Overview

overview

10

Static

static

3

ArdamaxKey...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-11-2024 17:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe

  • Size

    783KB

  • MD5

    e33af9e602cbb7ac3634c2608150dd18

  • SHA1

    8f6ec9bc137822bc1ddf439c35fedc3b847ce3fe

  • SHA256

    8c870eec48bc4ea1aca1f0c63c8a82aaadaf837f197708a7f0321238da8b6b75

  • SHA512

    2ae5003e64b525049535ebd5c42a9d1f6d76052cccaa623026758aabe5b1d1b5781ca91c727f3ecb9ac30b829b8ce56f11b177f220330c704915b19b37f8f418

  • SSDEEP

    12288:0E9uQlDTt8c/wtocu3HhGSrIilDhlPnRq/iI7UOvqF8dtbcZl36VBqWPH:FuqD2cYWzBGZohlE/zUD8/bgl2qW/

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Signatures

  • Ardamax

    A keylogger first seen in 2013.

    keyloggerstealerardamax
  • Ardamax family
    ardamax
  • Ardamax main executable 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe
    "C:\Users\Admin\AppData\Local\Temp\ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\SysWOW64\28463\DPBJ.exe
      "C:\Windows\system32\28463\DPBJ.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:3136
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd14d446f8,0x7ffd14d44708,0x7ffd14d44718
      2⤵
        PID:536
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
        2⤵
          PID:4788
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3772
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
          2⤵
            PID:3044
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
            2⤵
              PID:2624
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
              2⤵
                PID:4816
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
                2⤵
                  PID:3320
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
                  2⤵
                    PID:4316
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
                    2⤵
                      PID:540
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
                      2⤵
                        PID:5040
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
                        2⤵
                          PID:3920
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
                          2⤵
                            PID:688
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
                            2⤵
                              PID:4340
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
                              2⤵
                                PID:1552
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
                                2⤵
                                  PID:3048
                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1744
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
                                  2⤵
                                    PID:1616
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
                                    2⤵
                                      PID:2460
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
                                      2⤵
                                        PID:4544
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
                                        2⤵
                                          PID:2568
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
                                          2⤵
                                            PID:5188
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2464 /prefetch:8
                                            2⤵
                                              PID:5932
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
                                              2⤵
                                                PID:5952
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
                                                2⤵
                                                  PID:6040
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
                                                  2⤵
                                                    PID:6120
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
                                                    2⤵
                                                      PID:6132
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
                                                      2⤵
                                                        PID:3352
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
                                                        2⤵
                                                          PID:5724
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
                                                          2⤵
                                                            PID:2568
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1
                                                            2⤵
                                                              PID:5860
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
                                                              2⤵
                                                                PID:5628
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
                                                                2⤵
                                                                  PID:2416
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
                                                                  2⤵
                                                                    PID:4032
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6304 /prefetch:2
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:4468
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,17872856503765436118,18264145093692181781,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6756 /prefetch:8
                                                                    2⤵
                                                                      PID:5712
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:4852
                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                      1⤵
                                                                        PID:4340
                                                                      • C:\Windows\system32\taskmgr.exe
                                                                        "C:\Windows\system32\taskmgr.exe" /4
                                                                        1⤵
                                                                        • Checks SCSI registry key(s)
                                                                        • Checks processor information in registry
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        • Suspicious use of FindShellTrayWindow
                                                                        • Suspicious use of SendNotifyMessage
                                                                        PID:2144
                                                                      • C:\Windows\system32\AUDIODG.EXE
                                                                        C:\Windows\system32\AUDIODG.EXE 0x2f4 0x4b0
                                                                        1⤵
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:5892

                                                                      Network

                                                                      MITRE ATT&CK Enterprise v15

                                                                      Replay Monitor

                                                                      Loading Replay Monitor...

                                                                      Downloads

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        61cef8e38cd95bf003f5fdd1dc37dae1

                                                                        SHA1

                                                                        11f2f79ecb349344c143eea9a0fed41891a3467f

                                                                        SHA256

                                                                        ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

                                                                        SHA512

                                                                        6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        0a9dc42e4013fc47438e96d24beb8eff

                                                                        SHA1

                                                                        806ab26d7eae031a58484188a7eb1adab06457fc

                                                                        SHA256

                                                                        58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

                                                                        SHA512

                                                                        868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                        Filesize

                                                                        62KB

                                                                        MD5

                                                                        c813a1b87f1651d642cdcad5fca7a7d8

                                                                        SHA1

                                                                        0e6628997674a7dfbeb321b59a6e829d0c2f4478

                                                                        SHA256

                                                                        df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

                                                                        SHA512

                                                                        af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                        Filesize

                                                                        67KB

                                                                        MD5

                                                                        b275fa8d2d2d768231289d114f48e35f

                                                                        SHA1

                                                                        bb96003ff86bd9dedbd2976b1916d87ac6402073

                                                                        SHA256

                                                                        1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

                                                                        SHA512

                                                                        d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                        Filesize

                                                                        63KB

                                                                        MD5

                                                                        226541550a51911c375216f718493f65

                                                                        SHA1

                                                                        f6e608468401f9384cabdef45ca19e2afacc84bd

                                                                        SHA256

                                                                        caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

                                                                        SHA512

                                                                        2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                        Filesize

                                                                        19KB

                                                                        MD5

                                                                        1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

                                                                        SHA1

                                                                        6dd8803e59949c985d6a9df2f26c833041a5178c

                                                                        SHA256

                                                                        af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

                                                                        SHA512

                                                                        b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        8f02a593b1c7a0a1ea701c939a6d773f

                                                                        SHA1

                                                                        1f7f3b796268ca356acedec00a720bf69a295c31

                                                                        SHA256

                                                                        a12945acb07b1bb19a37e8b061df9fa9c6d53586fd840d3468efd29b36f2eacc

                                                                        SHA512

                                                                        de5eff2540cb59c6f5f8293b524f94d8a1a0971b2b7135c4e003cf1ecb7c0308beac01f25e535a7da45a0d4fc57932b769d3a6f51504a7d9904de4ba356ea085

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                        Filesize

                                                                        2KB

                                                                        MD5

                                                                        34d4f45a1249aefb7e9f88bc76361d25

                                                                        SHA1

                                                                        5d318aa99a67a8747b058d6add5a84dab905bda4

                                                                        SHA256

                                                                        432f42cca482338b9c6616ae2a05332a51920999a87b3d8ceb7069c720e303a4

                                                                        SHA512

                                                                        25acc3506c776baea48fe6ee31fe2c1995eb6aa67af15369d1e72c9c0ecf9ae7e64f4c18f83c98dd0b2b6219f51a1e68a010fbf273fb80c5e6646c90a0161518

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                        Filesize

                                                                        1KB

                                                                        MD5

                                                                        ba85927246429ceec7edf57c5f5a6a64

                                                                        SHA1

                                                                        a209ba7f827d379efd19104e4860d0293c0bdb53

                                                                        SHA256

                                                                        609c1d6a2eb713f9906a1ba33a3d0b420b07b21d8a52ec5d8a3511908ae92d77

                                                                        SHA512

                                                                        42bba8b05392c3b5e1f69e59aa11effddaf7d6e22413773f158b3f44c9844318e4385659d519f62b6b74751f0b2ea3e8f3fbfa154bed8303177b2fef6573fa6e

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        38c563aefe94fec4d67ba6188588c496

                                                                        SHA1

                                                                        377dc9ef913be03b97d021f08debaca095941649

                                                                        SHA256

                                                                        fa873704ea0c6a5a7f1d0988653914b49fa94f3b81de5febc652189490ccc270

                                                                        SHA512

                                                                        fc1e2c46b012d0714ec072388828f125ae7e181989fa1a1046adec811a4c60acb891553891a06bb64bf9d37cda2c38c2e77ca52499e2bdc88a442c245805327d

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        313aaa66154ebeef4ee44976919cac59

                                                                        SHA1

                                                                        e02ae82be08f9a788821c4e0df21547d86421b9c

                                                                        SHA256

                                                                        24bda7e3ce9e88c1b6ec66fb01aae12c0b0bfa9b3cec51085a3770d07b16fe4a

                                                                        SHA512

                                                                        fe0e9ee97739176bd66181b8abfce5f92125030186934b771396f294a761d2b4de69af8e94c9a4f9a4b2c04f52a8c72958a1efb392c3fed59085cd1e2ae22a5f

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        be058ff1a4ac2236450c0d63695d3a95

                                                                        SHA1

                                                                        710b35047b2bfca4fc5180488c5e30985a9c99a8

                                                                        SHA256

                                                                        86df92d03e63b3f681fcb78594a2f7cec673e05890731513fbc4a8c123229eb3

                                                                        SHA512

                                                                        9e701c0905303311e270ca6bfa79669f7c7d109f9c9916b29903372c8abb8773706f68f4d0a62192dc8c930ab6a634a36949c682e154b17b430b3f290b7ec4ac

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        eed184f690576e69f88bbda957beb6fa

                                                                        SHA1

                                                                        67e839ff20817fff9062f17b33855c21a4434d9e

                                                                        SHA256

                                                                        f1e859d4841c5f353027770c69c4b7d1c6781b738c528dab0d68cf32fd0ea84a

                                                                        SHA512

                                                                        7971955dc70e68ab944d5dc7bc3f8165e22012f1e6bf45e3bb8468c9d4c19d363b7d7c01be4fe3998d841703f696cdb42949d95aef7b6954dbdc7770c145fde1

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        7KB

                                                                        MD5

                                                                        51089ddfe865dd165fbf6e92884e1f78

                                                                        SHA1

                                                                        4e2e608126023f77df5feeb0fe7dc091aa885145

                                                                        SHA256

                                                                        cb400087fd093eaa12a0e807977d730ed4032dc09bea394567aa88f528c93d2a

                                                                        SHA512

                                                                        0a536af0ec71c0183e9925e0eeeb40fbf4f9933137398b016be64c8404778d35c063afe95a8c15a46069cc98ba59035bdbaee966a32281239d2880289581819b

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                        Filesize

                                                                        2KB

                                                                        MD5

                                                                        0bc674c5aced9681a267ba2c4b6b3e8c

                                                                        SHA1

                                                                        20dc0a18594d14b4312cca25d1a8ad7c28219ede

                                                                        SHA256

                                                                        a55cc35493165adbf9b8fc30f3b82785f87b7ef82847c1df0bf1115966153f83

                                                                        SHA512

                                                                        330a025c45102219eda61b60d72e2f9487b95c9423ed9071c7f2785860c1c1d9878fb9faf2bd26c1624903d37472fce93e682cfd5e0966452701896929023467

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                        Filesize

                                                                        2KB

                                                                        MD5

                                                                        bd4c549af81240f72bd1e790509281d4

                                                                        SHA1

                                                                        76e6d33c2253217a603e569a2105d6517a58ea5f

                                                                        SHA256

                                                                        b90df3d5918949ae31c43bd0b8d343b4ecb1bfc245abcace6c8c5c9d849acd73

                                                                        SHA512

                                                                        e8148549c7eb6563d596b0f05cbdcbbe43b5086abc7a1e67bf26ff85345b288a2c131b495d825504651f7e78eb950f24a45341a0d49b9dfd9e723a82aa10c418

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                        Filesize

                                                                        2KB

                                                                        MD5

                                                                        505aa2c810450b1750ad0ae001f7eba7

                                                                        SHA1

                                                                        72dd13e62b59bf60201fec8558517b7d071b4fe2

                                                                        SHA256

                                                                        2ae58de0f6a15cab4edff4f994b7dff1abab558ed4cda2be8b2e5c6f31e89aab

                                                                        SHA512

                                                                        c8afeb998a171b4669663406b8d25bf538d2088d26e6b1f19312fccc4495959d890880b1cd48771e3321429eb943ca9cfb145e66a0e05dc5220c9b9d1e11f2ae

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                        Filesize

                                                                        2KB

                                                                        MD5

                                                                        8ada357dff0fe9854c5235b8c42d08ea

                                                                        SHA1

                                                                        4a936d389f6d20a8ca3f1593dade0c2b7ac25f71

                                                                        SHA256

                                                                        5402ff350afede8a23bcefc155a88c737c0e37b7842dcf886c4cf849f8936763

                                                                        SHA512

                                                                        f7feffb3d54bb778d72cff97723a5a1387de706d4853aa7b4fb5d344fee3c9c8e972640efb767b89440f82d18c30e4a2b0eebe2499757419f90ff16fd4c9bb08

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                        Filesize

                                                                        1KB

                                                                        MD5

                                                                        b4950dad3f5c464f17e7f9a1c33b65f7

                                                                        SHA1

                                                                        057210f2acd7bd855a44d9b0d343f1ab464d9cca

                                                                        SHA256

                                                                        0ecd7713485ad2183354a997f7b6c8b5e88e170c1c6de43f82375ae92aa5fcb3

                                                                        SHA512

                                                                        90ad6e6df29e23f36e4b1ba7036fec1d97285fd66a9f0cb0e32139c6dcf2a49167e4c1945c5a0bca355953f4437ff843224842660ac0ace4ed10415f7e262529

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e20.TMP
                                                                        Filesize

                                                                        1KB

                                                                        MD5

                                                                        9c475640f4a5b6f348d79873d790e575

                                                                        SHA1

                                                                        c062e0bbfe0c9a246537ba765c2ae6fb0e72a843

                                                                        SHA256

                                                                        8a5d1ad404917ce8b859de459dafb3a8cc5c8ac31a5845dc862a850da2824ebe

                                                                        SHA512

                                                                        434a6564d092225e30b6edb7c5aa472251a7391ef89344c431e41224caf18b8f891f03235eab04dcc019b6f8d12bf4c9ce2dc9ca82c8fb450a686604ce371e94

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                        Filesize

                                                                        16B

                                                                        MD5

                                                                        6752a1d65b201c13b62ea44016eb221f

                                                                        SHA1

                                                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                        SHA256

                                                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                        SHA512

                                                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                        Filesize

                                                                        11KB

                                                                        MD5

                                                                        bc001bf5237426de56520831eba94dea

                                                                        SHA1

                                                                        c1e12d03536f9a0094c3475b3de85004debca283

                                                                        SHA256

                                                                        a7e05c062f5a35a258dac19ad9b649c6cc9acddb6e9293b133ab95b1f53b5111

                                                                        SHA512

                                                                        60dd5c590aac9745fe8bdd4cc31b349a80ddef6d75e698b1d507e689be15b34b7441366f3aad70e503892dce933f0e5e0f20a052520ed3378f34b97d3a7eed5b

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        b4469ab8aa8dc9709eafd710156c5b27

                                                                        SHA1

                                                                        34de0986ceb2bae570685ddd6ff6287948181d65

                                                                        SHA256

                                                                        6d4410dbeb9b8f77aaeb588b8ae31789981c4a9a613096210100b40064e9548e

                                                                        SHA512

                                                                        912659ac7b01877bb99687c8f56fd9bd8303cd3e8c27ecea067aa5b2c5179f628030516439618951bfbea0ef5e5ecb22ec856a8105afeaf702e6b9ef573bc6f5

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Temp\@761A.tmp
                                                                        Filesize

                                                                        4KB

                                                                        MD5

                                                                        d73d89b1ea433724795b3d2b524f596c

                                                                        SHA1

                                                                        213514f48ece9f074266b122ee2d06e842871c8c

                                                                        SHA256

                                                                        8aef975a94c800d0e3e4929999d05861868a7129b766315c02a48a122e3455d6

                                                                        SHA512

                                                                        8b73be757ad3e0f2b29c0b130918e8f257375f9f3bf7b9609bac24b17369de2812341651547546af238936d70f38f050d6984afd16d47b467bcbba4992e42f41

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                                        Filesize

                                                                        2B

                                                                        MD5

                                                                        f3b25701fe362ec84616a93a45ce9998

                                                                        SHA1

                                                                        d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                        SHA256

                                                                        b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                        SHA512

                                                                        98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\AKV.exe
                                                                        Filesize

                                                                        457KB

                                                                        MD5

                                                                        97eee85d1aebf93d5d9400cb4e9c771b

                                                                        SHA1

                                                                        26fa2bf5fce2d86b891ac0741a6999bff31397de

                                                                        SHA256

                                                                        30df6c8cbd255011d80fa6e959179d47c458bc4c4d9e78c4cf571aa611cd7d24

                                                                        SHA512

                                                                        8cecc533c07c91c67b93a7ae46102a0aae7f4d3d88d04c250231f0bcd8e1f173daf06e94b5253a66db3f2a052c51e62154554368929294178d2b3597c1cca7e6

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\DPBJ.001
                                                                        Filesize

                                                                        492B

                                                                        MD5

                                                                        7a0f1fa20fd40c047b07379da5290f2b

                                                                        SHA1

                                                                        e0fb8305de6b661a747d849edb77d95959186fca

                                                                        SHA256

                                                                        b0ad9e9d3d51e8434cc466bec16e2b94fc2d03bab03b48ccf57db86ae8e2c9b6

                                                                        SHA512

                                                                        bb5b3138b863811a8b9dcba079ac8a2828dae73943a1cc1d107d27faca509fda9f03409db7c23d5d70b48d299146de14b656314a24b854f3ae4fdb6ef6770346

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\DPBJ.002
                                                                        Filesize

                                                                        518B

                                                                        MD5

                                                                        ef3c51365f36afb921a4e90f877b3681

                                                                        SHA1

                                                                        f8fa50bb8b77ed4145dd7feabcdd9810ca42dbba

                                                                        SHA256

                                                                        215269c8e36c37e5836e223cbabcf1da48f21c80cd41207240d1f00229454e81

                                                                        SHA512

                                                                        12c08393798d3755ddc46631aed372cc9f8567bf2b463cf075d44422142c3f67817d5328d6fe9869aa0825daf3e92e8d095fbfb3ca7c3edff7010cbff01984d7

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\DPBJ.006
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        35b24c473bdcdb4411e326c6c437e8ed

                                                                        SHA1

                                                                        ec1055365bc2a66e52de2d66d24d742863c1ce3d

                                                                        SHA256

                                                                        4530fcc91e4d0697a64f5e24d70e2b327f0acab1a9013102ff04236841c5a617

                                                                        SHA512

                                                                        32722f1484013bbc9c1b41b3fdaf5cd244ec67facaa2232be0e90455719d664d65cae1cd670adf5c40c67f568122d910b30e3e50f7cc06b0350a6a2d34d371de

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\DPBJ.007
                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        a8e19de6669e831956049685225058a8

                                                                        SHA1

                                                                        6d2546d49d92b18591ad4fedbc92626686e7e979

                                                                        SHA256

                                                                        34856528d8b7e31caa83f350bc4dbc861120dc2da822a9eb896b773bc7e1f564

                                                                        SHA512

                                                                        5c407d4aa5731bd62c2a1756127f794382dc5e2b214298acfa68698c709fbbe3f2aa8dbdcbef02ed2a49f8f35969959946e9f727895bdca4500d16e84f4ef2e8

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\DPBJ.009
                                                                        Filesize

                                                                        1.1MB

                                                                        MD5

                                                                        68675a2abe65bb9ee59f691ae776abe7

                                                                        SHA1

                                                                        2f6e21e1adb26a2fae0dcd4b0acb0209ed52dd8d

                                                                        SHA256

                                                                        837ea3b766ed06e013f2c553aee0fe7f832f67f527c87d15e21e76479390954c

                                                                        SHA512

                                                                        b8bdec84064dcbf98198cae2d41f9e3baaa29ebfbb8bc5ee5561d265b1992fe4533a0c00f12f9876092e8a202263e1096bbcf271feb61ea6202acf55575c894e

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\DPBJ.exe
                                                                        Filesize

                                                                        646KB

                                                                        MD5

                                                                        b863a9ac3bcdcde2fd7408944d5bf976

                                                                        SHA1

                                                                        4bd106cd9aefdf2b51f91079760855e04f73f3b0

                                                                        SHA256

                                                                        0fe8e3cd44a89c15dec75ff2949bac1a96e1ea7e0040f74df3230569ac9e37b0

                                                                        SHA512

                                                                        4b30c3b119c1e7b2747d2745b2b79c61669a33b84520b88ab54257793e3ed6e76378dea2b8ff048cb1822187ffdc20e921d658bb5b0482c23cfa7d70f4e7aa1a

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\Nov_22_2024__17_12_29.jpg
                                                                        Filesize

                                                                        117KB

                                                                        MD5

                                                                        c6d1479f01b3e45615f258e903c53f17

                                                                        SHA1

                                                                        ee69fdba22bfcfd1379e637e14b1a1860bc093d5

                                                                        SHA256

                                                                        18804b72923857a657c57d714d5da986ddf448d1197b500a70559109c3e53d64

                                                                        SHA512

                                                                        bb149811571632a1dca93a2a1bf2a41e4acbcb2fb0d5e787630e98c422882de24f66f2977ae8f1de05772a476717bb9270dfa720eed3552e670e59d89bd1eb56

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\Nov_22_2024__17_12_35.jpg
                                                                        Filesize

                                                                        134KB

                                                                        MD5

                                                                        63be328972a48c9a4135f6f671b5b151

                                                                        SHA1

                                                                        3f3191c110e3f14afb65c035356b3dd77a54bf71

                                                                        SHA256

                                                                        11887e384b8611f770c7cc9a1be5824479f3e84db025793c7ced5dad1bf49d9b

                                                                        SHA512

                                                                        9b1d79aa0f547a90ae73cd331d3db462b9f327cc9bae767b5a0f9c478e1f575c3e5122210bc184b84d03c1a7e378540462fe01033ca539da3357a53068e220d3

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\Nov_22_2024__17_12_45.jpg
                                                                        Filesize

                                                                        71KB

                                                                        MD5

                                                                        5dd2585658f030387ce33cae0a73ddcb

                                                                        SHA1

                                                                        db925c0cce34ce5a5132c01cc7a4b5cb920f9e7f

                                                                        SHA256

                                                                        ba10cbc744da7b66c489f29054fcbf800fe860f052411eb53b3a7bed27edf348

                                                                        SHA512

                                                                        d275b12ae8b54255f087ab2d21ee12a845cee33d80a63a276579788dd3a7b6ec8ff55cc8b94630e0877044a7c743d1deac562e3ef0ba97a33516238e750df01c

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\Nov_22_2024__17_13_10.jpg
                                                                        Filesize

                                                                        137KB

                                                                        MD5

                                                                        805f824f486e77588698ddf9dd56323d

                                                                        SHA1

                                                                        26a954794d9b91a85072db270451f9498e45b1b5

                                                                        SHA256

                                                                        b0de5a7f03c99da85d0f1e9fb2ebbcabe29f5964a51803522d188f06a8a36f71

                                                                        SHA512

                                                                        767f65a3df668ab650c491c8e0aea7f85b2821e8a6dacc19c404c3652ad86e967316bb420d5aa6e7efe466a41171739dbac5ec0f7c2b058a2a561b1a2f993bb0

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\Nov_22_2024__17_13_15.jpg
                                                                        Filesize

                                                                        136KB

                                                                        MD5

                                                                        b9c66447bee2c30b3ab106a55a7e9930

                                                                        SHA1

                                                                        fa5f8003b06141f75eefa278d2a32e481bf3bafb

                                                                        SHA256

                                                                        08e4ad23495a71635ba7d3881a6bfdb4c114b54d6b2f7d48dfd669b2a73330f3

                                                                        SHA512

                                                                        37e2e0da22bd81f9282d0482d42d2a642b58265ff8ca2134f1ea51176870c19994713310a26a27a4e7995195f9065f5f3df0eca11cf0f477779d6fb1c0b1350f

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\Nov_22_2024__17_13_28.jpg
                                                                        Filesize

                                                                        133KB

                                                                        MD5

                                                                        0aa72d3edf0d232d4e2a59fd2b766232

                                                                        SHA1

                                                                        b0519b41e5de365b7963ccb757ad6e6e2b0fbc7a

                                                                        SHA256

                                                                        6d2f5d6230f32ee39ea26ddc4e86d216a70e72503add14f0684e74f5d91fa3af

                                                                        SHA512

                                                                        c8beebac1da446a4fbd12d4c69fb7ebc0d9417aad9cbed7e5e0132ebb06c3c3b157760b42ab94f4a52e7aad633ca280db812fbbff91a75c6b6a1e30ab8e3f806

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\Nov_22_2024__17_13_36.jpg
                                                                        Filesize

                                                                        146KB

                                                                        MD5

                                                                        d3568d5955a1551e01d5717af9e0659b

                                                                        SHA1

                                                                        208f87ce9506b4ad76ae86455c9aab0d37c60df6

                                                                        SHA256

                                                                        7a5a110dc07cb75c63f3d49f9e9f7dc4b2d9900056c8e4308ea8f18db38c21dd

                                                                        SHA512

                                                                        12e528d126fce5ca398a6e6a2f44e7f7bee6498987dd50f962dddd56257dd39c08d4eacb4dcb87599c1fdc79f2c02a429ff3034f3b2b4eb72f95670815f9e925

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\Nov_22_2024__17_13_43.jpg
                                                                        Filesize

                                                                        140KB

                                                                        MD5

                                                                        c5a1010ee86fc503d6d1203b2e3bf624

                                                                        SHA1

                                                                        93e5c117ee62c0ccfc20012834dd77947f522211

                                                                        SHA256

                                                                        8d02e499a8513ba3c4ea1f27a7e3236431d740ca956aeccb464f32cdcea2e492

                                                                        SHA512

                                                                        593d61cfaedb7da9c8aeaf23ed012d1297e1276d81fc883201b815519c16718bb573065212befcba7aa04ad5a44f72fd02f54ee8da28b52650c4149feea9351c

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\Nov_22_2024__17_13_52.jpg
                                                                        Filesize

                                                                        131KB

                                                                        MD5

                                                                        43456719f1fd08127131f016392d1f45

                                                                        SHA1

                                                                        18af23be373e74edeb01767774ab66db088e7fd1

                                                                        SHA256

                                                                        303c064122350a0a0b2b423c9806ba8f41989eebe537819b2183b46ca06c4870

                                                                        SHA512

                                                                        93b63d5c3f4482fa954c1655622749835937e5068417f8d5b93ce502c38a9fc79d289a6da0d457360ac4bddfdeefe5e9ae332ba677e207906eceb5d9c2f41793

                                                                        Download Submit

                                                                      • C:\Windows\SysWOW64\28463\key.bin
                                                                        Filesize

                                                                        106B

                                                                        MD5

                                                                        639d75ab6799987dff4f0cf79fa70c76

                                                                        SHA1

                                                                        be2678476d07f78bb81e8813c9ee2bfff7cc7efb

                                                                        SHA256

                                                                        fc42ab050ffdfed8c8c7aac6d7e4a7cad4696218433f7ca327bcfdf9f318ac98

                                                                        SHA512

                                                                        4b511d0330d7204af948ce7b15615d745e8d4ea0a73bbece4e00fb23ba2635dd99e4fa54a76236d6f74bdbcdba57d32fd4c36b608d52628e72d11d5ed6f8cde2

                                                                        Download Submit

                                                                      • memory/2144-1044-0x00000169B68D0000-0x00000169B68D1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/2144-1045-0x00000169B68D0000-0x00000169B68D1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/2144-1046-0x00000169B68D0000-0x00000169B68D1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/2144-1047-0x00000169B68D0000-0x00000169B68D1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/2144-1048-0x00000169B68D0000-0x00000169B68D1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/2144-1049-0x00000169B68D0000-0x00000169B68D1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/2144-1039-0x00000169B68D0000-0x00000169B68D1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/2144-1040-0x00000169B68D0000-0x00000169B68D1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/2144-1038-0x00000169B68D0000-0x00000169B68D1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-25-0x0000000002560000-0x0000000002561000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-379-0x0000000000400000-0x00000000004DF000-memory.dmp

                                                                        Filesize

                                                                        892KB

                                                                        Download

                                                                      • memory/3136-503-0x0000000000400000-0x00000000004DF000-memory.dmp

                                                                        Filesize

                                                                        892KB

                                                                        Download

                                                                      • memory/3136-320-0x0000000000400000-0x00000000004DF000-memory.dmp

                                                                        Filesize

                                                                        892KB

                                                                        Download

                                                                      • memory/3136-102-0x0000000000400000-0x00000000004DF000-memory.dmp

                                                                        Filesize

                                                                        892KB

                                                                        Download

                                                                      • memory/3136-89-0x00000000033A0000-0x00000000033A1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-67-0x00000000022C0000-0x000000000231A000-memory.dmp

                                                                        Filesize

                                                                        360KB

                                                                        Download

                                                                      • memory/3136-68-0x0000000003350000-0x0000000003351000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-59-0x0000000000400000-0x00000000004DF000-memory.dmp

                                                                        Filesize

                                                                        892KB

                                                                        Download

                                                                      • memory/3136-44-0x0000000003360000-0x0000000003361000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-674-0x0000000000400000-0x00000000004DF000-memory.dmp

                                                                        Filesize

                                                                        892KB

                                                                        Download

                                                                      • memory/3136-45-0x0000000000A90000-0x0000000000A91000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-46-0x00000000022A0000-0x00000000022A1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-47-0x0000000003370000-0x0000000003371000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-48-0x00000000033B0000-0x00000000033B1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-22-0x0000000002500000-0x0000000002501000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-23-0x0000000002550000-0x0000000002551000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-24-0x0000000002540000-0x0000000002541000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-26-0x0000000002520000-0x0000000002521000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-27-0x00000000024D0000-0x00000000024D1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-28-0x0000000003360000-0x0000000003361000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-29-0x0000000003360000-0x0000000003361000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-30-0x0000000003360000-0x0000000003361000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-31-0x0000000003360000-0x0000000003361000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-32-0x0000000003360000-0x0000000003361000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-33-0x0000000003360000-0x0000000003361000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-34-0x0000000003360000-0x0000000003361000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-35-0x0000000003360000-0x0000000003361000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-36-0x0000000003350000-0x0000000003351000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-37-0x0000000003350000-0x0000000003351000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-38-0x0000000003350000-0x0000000003351000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-39-0x0000000003350000-0x0000000003351000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-40-0x0000000003350000-0x0000000003351000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-42-0x0000000003350000-0x0000000003353000-memory.dmp

                                                                        Filesize

                                                                        12KB

                                                                        Download

                                                                      • memory/3136-1264-0x0000000000400000-0x00000000004DF000-memory.dmp

                                                                        Filesize

                                                                        892KB

                                                                        Download

                                                                      • memory/3136-43-0x00000000033A0000-0x00000000033A1000-memory.dmp

                                                                        Filesize

                                                                        4KB

                                                                        Download

                                                                      • memory/3136-21-0x00000000022C0000-0x000000000231A000-memory.dmp

                                                                        Filesize

                                                                        360KB

                                                                        Download

                                                                      • memory/3136-20-0x0000000000400000-0x00000000004DF000-memory.dmp

                                                                        Filesize

                                                                        892KB

                                                                        Download

                                                                      • memory/3136-1538-0x0000000000400000-0x00000000004DF000-memory.dmp

                                                                        Filesize

                                                                        892KB

                                                                        Download