3B

MD5
d36f8f9425c4a8000ad9c4a97185aca5

SHA1
09fb654c17cc05b11ef53bd35aa701f6d550e8e1

SHA256
a12b7cb43c9d9134b5bb1b35e9096b66775d9e92e7611d1cc92b02edd6782a87

SHA512
1ac2864063a612b045c2120602b2a88994ae9500021788f0755928f4a4c0a206a035c806facb3470e7186a117105ed8a63d18d9143d0cb11ea0969f374e82655

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\libsodium\test\default\scalarmult5.exp

Filesize
164B

MD5
3f58fb00855c932d93b891d3a52ea4af

SHA1
eee3fcd922512a1e24c31c45a2cb64335b0eee13

SHA256
a1f19397317e98aeaaae853734127522a9bdbd96c95445acdf974b07f94711fc

SHA512
bfe26001d780566de51bb518aa256f5bccf15cba02b9a6d6777c74b9360a60ec431e8f456f4ee20e290a0008a18add54b0ee64367a6e72ba8dcda0958598e81f

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\package.json

Filesize
634B

MD5
420ab672eb45dd73e12efbf2072f5cd1

SHA1
4140ed46c0ceae4dd9d28f4f36aed2b796a1616b

SHA256
4463256d7457a7f0ab50df1e14ad585ac6596eb597a89af0562fd33ec57f3c75

SHA512
29a5f3c6eaff15d1d384621840c88b0fab56e025b1bcbbc51da608c83030fbc6bb3fb085d2f9c09c2c469aae383c930be622d0e847af288bb8860049b0abb32f

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\prebuilds\win32-x64\electron-64.node

Filesize
288KB

MD5
b98a03c5dcd1a902355369ca9efe88b0

SHA1
2f8d9e970a3fc1e3dee7bddf9005df1565001932

SHA256
c32f0bdd6913831bc19aa1af2387878eedb13e47ff5f3c72f0128be82a6bc9dc

SHA512
7176d20c0995f2d443e4e996de4a172618dd14d1d1d2d77953b1792f00d3c9124b63cea2349c330ab890785a47e30981ef0496c3a9598dfd8b31592df1c3cea8

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\app.asar.unpacked\node_modules\sodium-native\prebuilds\win32-x64\libsodium.dll

Filesize
293KB

MD5
3c60f47c263c8a0871f74da86d268869

SHA1
ff6d5c67e6febb7e34f999f80681179a1f36e3f9

SHA256
cc3f65c6f5a647562fafe668c90ceece911bc9be9e99ac37616439a866a1cf3d

SHA512
cdfbd5a5023703f959b3c9448ea012b5928a7c8ed5befd15d7559356376dd9a374410a8ad010280ea7770519fe7178dad65c1165711c8d6ec29e852102674fba

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\resources\electron.asar

Filesize
256KB

MD5
b7bad86a92506aa7af9e66ca86ff2fab

SHA1
c0fcd1b819295558f537bde162b5c3013141f8f4

SHA256
e5a427c138a24f41ed422bd8c8ec2aa0cb84d7da25bfc745466efecb807b92e3

SHA512
d8a63edc7c18d48662cda9549fe4888ccfe221a6d22096e0c30696a4c77f029a70d4bd88006cb3f01edc3b58d10d0730bb23ea3a6a4feb57f10ab8e7a113d556

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\ui_resources_200_percent.pak

Filesize
109KB

MD5
4ae9c0016707a23548f9b55cb770ddc9

SHA1
323bbf97ba222d185eaa3a72c05d1b9b9c2da35d

SHA256
7242e4d5b41d3811c8ed068eb186ddac85a725555f841fbef8a82c13bd8c451c

SHA512
ae844b46150dec8a35fbc2e2463cc591f00c0e8ffba19efac0e89ab3693b430f9989ec62a19c70c1188657a58def4ea94b509451e79876c415dd1157b583e355

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\v8_context_snapshot.bin

Filesize
1.7MB

MD5
2b107954dc54bb94c564a6b32193b19b

SHA1
7b9b46b773e63e33ee5c4cff1c45786367dde04e

SHA256
b763f6eec75ef83c01274104f53d2d428effb84ae40fefca813323d44aa3d5da

SHA512
7d3bcff7bdbf536737ae75b36c9ebe14917d26574874e64eb402246c51335677037cd0fb75e39822abb81d5b55fb6542f54f81ce706851ff4ae69019745b0dbb

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\vcruntime140.dll

Filesize
85KB

MD5
9a53905892d9c9f3bf9d295c8b32e446

SHA1
2c5c56ff86fb1e827b2e0d479c529baea13eb561

SHA256
d58e3ff10fd96a22a8e6d2fd76146a282cc45ccfaf2301257e76e7c2771cbd41

SHA512
2dde975e15f95aa9310820cae009f2b04e26b7bafebb42d5822e3917017e4a37e17b0a71825f8f79f075abc1507d7d4d9202550fdd7a53ab54ac0fde4349fe2f

Download Submit
C:\Users\Admin\AppData\Local\Programs\beaker-browser\views_resources_200_percent.pak

Filesize
55KB

MD5
6246a3e0832895dde8ca8c3bfd798ca6

SHA1
14f48351d558d34c2a5f35617e34b772b95dd220

SHA256
222d401933e86d30fd5f8bccacf527020b2c395addf9c38e63c0df6f3e1c9ed5

SHA512
96627441e3907dda02d629101d327306ecb4ab9d87ad8e2aab6a8a6d5a5a6c5573774f6591c3d7f2a23a050e502b783654512bca764818af0121fe617d4b388e

Download Submit
C:\Users\Admin\AppData\Local\Temp\4d9bb994-fd44-49dd-8515-462f4465ea7f.tmp.node

Filesize
1.2MB

MD5
749dd8266b93415b162f6c14926c62af

SHA1
54515ccf7e99e65bf46a15d41560c9abb29e76c8

SHA256
3291be88bd810eb662183264854d71e18c1672e1eac97c9788d1cf20864d3c5f

SHA512
e8e428016665ccf6fe2807d16bca42bbb176f32c47a94e7b95ee413294a3f5b23b1e96d5b387591f17614ac29462ae2a09dd86f3d51c186a25a867a78d69fad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\d35e874e-8d16-45a8-a8df-2854ece36dc1.tmp.node

Filesize
483KB

MD5
49c8147e24e495a73f6644235e1367f1

SHA1
a7a44c431aed3db65133c62af097567fa202348f

SHA256
e74a7aba6b9b907af16140b23417067685364f5703ef9e6d866cecb17ba5df02

SHA512
967689af160680fa39a1135ad5dfa9ccebafbb5431d83502a24a1c216fa47eca941f9a18f491334fd8439e184753d30293559370370fd4a009f6a260186ea2e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\dfa9c27f-b6d2-4119-a35e-a81a5503b915.tmp.node

Filesize
199KB

MD5
d8fe84b018d92e8f4043be038dd64d33

SHA1
54a64366c2cd1b45b344930474db9712d8a89011

SHA256
853b30ec29e360a06038720c5526b05f9f4fee6a8e9e7b0ed12cdb86054f42c1

SHA512
7deb35043319bd0a09fd8acf3cd627ad6ee4e7a01104da10445aba91305c772a7cbef22c37e077f8044a15c60913ab23d8cac8560a1c8cbf72957f11d99f1302

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoDB2E.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoDB2E.tmp\StdUtils.dll

Filesize
101KB

MD5
33b4e69e7835e18b9437623367dd1787

SHA1
53afa03edaf931abdc2d828e5a2c89ad573d926c

SHA256
72d38ef115e71fc73dc5978987c583fc8c6b50ff12e4a5d30649a4d164a8b6ae

SHA512
ca890e785d1a0a7e0b4a748416fba417826ae66b46e600f407d4e795b444612a8b830f579f2cf5b6e051bea800604f34f8801cc3daf05c8d29ad05bcda454a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoDB2E.tmp\System.dll

Filesize
11KB

MD5
75ed96254fbf894e42058062b4b4f0d1

SHA1
996503f1383b49021eb3427bc28d13b5bbd11977

SHA256
a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7

SHA512
58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoDB2E.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoDB2E.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoDB2E.tmp\nsis7z.dll

Filesize
391KB

MD5
c6a070b3e68b292bb0efc9b26e85e9cc

SHA1
5a922b96eda6595a68fd0a9051236162ff2e2ada

SHA256
66ac8bd1f273a73e17a3f31d6add739d3cb0330a6417faeda11a9cae00b62d8b

SHA512
8eff8fc16f5bb574bd9483e3b217b67a8986e31497368c06fdaa3a1e93a40aee94a5b31729d01905157b0ae1e556a402f43cd29a4d30a0587e1ec334458a44e8

Download Submit
memory/212-1856-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download
memory/212-1841-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download
memory/1772-2057-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download
memory/1772-2100-0x000001DCAD720000-0x000001DCAD728000-memory.dmp

Filesize
32KB

Download
memory/1772-2101-0x000001DCAD900000-0x000001DCADA2A000-memory.dmp

Filesize
1.2MB

Download
memory/1772-2050-0x00007FFD0A860000-0x00007FFD0A861000-memory.dmp

Filesize
4KB

Download
memory/1772-2049-0x00007FFD0AC50000-0x00007FFD0AC51000-memory.dmp

Filesize
4KB

Download
memory/1772-2056-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download
memory/1812-1892-0x00007FFD0A3B0000-0x00007FFD0A3B1000-memory.dmp

Filesize
4KB

Download
memory/1812-1898-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download
memory/1812-1913-0x00000257678A0000-0x0000025767D12000-memory.dmp

Filesize
4.4MB

Download
memory/1812-1897-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download
memory/1868-1911-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download
memory/1868-1912-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download
memory/3184-2080-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download
memory/3184-2075-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download
memory/3184-2096-0x00000191ECCB0000-0x00000191ECCB8000-memory.dmp

Filesize
32KB

Download
memory/3184-2097-0x00000191ECF80000-0x00000191ED0AA000-memory.dmp

Filesize
1.2MB

Download
memory/3828-2079-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download
memory/3828-2081-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download
memory/3828-2103-0x00000183BBEC0000-0x00000183BBFEA000-memory.dmp

Filesize
1.2MB

Download
memory/3828-2102-0x00000183BBCA0000-0x00000183BBCA8000-memory.dmp

Filesize
32KB

Download
memory/4160-1922-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download
memory/4160-1925-0x0000028447DA0000-0x0000028448212000-memory.dmp

Filesize
4.4MB

Download
memory/4160-1923-0x00007FF6ED8E0000-0x00007FF6F1D29000-memory.dmp

Filesize
68.3MB

Download