Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://roblox.com

windows11-21h2-x64

10

Resubmissions

31/01/2025, 14:27

250131-rsfnfsznhk 10

31/01/2025, 14:21

250131-rn459axqft 10

31/01/2025, 14:14

250131-rjzd7sxpgt 10

31/01/2025, 14:10

250131-rg2rjsxpcs 3

31/01/2025, 11:31

250131-nm7cfawnhr 10

Analysis

  • max time kernel
    271s
  • max time network
    284s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    31/01/2025, 14:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://roblox.com

Score
10/10
revengeratdefense_evasiondiscoverypersistencestealertrojanupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • RevengeRAT

    Remote-access trojan with a wide range of capabilities.

    trojanrevengerat
  • Revengerat family
    revengerat
  • RevengeRat Executable 1 IoCs
    stealer
  • Adds policy Run key to start application 2 TTPs 3 IoCs
    persistence
  • Downloads MZ/PE file 14 IoCs
  • Manipulates Digital Signatures 1 TTPs 12 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Executes dropped EXE 14 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs
    defense_evasion
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 58 IoCs
  • UPX packed file 19 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 10 IoCs
  • Drops file in Windows directory 3 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 16 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • NTFS ADS 33 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://roblox.com
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4980
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc82033cb8,0x7ffc82033cc8,0x7ffc82033cd8
      2⤵
        PID:3712
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
        2⤵
          PID:3916
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
          2⤵
          • Downloads MZ/PE file
          • Suspicious behavior: EnumeratesProcesses
          PID:2664
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
          2⤵
            PID:4768
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
            2⤵
              PID:3356
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
              2⤵
                PID:2880
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
                2⤵
                  PID:3820
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:964
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4288
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                  2⤵
                    PID:3952
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
                    2⤵
                      PID:1960
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
                      2⤵
                        PID:4508
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
                        2⤵
                          PID:3872
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                          2⤵
                            PID:3288
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
                            2⤵
                              PID:1648
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
                              2⤵
                                PID:1244
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
                                2⤵
                                  PID:4664
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
                                  2⤵
                                    PID:4920
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
                                    2⤵
                                      PID:5076
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
                                      2⤵
                                        PID:4824
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
                                        2⤵
                                          PID:2480
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
                                          2⤵
                                            PID:572
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
                                            2⤵
                                              PID:132
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6880 /prefetch:8
                                              2⤵
                                                PID:2440
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 /prefetch:8
                                                2⤵
                                                • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                • NTFS ADS
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:2852
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3820 /prefetch:8
                                                2⤵
                                                  PID:2356
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
                                                  2⤵
                                                    PID:3804
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7156 /prefetch:8
                                                    2⤵
                                                      PID:3884
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                                                      2⤵
                                                        PID:1252
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6588 /prefetch:8
                                                        2⤵
                                                          PID:3620
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5280 /prefetch:8
                                                          2⤵
                                                            PID:1584
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
                                                            2⤵
                                                            • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                            • NTFS ADS
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:2748
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
                                                            2⤵
                                                            • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                            • NTFS ADS
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:428
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
                                                            2⤵
                                                            • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                            • NTFS ADS
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:4568
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
                                                            2⤵
                                                              PID:3936
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
                                                              2⤵
                                                                PID:1076
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
                                                                2⤵
                                                                  PID:1972
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5588 /prefetch:8
                                                                  2⤵
                                                                    PID:232
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5044 /prefetch:2
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:4472
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
                                                                    2⤵
                                                                      PID:2744
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5632 /prefetch:8
                                                                      2⤵
                                                                        PID:4160
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
                                                                        2⤵
                                                                        • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                        • NTFS ADS
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:3828
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7128 /prefetch:8
                                                                        2⤵
                                                                          PID:3296
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 /prefetch:8
                                                                          2⤵
                                                                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                          • NTFS ADS
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:3752
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
                                                                          2⤵
                                                                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                          • NTFS ADS
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:456
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
                                                                          2⤵
                                                                            PID:4748
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5256 /prefetch:8
                                                                            2⤵
                                                                              PID:4360
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
                                                                              2⤵
                                                                                PID:1948
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5792 /prefetch:8
                                                                                2⤵
                                                                                  PID:4828
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
                                                                                  2⤵
                                                                                    PID:556
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 /prefetch:8
                                                                                    2⤵
                                                                                      PID:3148
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4656 /prefetch:8
                                                                                      2⤵
                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                      • NTFS ADS
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:3296
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
                                                                                      2⤵
                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                      • NTFS ADS
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:676
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:8
                                                                                      2⤵
                                                                                      • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                      • NTFS ADS
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:2924
                                                                                    • C:\Users\Admin\Downloads\AgentTesla.exe
                                                                                      "C:\Users\Admin\Downloads\AgentTesla.exe"
                                                                                      2⤵
                                                                                      • Executes dropped EXE
                                                                                      • Drops file in Program Files directory
                                                                                      • System Location Discovery: System Language Discovery
                                                                                      • Suspicious use of SetWindowsHookEx
                                                                                      PID:2436
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
                                                                                      2⤵
                                                                                        PID:4188
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6340 /prefetch:8
                                                                                        2⤵
                                                                                          PID:4992
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
                                                                                          2⤵
                                                                                            PID:4672
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7048 /prefetch:8
                                                                                            2⤵
                                                                                              PID:4048
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
                                                                                              2⤵
                                                                                                PID:4748
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2480 /prefetch:8
                                                                                                2⤵
                                                                                                  PID:3148
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:2064
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5800 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:2980
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:456
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7040 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:4368
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 /prefetch:8
                                                                                                          2⤵
                                                                                                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                          • NTFS ADS
                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                          PID:732
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7292 /prefetch:8
                                                                                                          2⤵
                                                                                                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                          • NTFS ADS
                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                          PID:2372
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6748 /prefetch:8
                                                                                                          2⤵
                                                                                                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                          • NTFS ADS
                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                          PID:2412
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
                                                                                                          2⤵
                                                                                                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                          • NTFS ADS
                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                          PID:4916
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6744 /prefetch:8
                                                                                                          2⤵
                                                                                                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                          • NTFS ADS
                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                          PID:4832
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:3868
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5244 /prefetch:8
                                                                                                            2⤵
                                                                                                              PID:2248
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4869040531045484844,10522378202640044388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
                                                                                                              2⤵
                                                                                                              • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                                              • NTFS ADS
                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                              PID:3824
                                                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                            1⤵
                                                                                                              PID:3408
                                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                              1⤵
                                                                                                                PID:1416
                                                                                                              • C:\Windows\System32\rundll32.exe
                                                                                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                1⤵
                                                                                                                  PID:5060
                                                                                                                • C:\Users\Admin\Downloads\Nople (1).exe
                                                                                                                  "C:\Users\Admin\Downloads\Nople (1).exe"
                                                                                                                  1⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  PID:108
                                                                                                                • C:\Users\Admin\Downloads\Bezilom.exe
                                                                                                                  "C:\Users\Admin\Downloads\Bezilom.exe"
                                                                                                                  1⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • Adds Run key to start application
                                                                                                                  • Drops file in Windows directory
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                  PID:2764
                                                                                                                • C:\Users\Admin\Downloads\Bumerang.exe
                                                                                                                  "C:\Users\Admin\Downloads\Bumerang.exe"
                                                                                                                  1⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • Drops file in System32 directory
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  PID:3884
                                                                                                                  • C:\Windows\SysWOW64\ddraw32.dll
                                                                                                                    C:\Windows\system32\ddraw32.dll
                                                                                                                    2⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    PID:2828
                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 344
                                                                                                                      3⤵
                                                                                                                      • Program crash
                                                                                                                      PID:1252
                                                                                                                  • C:\Windows\SysWOW64\ddraw32.dll
                                                                                                                    C:\Windows\system32\ddraw32.dll :C:\Users\Admin\Downloads\Bumerang.exe
                                                                                                                    2⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    PID:2324
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 2828 -ip 2828
                                                                                                                  1⤵
                                                                                                                    PID:1840
                                                                                                                  • C:\Users\Admin\Downloads\Nople.exe
                                                                                                                    "C:\Users\Admin\Downloads\Nople.exe"
                                                                                                                    1⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    PID:1080
                                                                                                                  • C:\Users\Admin\Downloads\Fagot.a.exe
                                                                                                                    "C:\Users\Admin\Downloads\Fagot.a.exe"
                                                                                                                    1⤵
                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                    • Manipulates Digital Signatures
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Impair Defenses: Safe Mode Boot
                                                                                                                    • Adds Run key to start application
                                                                                                                    • Modifies WinLogon
                                                                                                                    • Drops file in System32 directory
                                                                                                                    • Drops file in Windows directory
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    • Checks processor information in registry
                                                                                                                    • Enumerates system info in registry
                                                                                                                    • Modifies Internet Explorer settings
                                                                                                                    • Modifies Internet Explorer start page
                                                                                                                    • Modifies registry class
                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                    PID:3752
                                                                                                                  • C:\Users\Admin\Downloads\Heap41A.exe
                                                                                                                    "C:\Users\Admin\Downloads\Heap41A.exe"
                                                                                                                    1⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    PID:1900
                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe
                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe" MicrosoftPowerPoint\install.txt
                                                                                                                      2⤵
                                                                                                                      • Adds policy Run key to start application
                                                                                                                      • Executes dropped EXE
                                                                                                                      • Drops autorun.inf file
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      PID:3824
                                                                                                                      • C:\heap41a\svchost.exe
                                                                                                                        C:\heap41a\svchost.exe C:\heap41a\std.txt
                                                                                                                        3⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                        PID:2264
                                                                                                                        • C:\heap41a\svchost.exe
                                                                                                                          C:\heap41a\svchost.exe C:\heap41a\script1.txt
                                                                                                                          4⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:1752
                                                                                                                        • C:\heap41a\svchost.exe
                                                                                                                          C:\heap41a\svchost.exe C:\heap41a\reproduce.txt
                                                                                                                          4⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                          PID:1968
                                                                                                                  • C:\Users\Admin\Downloads\WinNuke.98.exe
                                                                                                                    "C:\Users\Admin\Downloads\WinNuke.98.exe"
                                                                                                                    1⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    PID:1060
                                                                                                                  • C:\Users\Admin\Downloads\AgentTesla.exe
                                                                                                                    "C:\Users\Admin\Downloads\AgentTesla.exe"
                                                                                                                    1⤵
                                                                                                                      PID:3936
                                                                                                                    • C:\Windows\system32\LogonUI.exe
                                                                                                                      "LogonUI.exe" /flags:0x0 /state0:0xa3a3a055 /state1:0x41c64e6d
                                                                                                                      1⤵
                                                                                                                        PID:4936
                                                                                                                      • C:\Windows\System32\smss.exe
                                                                                                                        \SystemRoot\System32\smss.exe 000000f0 0000008c
                                                                                                                        1⤵
                                                                                                                          PID:3824
                                                                                                                        • C:\Windows\System32\smss.exe
                                                                                                                          \SystemRoot\System32\smss.exe 000000dc 0000008c
                                                                                                                          1⤵
                                                                                                                            PID:2264

                                                                                                                          Network

                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                          Reconnaissance

                                                                                                                          Resource Development

                                                                                                                          Initial Access

                                                                                                                          Replication Through Removable Media

                                                                                                                          1
                                                                                                                          T1091

                                                                                                                          Execution

                                                                                                                          Persistence

                                                                                                                          Boot or Logon Autostart Execution

                                                                                                                          4
                                                                                                                          T1547

                                                                                                                          Registry Run Keys / Startup Folder

                                                                                                                          2
                                                                                                                          T1547.001

                                                                                                                          Winlogon Helper DLL

                                                                                                                          2
                                                                                                                          T1547.004

                                                                                                                          Privilege Escalation

                                                                                                                          Boot or Logon Autostart Execution

                                                                                                                          4
                                                                                                                          T1547

                                                                                                                          Registry Run Keys / Startup Folder

                                                                                                                          2
                                                                                                                          T1547.001

                                                                                                                          Winlogon Helper DLL

                                                                                                                          2
                                                                                                                          T1547.004

                                                                                                                          Defense Evasion

                                                                                                                          Impair Defenses

                                                                                                                          1
                                                                                                                          T1562

                                                                                                                          Safe Mode Boot

                                                                                                                          1
                                                                                                                          T1562.009

                                                                                                                          Modify Registry

                                                                                                                          6
                                                                                                                          T1112

                                                                                                                          Subvert Trust Controls

                                                                                                                          2
                                                                                                                          T1553

                                                                                                                          SIP and Trust Provider Hijacking

                                                                                                                          2
                                                                                                                          T1553.003

                                                                                                                          Credential Access

                                                                                                                          Discovery

                                                                                                                          Browser Information Discovery

                                                                                                                          1
                                                                                                                          T1217

                                                                                                                          Query Registry

                                                                                                                          2
                                                                                                                          T1012

                                                                                                                          System Information Discovery

                                                                                                                          3
                                                                                                                          T1082

                                                                                                                          System Location Discovery

                                                                                                                          1
                                                                                                                          T1614

                                                                                                                          System Language Discovery

                                                                                                                          1
                                                                                                                          T1614.001

                                                                                                                          Lateral Movement

                                                                                                                          Replication Through Removable Media

                                                                                                                          1
                                                                                                                          T1091

                                                                                                                          Collection

                                                                                                                          Command and Control

                                                                                                                          Web Service

                                                                                                                          1
                                                                                                                          T1102

                                                                                                                          Exfiltration

                                                                                                                          Impact

                                                                                                                          Replay Monitor

                                                                                                                          Loading Replay Monitor...

                                                                                                                          Downloads

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                            Filesize

                                                                                                                            152B

                                                                                                                            MD5

                                                                                                                            4c1a24fa898d2a98b540b20272c8e47b

                                                                                                                            SHA1

                                                                                                                            3218bff9ce95b52842fa1b8bd00be073177141ef

                                                                                                                            SHA256

                                                                                                                            bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

                                                                                                                            SHA512

                                                                                                                            e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                            Filesize

                                                                                                                            152B

                                                                                                                            MD5

                                                                                                                            f1d2c7fd2ca29bb77a5da2d1847fbb92

                                                                                                                            SHA1

                                                                                                                            840de2cf36c22ba10ac96f90890b6a12a56526c6

                                                                                                                            SHA256

                                                                                                                            58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

                                                                                                                            SHA512

                                                                                                                            ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                            Filesize

                                                                                                                            4KB

                                                                                                                            MD5

                                                                                                                            4645315fa103e7bf5689ae9a9166f3cf

                                                                                                                            SHA1

                                                                                                                            95bcbc8469e12c10306519e1a744afa68df18ae2

                                                                                                                            SHA256

                                                                                                                            6d8af01c6221baebc436fb2c9a8e714ce93921daa13e3d2811975e1d35ccebfd

                                                                                                                            SHA512

                                                                                                                            b5c820422c4197132bcfd6f6749945c718ac9d750dbba7e3e2ef69b0ddf3c0435bcc9cc5fd09b611c7294319d2c1b48bc8a73196efb7d258b2fb842dabbd4340

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            7bf8fbb9054bfc4ab415ee97993d7c9c

                                                                                                                            SHA1

                                                                                                                            65d7453a1dfdc873369c39cd94ab0bcc3746f79e

                                                                                                                            SHA256

                                                                                                                            b09f9c9070043bd872d7f80b60409fbf5b3335c0e4ee5c6d850e174cc1c0866d

                                                                                                                            SHA512

                                                                                                                            3a6ac38dec41ee268cb59405de67fd6520d95322f40a55c22291457dea352442c48a85f3570ec85b1911b50b62e5afa44382080a4bb786fe648b34bb5d77088a

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            98549d5d9359592ce5bee815d2a8d36d

                                                                                                                            SHA1

                                                                                                                            63f3b19d27942d1ab3d55a204bd192c2b00ca94e

                                                                                                                            SHA256

                                                                                                                            4321c233ec8de7d9468d7d6045526d92011639a0f06bce3e92b1bde57eac358c

                                                                                                                            SHA512

                                                                                                                            b06698e9efe1ef17ce5127945610737e57b044463b633954e7b12c0708cbaabf3bde041fc262b85909ef0b0a2facba8379a7d76dd0ffe7bd4a84730173591f70

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            7KB

                                                                                                                            MD5

                                                                                                                            9a85b9e16a1bbb7b23434ec821d1a4ff

                                                                                                                            SHA1

                                                                                                                            974e49568752f6e10f86e7a44e14871172c93d6d

                                                                                                                            SHA256

                                                                                                                            e4bc5af1bf7d3ef82b40c9d7cc1002c558f7ff2af3fe072885eff0bfaf6972d2

                                                                                                                            SHA512

                                                                                                                            14b5d3a15c18229cd10a1a0d000816aee41171649eae8a0784025b9a02f3453d6e49a6b7cab50e957745f9c8acb0820ed2e9e30194c487602a1a332bf09f71fc

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            7KB

                                                                                                                            MD5

                                                                                                                            d1632930dc8de8a6183baaf2b9ee824c

                                                                                                                            SHA1

                                                                                                                            f873fda1e548756ac3d2bf5316a31690871bfab8

                                                                                                                            SHA256

                                                                                                                            451d918af648e679fdcfc2b7060aaa5d3d30a46f4d442629f12b3ae3c2ee479f

                                                                                                                            SHA512

                                                                                                                            a7f95f843e0d6a48c7591884765852613699b10288eca8b427f0728a090e24d593ad67e9f114e95eeff4d4d9c9ddaa083daccf88b077fb0f61eb70bae584ee18

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            7KB

                                                                                                                            MD5

                                                                                                                            ee67fd4783ba6d818f4b778db77062b3

                                                                                                                            SHA1

                                                                                                                            558d5b248ef898e635a632d745a386798e84bc09

                                                                                                                            SHA256

                                                                                                                            5e9250c81c02c43558e22470a14e3ff3e2327953e5114a8a1782ec2f482829de

                                                                                                                            SHA512

                                                                                                                            7f02848a464c97819563948af50351adb2468adbfb1adeb81b5ca48200f198c1e1c6ae9b6ff579effa7a3c42f88adfea6a0bfd6430df95758cd053c924c78a8f

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            5KB

                                                                                                                            MD5

                                                                                                                            ba39e7838ac774f453e9563ee05849df

                                                                                                                            SHA1

                                                                                                                            2b3f8b339733efb2d7429f5f0001c0243836ce94

                                                                                                                            SHA256

                                                                                                                            2a26043307fb6229d6e4299fac461671202c6a94de363b6b6678182cd764f6a9

                                                                                                                            SHA512

                                                                                                                            dc1c8af1802c97c6fabf5b504b12a1bc9cd35dc8e25810cb45de91bcca9fb57c9c74854cf2b71f7bd4d0c124a4adc1f5d171f8ce9bb17abcb2244a9109796e8f

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            6KB

                                                                                                                            MD5

                                                                                                                            48cc2b2844d1c4e8242b7abf70b5d508

                                                                                                                            SHA1

                                                                                                                            7096c3da5ef659c8d576573c156807af58fef6dd

                                                                                                                            SHA256

                                                                                                                            dca107d8a740dcb9dfecc684da8848ef01d88a06abd4aa0b5a970a5265873d61

                                                                                                                            SHA512

                                                                                                                            858f9cb4fe4f5873d025c3bc75d9cb35b97929e69812362a4037c29e43c70347590eab8afafddf4a682dec26f176e2a2a17871d27f87eee6bd1fa932bf3ad223

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            6KB

                                                                                                                            MD5

                                                                                                                            65b4c8b1b54b86b31c8daed385ed07f9

                                                                                                                            SHA1

                                                                                                                            32402ce1a1d1f44164f072e0a59b832883f5658e

                                                                                                                            SHA256

                                                                                                                            0bd4f66c47b6f93ed687c17b57189eeaf4a29b746469bb3a4a2d0f23a6496da9

                                                                                                                            SHA512

                                                                                                                            f48abb544a5b563ac0672766db635e846618cf9dfded03cc160bd85afc7a90d84dd09c2e2dd049e1a61dc174760689f236663c84fe03aed7f3528eb265ec45b0

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                            Filesize

                                                                                                                            6KB

                                                                                                                            MD5

                                                                                                                            ba79fa8bc5741d56b9310917c749bae2

                                                                                                                            SHA1

                                                                                                                            7c7059d2c0100db2cdf5fd69da073d645efdbb77

                                                                                                                            SHA256

                                                                                                                            f3f47ab8016e4c8744222a70f743ff4acc669ca4689d01466c8ca37c63c8c3ad

                                                                                                                            SHA512

                                                                                                                            4e2d5675785088858d723997215091643be0de0b85f744f394df947a44be511d66e711593fc90ff8b82e799cfa2e59d2111bd7335d04dbdae53e522c28237f88

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            a9371b6d065e01d13036bc67fdfcdaa1

                                                                                                                            SHA1

                                                                                                                            af370172cf0c739848e2db442c60294fac7b35fa

                                                                                                                            SHA256

                                                                                                                            2705d93be8e76bbe0093716745287e7cab975961fb7ec12f59d0390bc74e728d

                                                                                                                            SHA512

                                                                                                                            1e0e0471763e71ef6d515544cbf125b3d87e404dfc939b184b88027e0a97afec3669881769e7e31b7156a53c7a02a27ba6a5ce6d70b7beda2cb881e22dca4963

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            b2caab4e3b2b721f6e369caa146605ff

                                                                                                                            SHA1

                                                                                                                            5d55152faddd1a8fa051a1d14c52b8c250160831

                                                                                                                            SHA256

                                                                                                                            f4ecf13e9b3c3fb592ed47aa2b53a944f6f584310df6652232cae84af121879c

                                                                                                                            SHA512

                                                                                                                            2a858e1806043138acb262e1c4c37fb90269e699541c0e797317d3dc3a2348a23001dde07d2a64b588a9f1d86a2bce13f5facc8f4c38e4e6f46ef1cfa157efb6

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            18c5c5b761ecced3897a84a371efa3f8

                                                                                                                            SHA1

                                                                                                                            43b37c1ca7866cf79b1f441fb2f26bf7a84b61f5

                                                                                                                            SHA256

                                                                                                                            2523a3d24ffee6d1b6048f725ce907547040aa82f58b045a2a8b8970a62ab59a

                                                                                                                            SHA512

                                                                                                                            9b3930f66e30c89181a10dd3d148e6b41577556c16e71b20f4ea8a7837be701aea22a3c741307808b638e77d8a8c9adcfc57823d8afeff27f7ae508a3a47788f

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            9aa7df10cedc7c399c69f1eee5a3e403

                                                                                                                            SHA1

                                                                                                                            ed2bf5d99b1419389045d00562e0406de5a37a48

                                                                                                                            SHA256

                                                                                                                            e99c1aff5882b1915097b479414e388596226ebac839f6ecaf86ec3c8e9541d4

                                                                                                                            SHA512

                                                                                                                            e8606be0385a74bf0085e441d16f0bc90ef81f2fc97b8150653458e906704b00b31afc0937a25ba6f907668f2e1292c7a5100cbb263ba38d865f742f74341336

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            40e5c029e897771b3781ea81df475231

                                                                                                                            SHA1

                                                                                                                            c97299be3811f9aebc9e96171f6b7ae3efaff1f0

                                                                                                                            SHA256

                                                                                                                            6425f8b820d0a40a4411dbad160f77bb02a918279a648b7434e02e858f62f21d

                                                                                                                            SHA512

                                                                                                                            adbcfd56bfb455e570ab57925cf447ac007d3efe58bb230c211ddaa715226c049c5a4decba835abcb50e228db2a14a2d82877c53893a08d122da8180c587dbc4

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            805de4d857600cbcb265eb837e32e6b8

                                                                                                                            SHA1

                                                                                                                            a4a9a9695a4c64fdf17c1f3b13193589df2473ff

                                                                                                                            SHA256

                                                                                                                            4b74b24fed994271335a9b7aa8ffda7484a5440aa3942398167d3ed8612784aa

                                                                                                                            SHA512

                                                                                                                            9045625767341dc0414864aae86c99d814876fc0cc2657b065a2e3c263ebecbd3f5d299f84810ec0415fff920fbf585559f5b9844ae46db07c2228d6d5c07f8d

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            575ac30ff136f221a2d1f3b23a151a64

                                                                                                                            SHA1

                                                                                                                            e19f2dc6f407cec9d2d19c9ef22f3fbaedb98c7a

                                                                                                                            SHA256

                                                                                                                            123947af50d9587b068f3ab6de1e48501a0b99bbc5acee3324bba8ea68b492bd

                                                                                                                            SHA512

                                                                                                                            beb280691d943d2ce58161018614bffec30642ec7925cc6160592931110b79d6e0ed5b803e0c012eb3874a7d9b2d10406fe80ba4a2c597de4e8a0ecc026e1f60

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            bc7edeaee5ae5a031099674836af3313

                                                                                                                            SHA1

                                                                                                                            002c063f67af08bcc0a03711749afc162eeef735

                                                                                                                            SHA256

                                                                                                                            11e78faea8c13594557495d91fa690cb6955858a2be2c502d76eedadb8157173

                                                                                                                            SHA512

                                                                                                                            bad0b016620c46541e32c6ac3c968509288735998c4c6327e269e15c7cc3943bab303b3a538ac95fd7cac14ebcc2982542a3cb1555f39a4d90708538a1ada966

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            469ccd634418293648b604f032d1d9e0

                                                                                                                            SHA1

                                                                                                                            6bc08c480f41cf3d26c3defc07a266561565e1a8

                                                                                                                            SHA256

                                                                                                                            bd06e327a56b77824323d03c247b58b670562f3e7aa385cbd157d6096e24d756

                                                                                                                            SHA512

                                                                                                                            4c216f1c18e4b015e34204243033fa6d4b1c02fe2a97b1e8c3f572caa7a797343dc189658bab59f806b54b86a40a3b4b80c040a4db90994b680b4cee4f1ef50b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            41b61bc07f159fa89b57a932c203c33b

                                                                                                                            SHA1

                                                                                                                            77f01e7c0afcc49369b6abad4635853358433ab8

                                                                                                                            SHA256

                                                                                                                            bfc99c1e6c8f310dc86e0a443694673c599065f5bcf33e95a79154c7d8a891a5

                                                                                                                            SHA512

                                                                                                                            bab2bf01a0718d73987b0e687ac48df3729d981799dc600692fb7ad953116e10bc6cbc15076dcd59f95c27f427377a2ade1f3bf5fa52fae596d493993c9c1680

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            752542ad7b996624bf3f1da2d0636195

                                                                                                                            SHA1

                                                                                                                            ec3c3b0537e1d52d765f1554aded86b508ebfd8d

                                                                                                                            SHA256

                                                                                                                            cdf3d94c6e4458468ea333c90a2a891a4fc94d801a7fa018769b78435e1b1f7d

                                                                                                                            SHA512

                                                                                                                            9e5ba41930d494cc580a7ecfcd8436495502d5d6e9013b73d1711fe8a85b4ec79d8e8258830148cf89c17918573160314a028913f0f0c3f7746be8557c1682d4

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            dad3b39420d410edc8268bf3b2c98f39

                                                                                                                            SHA1

                                                                                                                            5480af893a35259c583d47542289e886b24d97df

                                                                                                                            SHA256

                                                                                                                            7311c95638d54eb5b4823ffbab5880eb848583d322f307efcc7705d481dc48c9

                                                                                                                            SHA512

                                                                                                                            67fad0ab3143a6782e3a70e0ffb918fe9cb531caeca0eea33f4850ba0c86e2599e405bf8ebf2a7998daf62442f9ab9ece16ec54ac143d93e2f5eaad7b3ac78f3

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            d558a2a35338c1bc6964a99f7a649d59

                                                                                                                            SHA1

                                                                                                                            8bb77994de67f8c65df184e571c282d8f123b436

                                                                                                                            SHA256

                                                                                                                            1137ae67cc8c5693b3c8dcf8b2d1dfb195478d106faf9a5e53076275d7a944af

                                                                                                                            SHA512

                                                                                                                            eded83ccf31ea77ce5522190cc50bccf5502b60dc9c04b4d5ce582045aa615259f4c098d82a197d70dd3ce7106c2551cdb7e00a1a613c27f09b1e56555c2761f

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            d5172639a6b15e29eb5f1be39f353746

                                                                                                                            SHA1

                                                                                                                            3db1a14e079936f2b5e5dcdd81337a98e61e15fa

                                                                                                                            SHA256

                                                                                                                            7bec45f76a099a7740fe39fcc93278a7b48eff2623fc21378a1861e3ec5bd122

                                                                                                                            SHA512

                                                                                                                            fb293892ac2197b1197881a60ae4bc8b6394472dc1c534308e8d31cfb9bba889ebdcaf9f6909577ad2793a3b8d4cb4bbceb15dbebb5048536ff566ec9e2408c2

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            4a8011473ecee109f7019c889adaf7ad

                                                                                                                            SHA1

                                                                                                                            9ff87d9d548075cc9298aff5f3d4536e2fba34c3

                                                                                                                            SHA256

                                                                                                                            9ba5dfe6a45f524d1e2cda0eb8c57254d1371f1d743c188e0f0ee4b058bcb222

                                                                                                                            SHA512

                                                                                                                            d8263b40b5380342f1085e63fca039f83022adf03ee0035efac94429995800a5f62d693d0edeaed9a1608b76e68e64f2c2f5fa83b66f3feaf16772534ca022bc

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            3ee4d5914462b7bc859eae545c47a830

                                                                                                                            SHA1

                                                                                                                            c110cb916c86fcf4a21318b454635949a416b476

                                                                                                                            SHA256

                                                                                                                            cb96dc7cdb43a9e13f5a03c3d75011867156abdccc1810ea07e64d0f788830b1

                                                                                                                            SHA512

                                                                                                                            3214c437ef1a47f72be21535f3cd8ecb3107d33059013e26b7e8255c21b1ce07c9de407e280263d196536c5b5515907fe4f3dd098906e4e3ea91b1b4f6be1294

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            c12d965d2df0fded37395e6a7f507acf

                                                                                                                            SHA1

                                                                                                                            9121781fe7101c096a112f60d876fce713f326f7

                                                                                                                            SHA256

                                                                                                                            e77f210d390595a93e7148b25a6345768061cd7b0da5f546a9cb2a43490b1118

                                                                                                                            SHA512

                                                                                                                            0ee9ff4b827c4399e61c6693551e8c3fb79d91ff0a84c419603981c76a4f0c248a596597520e17825f0ac647fda5ce843486656e74a597640c3685139c890586

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            b9e91998f91904e0e2c7f4ef080ff850

                                                                                                                            SHA1

                                                                                                                            24b84cee4004a7f21043987bef8321cb2b0d5eab

                                                                                                                            SHA256

                                                                                                                            5699455f48302034ba10806aceaa6af02247aa0a01e259ce7796c5eebd1763ee

                                                                                                                            SHA512

                                                                                                                            660f4569075b07a6e0d95fde6e4e9839b113b78bb0481b0ff98d5b82c06f592361a7db413f74fd921c05852d7636c000ee2fa2bc1213ccc6ffe330925d4418b5

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            6ed03ca18517df4df58f761cc7070a13

                                                                                                                            SHA1

                                                                                                                            92f501d47952149cfe23505e03d7e5a9c14b2257

                                                                                                                            SHA256

                                                                                                                            e150fc1a853c2cea9e7bbc4ffa588a2697ffc8fe53e346d3b94b37209a40277d

                                                                                                                            SHA512

                                                                                                                            7eb7785d6554a2825dd6a8bca7230b1222a5f7e06e129f1d964f84753098844e8de0a8c3a6fd65407fa6a40285426f7bc7e04e530857612ad3c6c3417e373d07

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            5632e2bab9db794cfb307bd410e8086b

                                                                                                                            SHA1

                                                                                                                            c454e5a11485af96d8cccd8423a3bd0ae8eda56b

                                                                                                                            SHA256

                                                                                                                            c4f2bb8a29a6fff714199b9e62f0a936540a2a49fa81f41040396675578175d1

                                                                                                                            SHA512

                                                                                                                            2a76e9918ea2989639fcd162a1cfdbe5f4ccdd81f2b1bd5bbe0907efb412e972578a18640414c849e44630f93d86ede05986a48733d597025cd3319ad9161fa6

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f6f3.TMP
                                                                                                                            Filesize

                                                                                                                            1KB

                                                                                                                            MD5

                                                                                                                            2190fc08c8049707c342cf6e1cc0069e

                                                                                                                            SHA1

                                                                                                                            2c9f6061d35afb2fd628a5f1c100809bcc76df5c

                                                                                                                            SHA256

                                                                                                                            cfab94e157704611a0c59a961b1d74545fe569cacc542bfcb3478e7fbae7a1ec

                                                                                                                            SHA512

                                                                                                                            2e08e75e4bb17fd2ef5aba195502b5af4b1e4bdf1a9095c7e506c943b7a608dbb1e794fc1262a6a98cd6e9d18a8cbcb227175b030d190d8b49c2bcd194701efd

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                            Filesize

                                                                                                                            16B

                                                                                                                            MD5

                                                                                                                            46295cac801e5d4857d09837238a6394

                                                                                                                            SHA1

                                                                                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                            SHA256

                                                                                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                            SHA512

                                                                                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                            Filesize

                                                                                                                            16B

                                                                                                                            MD5

                                                                                                                            206702161f94c5cd39fadd03f4014d98

                                                                                                                            SHA1

                                                                                                                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                            SHA256

                                                                                                                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                            SHA512

                                                                                                                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            11KB

                                                                                                                            MD5

                                                                                                                            3f8a92a98fb4cf2271eee547bd2c3d75

                                                                                                                            SHA1

                                                                                                                            d44cbd5921a93c2f43451a27e667bfd95926d039

                                                                                                                            SHA256

                                                                                                                            e5429a2cab801022a3264078075ef0c5a82ca388ee58e18a910977f5338384c6

                                                                                                                            SHA512

                                                                                                                            7e3591b1e83570c193684e6c1a228a2f1a0774bf03581c7d954305e254e7e71768e004576e5bb5c6b3c0ffb112affce04296b727dc7eda91bc2953682839d876

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            11KB

                                                                                                                            MD5

                                                                                                                            7dc90ee06c9c99ed413ac7ed10726da5

                                                                                                                            SHA1

                                                                                                                            3aa736bd231c040be2614e7a41727f6997c07a74

                                                                                                                            SHA256

                                                                                                                            0f9c4d5ca16ecacf902be6515cec87a7e8f6edcc457b54b2316b22ed600cb4e6

                                                                                                                            SHA512

                                                                                                                            bce20edac09e95ea105d4ee1d26312f4ad11dc0040b4023648e3d35458681881275fb1eb1a9282f6e0021ad57e5b2133ba19eeee9b5b5c7caae8a4d73529efda

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            11KB

                                                                                                                            MD5

                                                                                                                            926a2460f80dda402be953e730d5a2b3

                                                                                                                            SHA1

                                                                                                                            438f0cb3a9e851a4fd8f51af7fceb8f9f220774e

                                                                                                                            SHA256

                                                                                                                            75252f5a96c70413c6cd68bcbcff04c24681b6fff66a0313167bad1cdba55642

                                                                                                                            SHA512

                                                                                                                            ac2ccf87938e40497543e4c52e7c6f918e2f3c53f6b96f1bd96a16245b68e6fb70e088025ec3e4a900cbf5fe3fa439d612be62c93c821ff1061a45daffe41920

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            11KB

                                                                                                                            MD5

                                                                                                                            b7f93048b666ff65533db6c919ceffe4

                                                                                                                            SHA1

                                                                                                                            3e37065e599413084a22b98119fb47bcfeefee78

                                                                                                                            SHA256

                                                                                                                            22f3b866846d959235d2fe8fd8c8c18d4be82d2d0a707b16dec7a7d16493ff69

                                                                                                                            SHA512

                                                                                                                            ae46200040efb94360ffc5a39ff1e3734ee6a95f79bb8110f3f441624d2da3afe2acce7be87f1bf805d617095d85c68a27cece3a6699594c0c40844dbb7fc1c5

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            10KB

                                                                                                                            MD5

                                                                                                                            456282fac7401110900bcaade8b5aace

                                                                                                                            SHA1

                                                                                                                            6cd02af9c584aef44fcc1a1174986b899aea18e2

                                                                                                                            SHA256

                                                                                                                            72ea8682e5240f59fafcc8db9c4ed667397abae8690021de285ffab56f9340ee

                                                                                                                            SHA512

                                                                                                                            1cd293cada61d3a93034a3c0a116d935274395f8b980e787a38dc99258f0bc88acdd5e5dc2dad4b6fb995bd7f1493e0974260ee990f782b77205a1d8734761cf

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                            Filesize

                                                                                                                            10KB

                                                                                                                            MD5

                                                                                                                            10ebe59efe835df1743621f89136a53f

                                                                                                                            SHA1

                                                                                                                            52937c95d415e500928ad0d0fd4d27690a34f769

                                                                                                                            SHA256

                                                                                                                            6b805e02349704605a3572b594669eeb604db621db74e4187aecc8db688cc333

                                                                                                                            SHA512

                                                                                                                            5485a589469e8db34613a3651f5eb1158744e7919183e05da28d10f55b348f3281ed4bc8f5259059a62df6787c42e1f380d5441019d82256f94348a931edc5c9

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe
                                                                                                                            Filesize

                                                                                                                            233KB

                                                                                                                            MD5

                                                                                                                            155e389a330dd7d7e1b274b8e46cdda7

                                                                                                                            SHA1

                                                                                                                            6445697a6db02e1a0e76efe69a3c87959ce2a0d8

                                                                                                                            SHA256

                                                                                                                            6390a4374f8d00c8dd4247e271137b2fa6259e0678b7b8bd29ce957058fd8f05

                                                                                                                            SHA512

                                                                                                                            df8d78cf27e4a384371f755e6d0d7333c736067aeeb619e44cbc5d88381bdcbc09a9b8eeb8aafb764fc1aaf39680e387b3bca73021c6af5452c0b2e03f0e8091

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\DanaBot.exe:Zone.Identifier
                                                                                                                            Filesize

                                                                                                                            26B

                                                                                                                            MD5

                                                                                                                            fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                            SHA1

                                                                                                                            d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                            SHA256

                                                                                                                            eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                            SHA512

                                                                                                                            aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Opaserv.l.exe:Zone.Identifier
                                                                                                                            Filesize

                                                                                                                            55B

                                                                                                                            MD5

                                                                                                                            0f98a5550abe0fb880568b1480c96a1c

                                                                                                                            SHA1

                                                                                                                            d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                                                            SHA256

                                                                                                                            2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                                                            SHA512

                                                                                                                            dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 14279.crdownload
                                                                                                                            Filesize

                                                                                                                            451KB

                                                                                                                            MD5

                                                                                                                            4f30003916cc70fca3ce6ec3f0ff1429

                                                                                                                            SHA1

                                                                                                                            7a12afdc041a03da58971a0f7637252ace834353

                                                                                                                            SHA256

                                                                                                                            746153871f816ece357589b2351818e449b1beecfb21eb75a3305899ce9ae37c

                                                                                                                            SHA512

                                                                                                                            e679a0f4b7292aedc9cd3a33cf150312ea0b1d712dd8ae8b719dedf92cc230330862f395e4f8da21c37d55a613d82a07d28b7fe6b5db6009ba8a30396caa5029

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 160481.crdownload
                                                                                                                            Filesize

                                                                                                                            5.0MB

                                                                                                                            MD5

                                                                                                                            c52f20a854efb013a0a1248fd84aaa95

                                                                                                                            SHA1

                                                                                                                            8a2cfe220eebde096c17266f1ba597a1065211ab

                                                                                                                            SHA256

                                                                                                                            cf8533849ee5e82023ad7adbdbd6543cb6db596c53048b1a0c00b3643a72db30

                                                                                                                            SHA512

                                                                                                                            07b057d4830d3e2d17c7400d56f969c614a8bae4ba1a13603bb53decd1890ddcfbaad452c59cc88e474e2fd3abd62031bf399c2d7cf6dc69405dc8afcea55b9a

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 166333.crdownload
                                                                                                                            Filesize

                                                                                                                            373KB

                                                                                                                            MD5

                                                                                                                            30cdab5cf1d607ee7b34f44ab38e9190

                                                                                                                            SHA1

                                                                                                                            d4823f90d14eba0801653e8c970f47d54f655d36

                                                                                                                            SHA256

                                                                                                                            1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f

                                                                                                                            SHA512

                                                                                                                            b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 244690.crdownload
                                                                                                                            Filesize

                                                                                                                            4.0MB

                                                                                                                            MD5

                                                                                                                            1d9045870dbd31e2e399a4e8ecd9302f

                                                                                                                            SHA1

                                                                                                                            7857c1ebfd1b37756d106027ed03121d8e7887cf

                                                                                                                            SHA256

                                                                                                                            9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885

                                                                                                                            SHA512

                                                                                                                            9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 249315.crdownload
                                                                                                                            Filesize

                                                                                                                            28KB

                                                                                                                            MD5

                                                                                                                            8e9d7feb3b955e6def8365fd83007080

                                                                                                                            SHA1

                                                                                                                            df7522e270506b1a2c874700a9beeb9d3d233e23

                                                                                                                            SHA256

                                                                                                                            94d2b1da2c4ce7db94ee9603bc2f81386032687e7c664aff6460ba0f5dac0022

                                                                                                                            SHA512

                                                                                                                            4157a5628dc7f47489be2c30dbf2b14458a813eb66e942bba881615c101df25001c09afb9a54f88831fa4c1858f42d897f8f55fbf6b4c1a82d2509bd52ba1536

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 338271.crdownload
                                                                                                                            Filesize

                                                                                                                            28KB

                                                                                                                            MD5

                                                                                                                            71c981d4f5316c3ad1deefe48fddb94a

                                                                                                                            SHA1

                                                                                                                            8e59bbdb29c4234bfcd0465bb6526154bd98b8e4

                                                                                                                            SHA256

                                                                                                                            de709dacac623c637448dc91f6dfd441a49c89372af2c53e2027e4af5310b95d

                                                                                                                            SHA512

                                                                                                                            e6ed88ce880e0bbb96995140df0999b1fb3bd45b3d0976e92f94be042d63b8f5030d346f3d24fbadd9822a98690a6d90ba000d9188b3946807fd77735c65c2b1

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 350030.crdownload
                                                                                                                            Filesize

                                                                                                                            26KB

                                                                                                                            MD5

                                                                                                                            b6c78677b83c0a5b02f48648a9b8e86d

                                                                                                                            SHA1

                                                                                                                            0d90c40d2e9e8c58c1dafb528d6eab45e15fda81

                                                                                                                            SHA256

                                                                                                                            706fce69fea67622b03fafb51ece076c1fdd38892318f8cce9f2ec80aabca822

                                                                                                                            SHA512

                                                                                                                            302acca8c5dd310f86b65104f7accd290014e38d354e97e4ffafe1702b0a13b90e4823c274b51bcc9285419e69ff7111343ac0a64fd3c8b67c48d7bbd382337b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 35471.crdownload
                                                                                                                            Filesize

                                                                                                                            3KB

                                                                                                                            MD5

                                                                                                                            6f5767ec5a9cc6f7d195dde3c3939120

                                                                                                                            SHA1

                                                                                                                            4605a2d0aae8fa5ec0b72973bea928762cc6d002

                                                                                                                            SHA256

                                                                                                                            59fe169797953f2046b283235fe80158ebf02ba586eabfea306402fba8473dae

                                                                                                                            SHA512

                                                                                                                            c0fbba6ecaef82d04157c5fcf458817bf11ce29cdaf3af6cac56724efcf4305565c6e665cdcf2106c675ba0574c60606be81d9baafe804fc7d2d3a50fed0baf6

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 409080.crdownload
                                                                                                                            Filesize

                                                                                                                            32KB

                                                                                                                            MD5

                                                                                                                            eb9324121994e5e41f1738b5af8944b1

                                                                                                                            SHA1

                                                                                                                            aa63c521b64602fa9c3a73dadd412fdaf181b690

                                                                                                                            SHA256

                                                                                                                            2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

                                                                                                                            SHA512

                                                                                                                            7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 547919.crdownload
                                                                                                                            Filesize

                                                                                                                            2KB

                                                                                                                            MD5

                                                                                                                            a56d479405b23976f162f3a4a74e48aa

                                                                                                                            SHA1

                                                                                                                            f4f433b3f56315e1d469148bdfd835469526262f

                                                                                                                            SHA256

                                                                                                                            17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

                                                                                                                            SHA512

                                                                                                                            f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 551203.crdownload
                                                                                                                            Filesize

                                                                                                                            50KB

                                                                                                                            MD5

                                                                                                                            7d595027f9fdd0451b069c0c65f2a6e4

                                                                                                                            SHA1

                                                                                                                            a4556275c6c45e19d5b784612c68b3ad90892537

                                                                                                                            SHA256

                                                                                                                            d2518df72d5cce230d98a435977d9283b606a5a4cafe8cd596641f96d8555254

                                                                                                                            SHA512

                                                                                                                            b8f37ecc78affa30a0c7c00409f2db1e2fd031f16c530a8c1d4b4bffaa5d55ac235b11540c8a611ae1a90b748b04498e3954cfb1529236937ef693c6b20e893b

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 755818.crdownload
                                                                                                                            Filesize

                                                                                                                            2.8MB

                                                                                                                            MD5

                                                                                                                            cce284cab135d9c0a2a64a7caec09107

                                                                                                                            SHA1

                                                                                                                            e4b8f4b6cab18b9748f83e9fffd275ef5276199e

                                                                                                                            SHA256

                                                                                                                            18aab0e981eee9e4ef8e15d4b003b14b3a1b0bfb7233fade8ee4b6a22a5abbb9

                                                                                                                            SHA512

                                                                                                                            c45d021295871447ce60250ff9cbeba2b2a16a23371530da077d6235cfe5005f10fa228071542df3621462d913ad2f58236dc0c0cb390779eef86a10bba8429f

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 781626.crdownload
                                                                                                                            Filesize

                                                                                                                            92KB

                                                                                                                            MD5

                                                                                                                            fb598b93c04baafe98683dc210e779c9

                                                                                                                            SHA1

                                                                                                                            c7ccd43a721a508b807c9bf6d774344df58e752f

                                                                                                                            SHA256

                                                                                                                            c851749fd6c9fa19293d8ee2c5b45b3dc8561115ddfe7166fbaefcb9b353b7c4

                                                                                                                            SHA512

                                                                                                                            1185ffe7e296eaaae50b7bd63baa6ffb8f5e76d4a897cb3800cead507a67c4e5075e677abdbf9831f3f81d01bdf1c06675a7c21985ef20a4bae5a256fd41cc0f

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 801893.crdownload
                                                                                                                            Filesize

                                                                                                                            5KB

                                                                                                                            MD5

                                                                                                                            fe537a3346590c04d81d357e3c4be6e8

                                                                                                                            SHA1

                                                                                                                            b1285f1d8618292e17e490857d1bdf0a79104837

                                                                                                                            SHA256

                                                                                                                            bbc572cced7c94d63a7208f4aba4ed20d1350bef153b099035a86c95c8d96d4a

                                                                                                                            SHA512

                                                                                                                            50a5c1ad99ee9f3a540cb30e87ebfdf7561f0a0ee35b3d06c394fa2bad06ca6088a04848ddcb25f449b3c98b89a91d1ba5859f1ed6737119b606968be250c8ce

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 830442.crdownload
                                                                                                                            Filesize

                                                                                                                            2.7MB

                                                                                                                            MD5

                                                                                                                            48d8f7bbb500af66baa765279ce58045

                                                                                                                            SHA1

                                                                                                                            2cdb5fdeee4e9c7bd2e5f744150521963487eb71

                                                                                                                            SHA256

                                                                                                                            db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

                                                                                                                            SHA512

                                                                                                                            aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 875958.crdownload
                                                                                                                            Filesize

                                                                                                                            321KB

                                                                                                                            MD5

                                                                                                                            600e0dbaefc03f7bf50abb0def3fb465

                                                                                                                            SHA1

                                                                                                                            1b5f0ac48e06edc4ed8243be61d71077f770f2b4

                                                                                                                            SHA256

                                                                                                                            61e6a93f43049712b5f2d949fd233fa8015fe4bef01b9e1285d3d87b12f894f2

                                                                                                                            SHA512

                                                                                                                            151eebac8f8f6e72d130114f030f048dff5bce0f99ff8d3a22e8fed7616155b3e87d29acf79f488d6b53ed2c5c9b05b57f76f1f91a568c21fe9bca228efb23d9

                                                                                                                            Download Submit

                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 875958.crdownload:SmartScreen
                                                                                                                            Filesize

                                                                                                                            7B

                                                                                                                            MD5

                                                                                                                            4047530ecbc0170039e76fe1657bdb01

                                                                                                                            SHA1

                                                                                                                            32db7d5e662ebccdd1d71de285f907e3a1c68ac5

                                                                                                                            SHA256

                                                                                                                            82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

                                                                                                                            SHA512

                                                                                                                            8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

                                                                                                                            Download Submit

                                                                                                                          • memory/1752-1384-0x0000000000400000-0x0000000000486000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            536KB

                                                                                                                            Download

                                                                                                                          • memory/1752-1367-0x0000000000400000-0x0000000000486000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            536KB

                                                                                                                            Download

                                                                                                                          • memory/1752-1403-0x0000000000400000-0x0000000000486000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            536KB

                                                                                                                            Download

                                                                                                                          • memory/1752-1398-0x0000000000400000-0x0000000000486000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            536KB

                                                                                                                            Download

                                                                                                                          • memory/1752-1382-0x0000000000400000-0x0000000000486000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            536KB

                                                                                                                            Download

                                                                                                                          • memory/1900-1352-0x0000000000400000-0x0000000000432000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            200KB

                                                                                                                            Download

                                                                                                                          • memory/1968-1404-0x0000000000400000-0x0000000000486000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            536KB

                                                                                                                            Download

                                                                                                                          • memory/1968-1368-0x0000000000400000-0x0000000000486000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            536KB

                                                                                                                            Download

                                                                                                                          • memory/1968-1383-0x0000000000400000-0x0000000000486000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            536KB

                                                                                                                            Download

                                                                                                                          • memory/1968-1385-0x0000000000400000-0x0000000000486000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            536KB

                                                                                                                            Download

                                                                                                                          • memory/1968-1399-0x0000000000400000-0x0000000000486000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            536KB

                                                                                                                            Download

                                                                                                                          • memory/2264-1366-0x0000000000400000-0x0000000000486000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            536KB

                                                                                                                            Download

                                                                                                                          • memory/2324-1369-0x0000000000400000-0x0000000000410000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            64KB

                                                                                                                            Download

                                                                                                                          • memory/2828-1270-0x0000000000400000-0x0000000000410000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            64KB

                                                                                                                            Download

                                                                                                                          • memory/3752-1381-0x0000000000400000-0x0000000000463000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            396KB

                                                                                                                            Download

                                                                                                                          • memory/3824-1364-0x0000000000400000-0x0000000000486000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            536KB

                                                                                                                            Download

                                                                                                                          • memory/3824-1351-0x0000000000400000-0x0000000000486000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            536KB

                                                                                                                            Download

                                                                                                                          • memory/3884-1264-0x0000000000400000-0x0000000000410000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            64KB

                                                                                                                            Download

                                                                                                                          • memory/3884-1269-0x0000000000400000-0x0000000000410000-memory.dmp

                                                                                                                            Filesize

                                                                                                                            64KB

                                                                                                                            Download