Overview

overview

10

Static

static

3

EzFN-Manager.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    40s
  • max time network
    39s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-en
  • resource tags

    arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    29-10-2024 14:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EzFN-Manager.exe

  • Size

    10.5MB

  • MD5

    e528490c86b7bbd42cee5eb2ec1dcaa0

  • SHA1

    758ea1f40317648d9c0eb6f3540158bdbc1860a4

  • SHA256

    a5b3e8a7c2cace998612199ffdfda738d3107ebafc810219c1a648467cefcb05

  • SHA512

    fce546b12944c6b08c016532a6f49fdb5d45412025de2600a59079f29323bb2732d756f802999a3fb46e84e52dd93c1c2acdde59a9feaf102546455976f41863

  • SSDEEP

    196608:HxmZUWfcvgWCpS1rpAcfBSOfMJiNbguUhFk7668rH55oHG:HwG0WCyrpAcfzf9bgT4xc5+G

Score
10/10
warzoneratdefense_evasiondiscoveryexecutioninfostealerpersistencerat

Malware Config

Signatures

  • WarzoneRat, AveMaria

    WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

    ratinfostealerwarzonerat
  • Warzonerat family
    warzonerat
  • Warzone RAT payload 1 IoCs
    rat
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Downloads MZ/PE file
  • Executes dropped EXE 6 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 52 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\EzFN-Manager.exe
    "C:\Users\Admin\AppData\Local\Temp\EzFN-Manager.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4128
    • C:\Users\Admin\AppData\Roaming\EzFN-Manager.exe
      "C:\Users\Admin\AppData\Roaming\EzFN-Manager.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2408
      • C:\Windows\system32\attrib.exe
        attrib +h +s C:\Users\Admin\AppData\Roaming\EzFN-Manager.exe
        3⤵
        • Views/modifies file attributes
        PID:5112
    • C:\Users\Admin\AppData\Roaming\WinRAR.exe
      "C:\Users\Admin\AppData\Roaming\WinRAR.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3840
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell Add-MpPreference -ExclusionPath C:\
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4084
      • C:\Users\Admin\Documents\WinRAR.exe
        "C:\Users\Admin\Documents\WinRAR.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2064
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell Add-MpPreference -ExclusionPath C:\
          4⤵
          • Command and Scripting Interpreter: PowerShell
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1368
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe"
          4⤵
          • System Location Discovery: System Language Discovery
          PID:3200
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3148
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3606cc40,0x7fff3606cc4c,0x7fff3606cc58
      2⤵
        PID:4492
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1784,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1780 /prefetch:2
        2⤵
          PID:2868
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2140 /prefetch:3
          2⤵
            PID:2856
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2200 /prefetch:8
            2⤵
              PID:3736
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3096,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3236 /prefetch:1
              2⤵
                PID:2936
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3388 /prefetch:1
                2⤵
                  PID:2204
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3624,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4420 /prefetch:1
                  2⤵
                    PID:444
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4620,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4576 /prefetch:8
                    2⤵
                      PID:2812
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4712,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4724 /prefetch:8
                      2⤵
                        PID:4148
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4656,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4632 /prefetch:8
                        2⤵
                          PID:4732
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4584,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4872 /prefetch:8
                          2⤵
                            PID:2004
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4748,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4988 /prefetch:1
                            2⤵
                              PID:3408
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4964,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4996 /prefetch:1
                              2⤵
                                PID:1544
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5232,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5260 /prefetch:8
                                2⤵
                                  PID:4412
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5248,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5272 /prefetch:8
                                  2⤵
                                    PID:4340
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5460,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5472 /prefetch:8
                                    2⤵
                                      PID:4312
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,17225806954207822301,16576900420068658954,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5444 /prefetch:8
                                      2⤵
                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                      • NTFS ADS
                                      PID:772
                                    • C:\Users\Admin\Downloads\EzFN-Manager.exe
                                      "C:\Users\Admin\Downloads\EzFN-Manager.exe"
                                      2⤵
                                      • Executes dropped EXE
                                      PID:3524
                                      • C:\Users\Admin\AppData\Roaming\EzFN-Manager.exe
                                        "C:\Users\Admin\AppData\Roaming\EzFN-Manager.exe"
                                        3⤵
                                        • Executes dropped EXE
                                        • Adds Run key to start application
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:5008
                                        • C:\Windows\system32\attrib.exe
                                          attrib +h +s C:\Users\Admin\AppData\Roaming\EzFN-Manager.exe
                                          4⤵
                                          • Views/modifies file attributes
                                          PID:1516
                                      • C:\Users\Admin\AppData\Roaming\WinRAR.exe
                                        "C:\Users\Admin\AppData\Roaming\WinRAR.exe"
                                        3⤵
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        PID:1880
                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                    1⤵
                                      PID:3820
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                      1⤵
                                        PID:1188

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                        Filesize

                                        1KB

                                        MD5

                                        0c38ea8b29a842352f6f06f7050fc6f9

                                        SHA1

                                        dc6013a2416d628a3431088e55ccadf038397d70

                                        SHA256

                                        21198758cabf8925f3ef3f2e39183ad9172dab9933dca8e3d7f3cb3f419b3599

                                        SHA512

                                        6eaf0ef858dc20e1566d34c4c9cc5343be5c5240a820d4ce2a76a705937eaefb716cacc1355e2bd45b0eecdfcc317821c6636bb4ccb3f6b1908255f6f36b3daf

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                        Filesize

                                        1KB

                                        MD5

                                        3b6b9ea6dbd832ef292e51b2d0d63aed

                                        SHA1

                                        a917f9cef5f44d139205a0fd60f634c0de3af7e6

                                        SHA256

                                        eb739577d4018337f6dd045206d65283772c7fab2682a6b72657d67f8891fc94

                                        SHA512

                                        85349ad224fcccbe60a36ad696b98a182414f4a162619d2e6d229ff1899739828ba102d858d071e9ad3d33a912d47e6c263b883eabffc7f52e019e0254a2c1a0

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                        Filesize

                                        8KB

                                        MD5

                                        8aa21cc690ae7f1ff3ba3c1606c31f91

                                        SHA1

                                        495fdecdc8ddf173b95d3dbeb2da8bdb943cf53e

                                        SHA256

                                        c97062e880a838f5a41dfc9ee9cb1da007194bf2f8e07b9c2691723af0fdeee0

                                        SHA512

                                        56bbb313eccb558f4ec97ec69ad5ca54823a04467c9efdcbacc4cd172b1bc0af8e423e78a493e844f51fd755612d36cfa0b98ee03ebe06d848570c7392ba5af0

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                        Filesize

                                        8KB

                                        MD5

                                        b1524616d910c27aacd12d77792bfa9d

                                        SHA1

                                        81d6cbaabf36898e057699872a8c6daf4a237e0a

                                        SHA256

                                        5cce105836d57fefd0fad4e988b5b8d1ad663df4ab8ba33b077308e601da6113

                                        SHA512

                                        4b9b7766fc404fe9119c7d451f87ded19e73480c29c5eda1c24ffa73ace90c8c33bda1daa8fe4250d7f4b0b5ac900a8092994b28a17c62bc4056fda43d76c438

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                        Filesize

                                        15KB

                                        MD5

                                        b938a1e1b7f55af721fed3f60a5daabe

                                        SHA1

                                        8c492be320e4b803d14c58371d48cc93f7ae369e

                                        SHA256

                                        d12177a142aee2b0ef747f040489cc51f4d064cc61b11beda42e1bdafc6d6106

                                        SHA512

                                        2304f4204176788772ec9784a88b5f7b1b3cb545cf35c6d1f38d81ec3a72056edc17cbc1c9317f8e5fd86dab8c686f5c1860c62aa9874e05d4ec1d54290a1081

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                        Filesize

                                        234KB

                                        MD5

                                        40b1118090f7fab08a721dc2f5748428

                                        SHA1

                                        d299564b762e4e61e44cd15e0d1e6e308f875f4b

                                        SHA256

                                        4bf07c84096ad4f0b658d11aefa96db532b8dfe5fa3ce4df3d5c5309bfaf98ba

                                        SHA512

                                        af2452131519136c22f5c5ea6ae9184c1afcf749524862e74fa355eea5d935474161abdd92ce9f27ac630421b6dde5a4dd516b6042c5c6142244f4415033acac

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                        Filesize

                                        234KB

                                        MD5

                                        7da31dfb0879448db9b47f27537a11fe

                                        SHA1

                                        059ec8d2cf6096f5fbed3065d93b46e84c10f280

                                        SHA256

                                        56755405469695ef7d6b3f535c72a016bd07a13709b758bf8c3a09dc874c268b

                                        SHA512

                                        67f24c6afeaacb93bed106d19c612ef704f8a0ecfdb7432d42d33b74b923235feb09067478b21de7e92e362595158aa851eb72dbb3d8ec5ced7240417582034b

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\EzFN-Manager.exe.log
                                        Filesize

                                        654B

                                        MD5

                                        2cbbb74b7da1f720b48ed31085cbd5b8

                                        SHA1

                                        79caa9a3ea8abe1b9c4326c3633da64a5f724964

                                        SHA256

                                        e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3

                                        SHA512

                                        ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                                        Filesize

                                        2KB

                                        MD5

                                        d0c46cad6c0778401e21910bd6b56b70

                                        SHA1

                                        7be418951ea96326aca445b8dfe449b2bfa0dca6

                                        SHA256

                                        9600b3fdf0565ccb49e21656aa4b24d7c18f776bfd04d9ee984b134707550f02

                                        SHA512

                                        057531b468f7fbbb2175a696a8aab274dec0d17d9f71df309edcff35e064f3378050066a3df47ccd03048fac461594ec75e3d4fe64f9dd79949d129f51e02949

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                        Filesize

                                        18KB

                                        MD5

                                        27030088a92b702e2742b638d7d5dfa6

                                        SHA1

                                        cb3da24b3d08537b617583adf2907bb219a27339

                                        SHA256

                                        8196e495e2e5883c716257d64a0e79ca5c2227341b90a0d656e1a480bef75b7a

                                        SHA512

                                        aaf6e70c38522006d9f4d72d52ccd0c63ac06d6aa980d44d23ba05c0459909910c037b822e15751879e6305932e426075ff2a40210a39836466044de7d8e3314

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xwxykf02.5t3.ps1
                                        Filesize

                                        60B

                                        MD5

                                        d17fe0a3f47be24a6453e9ef58c94641

                                        SHA1

                                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                        SHA256

                                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                        SHA512

                                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\EzFN-Manager.exe
                                        Filesize

                                        10.1MB

                                        MD5

                                        d4c5f25a960ba6c7eb5675d7eb5df4a0

                                        SHA1

                                        869d36d2c06b0874f55fccf792ea490a03b3e524

                                        SHA256

                                        bb7435286298b5443ec5e7dc0c30510eb54e0fb22bd593f81974a0bf269139c6

                                        SHA512

                                        340b2c705be89097ab88ab3514c6472d63650c02538ef1d856a76cdb9efc897c0377f8ba23bc176163556fbc31ad60717789d3d12601798c13f83ecbe8500c15

                                        Download Submit

                                      • C:\Users\Admin\AppData\Roaming\WinRAR.exe
                                        Filesize

                                        297KB

                                        MD5

                                        e54a181f1e94dfd3e427d06c32138874

                                        SHA1

                                        1a2fd8e795c9f613a25f24eb0399b629764a8f99

                                        SHA256

                                        b9052c2cbcc38384b96e82de54a76dc0efc8b7219ebe5a35f876e1cd45c13cc5

                                        SHA512

                                        8e51787a79e7c29204eef823ab1baab05aea5e1e792ad62171e0f86d2c6b005a2eda94833a53b2dab21c74593799826e22dae9834bc0b57a6f551ddcdb84efff

                                        Download Submit

                                      • C:\Users\Admin\Downloads\EzFN-Manager.exe:Zone.Identifier
                                        Filesize

                                        26B

                                        MD5

                                        fbccf14d504b7b2dbcb5a5bda75bd93b

                                        SHA1

                                        d59fc84cdd5217c6cf74785703655f78da6b582b

                                        SHA256

                                        eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                        SHA512

                                        aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                        Download Submit

                                      • C:\Users\Admin\Downloads\Unconfirmed 186416.crdownload
                                        Filesize

                                        10.5MB

                                        MD5

                                        e528490c86b7bbd42cee5eb2ec1dcaa0

                                        SHA1

                                        758ea1f40317648d9c0eb6f3540158bdbc1860a4

                                        SHA256

                                        a5b3e8a7c2cace998612199ffdfda738d3107ebafc810219c1a648467cefcb05

                                        SHA512

                                        fce546b12944c6b08c016532a6f49fdb5d45412025de2600a59079f29323bb2732d756f802999a3fb46e84e52dd93c1c2acdde59a9feaf102546455976f41863

                                        Download Submit

                                      • \??\pipe\crashpad_3148_LEIPQATPEUVOMOMZ
                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                        Download Submit

                                      • memory/1368-73-0x00000000700D0000-0x000000007011C000-memory.dmp

                                        Filesize

                                        304KB

                                        Download

                                      • memory/1368-63-0x0000000006310000-0x0000000006667000-memory.dmp

                                        Filesize

                                        3.3MB

                                        Download

                                      • memory/3200-83-0x0000000001120000-0x0000000001121000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4084-32-0x0000000005C10000-0x0000000005F67000-memory.dmp

                                        Filesize

                                        3.3MB

                                        Download

                                      • memory/4084-45-0x0000000007240000-0x000000000725E000-memory.dmp

                                        Filesize

                                        120KB

                                        Download

                                      • memory/4084-56-0x00000000075F0000-0x00000000075FE000-memory.dmp

                                        Filesize

                                        56KB

                                        Download

                                      • memory/4084-57-0x0000000007600000-0x0000000007615000-memory.dmp

                                        Filesize

                                        84KB

                                        Download

                                      • memory/4084-58-0x0000000007700000-0x000000000771A000-memory.dmp

                                        Filesize

                                        104KB

                                        Download

                                      • memory/4084-59-0x00000000076F0000-0x00000000076F8000-memory.dmp

                                        Filesize

                                        32KB

                                        Download

                                      • memory/4084-50-0x0000000007640000-0x00000000076D6000-memory.dmp

                                        Filesize

                                        600KB

                                        Download

                                      • memory/4084-49-0x0000000007430000-0x000000000743A000-memory.dmp

                                        Filesize

                                        40KB

                                        Download

                                      • memory/4084-48-0x00000000073B0000-0x00000000073CA000-memory.dmp

                                        Filesize

                                        104KB

                                        Download

                                      • memory/4084-47-0x00000000079F0000-0x000000000806A000-memory.dmp

                                        Filesize

                                        6.5MB

                                        Download

                                      • memory/4084-46-0x0000000007270000-0x0000000007314000-memory.dmp

                                        Filesize

                                        656KB

                                        Download

                                      • memory/4084-51-0x00000000075C0000-0x00000000075D1000-memory.dmp

                                        Filesize

                                        68KB

                                        Download

                                      • memory/4084-36-0x00000000700D0000-0x000000007011C000-memory.dmp

                                        Filesize

                                        304KB

                                        Download

                                      • memory/4084-35-0x0000000006650000-0x0000000006684000-memory.dmp

                                        Filesize

                                        208KB

                                        Download

                                      • memory/4084-34-0x00000000060B0000-0x00000000060FC000-memory.dmp

                                        Filesize

                                        304KB

                                        Download

                                      • memory/4084-33-0x0000000006070000-0x000000000608E000-memory.dmp

                                        Filesize

                                        120KB

                                        Download

                                      • memory/4084-19-0x0000000004BA0000-0x0000000004BD6000-memory.dmp

                                        Filesize

                                        216KB

                                        Download

                                      • memory/4084-23-0x0000000005A20000-0x0000000005A86000-memory.dmp

                                        Filesize

                                        408KB

                                        Download

                                      • memory/4084-22-0x00000000059B0000-0x0000000005A16000-memory.dmp

                                        Filesize

                                        408KB

                                        Download

                                      • memory/4084-21-0x00000000051B0000-0x00000000051D2000-memory.dmp

                                        Filesize

                                        136KB

                                        Download

                                      • memory/4084-20-0x0000000005290000-0x00000000058BA000-memory.dmp

                                        Filesize

                                        6.2MB

                                        Download

                                      • memory/4128-0-0x00007FFF241A3000-0x00007FFF241A5000-memory.dmp

                                        Filesize

                                        8KB

                                        Download

                                      • memory/4128-1-0x0000000000380000-0x0000000000E0A000-memory.dmp

                                        Filesize

                                        10.5MB

                                        Download