strela | 33d92d63e2031bcde9fd355b5a9cb725e9203773cc05f1ceb87de2c08f042ac8

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250211-en
resource tags

arch:x64arch:x86image:win10v2004-20250211-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2025, 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eagleget_setup.exe
Size

10.0MB
MD5

69f26e335a173717a64cd3b5458b9897
SHA1

7c5f488dd4da20ab7f98ef5308a358ba5a28dc6d
SHA256

33d92d63e2031bcde9fd355b5a9cb725e9203773cc05f1ceb87de2c08f042ac8
SHA512

4d2bc1dcbd77546d9fbdce56cbc14d776cd3b6c3f0ea4b15978058521d5ca8c7601e1cdfb493493ba4879287931e2b5325996ff10de2e0924c1a090deac0a712
SSDEEP

196608:oem6JZ4n1e50q+ZKxRlDnLMe3z6jy0fqMLL7o6YcN+L0OGEjuqL:oel74bq+87DnLdUbqM/k6YcNiGEjuI

Score

10^/10

strela adware discovery persistence privilege_escalation spyware stealer

Malware Config

Signatures

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
behavioral2/files/0x000a000000023ca7-10.dat	family_strela

Strela family
strela
Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela

Downloads MZ/PE file 1 IoCs

flow	pid	Process
121	3920	Process not Found

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\eagleGet.sys	EGMonitor.exe
File created	C:\Windows\system32\drivers\eagleGet.sys	EGMonitor.exe
File opened for modification	C:\Windows\system32\drivers\eagleGet.sys	EGMonitor.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\Control Panel\International\Geo\Nation	net_updater32.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\Control Panel\International\Geo\Nation	EagleGet.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\Control Panel\International\Geo\Nation	eagleget_setup.tmp

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 15 IoCs

pid	Process
3684	eagleget_setup.tmp
4756	net_updater32.exe
4788	test_wpf.exe
1856	net_updater32.exe
1396	EGMonitor.exe
4748	net_updater32.exe
3276	test_wpf.exe
2964	net_svc.exe
4488	net_svc.exe
1632	net_svc.exe
1256	EGMonitor.exe
4668	EGMonitor.exe
3516	EagleGet.exe
1568	test_wpf.exe
3276	EGMonitor.exe

Loads dropped DLL 49 IoCs

pid	Process
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
1336	regsvr32.exe
1336	regsvr32.exe
828	regsvr32.exe
2024	regsvr32.exe
2024	regsvr32.exe
4756	net_updater32.exe
4756	net_updater32.exe
4756	net_updater32.exe
4756	net_updater32.exe
4756	net_updater32.exe
1856	net_updater32.exe
1396	EGMonitor.exe
1396	EGMonitor.exe
4748	net_updater32.exe
4748	net_updater32.exe
4748	net_updater32.exe
4748	net_updater32.exe
4748	net_updater32.exe
1256	EGMonitor.exe
1256	EGMonitor.exe
4668	EGMonitor.exe
4668	EGMonitor.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
3276	EGMonitor.exe
3276	EGMonitor.exe
3276	EGMonitor.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E871FF8-029C-4732-8AA7-39E3D3872057}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E871FF8-029C-4732-8AA7-39E3D3872057}\ = "bteagleget.com"	regsvr32.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\test_wpf.exe.log	test_wpf.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\luminati\494419af5d7e83503dd53f7beed2d6841c1136e5	net_updater32.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\luminati	net_updater32.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\EagleGet\sslQuery.dll	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet\luminati	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\kbasnthasciateuhant98437uau	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_14_init_monitor_1.182.660.sent	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\log\net_svc.log	net_svc.exe
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215144_perr_15_has_svc.sent	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215033_04_02_supported_1.179.532.log	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\lum_sdk_install_id	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\lum_sdk_ui.log	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_04_05_show_dialog_1.182.660.sent	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215048_perr_choice_change.jslog	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\msvcr120.dll	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_postinstall_start_ok_0_1.179.532.sent	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_17_svc_started_1.182.660.sent	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\perr_19_svc_connected_1.182.660.sent	net_svc.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\perr_restricted_domain_1.245.997.sending	net_svc.exe
File opened for modification	C:\Program Files (x86)\EagleGet\EagleGet.exe	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\Common Files\EagleGet\util.dll	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215029_02_sent_cleanup_1.179.532.log	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_06_service_install_1.179.532.sent	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_10_net_start_1.179.532.sent	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\temp\2fzg5ojk.gc1	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215048_perr_choice_change.sent	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215048_perr_user_chose_peer.sent	net_updater32.exe
File opened for modification	C:\Program Files (x86)\Common Files\EagleGet\sqlite3.dll	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\unins000.dat	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-1O1E0.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-D4OB8.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-NTKRV.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\msvcr120.dll	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215125_perr_conf_update_direct_success.jslog	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\dl.dll	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-429Q6.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-4HEI8.tmp	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215048_perr_popup_close.jslog	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215048_perr_popup_close.sent	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_08_update_files_1.179.532.sent	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215144_perr_15_has_svc.jslog	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\ssleay32.dll	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet\IEGraberBHO.dll	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-M9VG1.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215030_03_is_admin_1.179.532.log	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215039_perr_04_04_start_dialog.sent	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_03_is_admin_1.179.532.sent	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215144_perr_17_svc_started.sent	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\funnel_perr_19_svc_connected.sent	net_svc.exe
File created	C:\Program Files (x86)\EagleGet\is-UU11J.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-KQ4EJ.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-RUMP9.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-S4THB.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\addon\is-I7B7R.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\lum_sdk32_clr.dll	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_04_04_start_dialog_1.182.660.sent	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\CallbackCtrl.dll	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet\proxy.dll	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\is-R36IS.tmp	eagleget_setup.tmp
File opened for modification	C:\Program Files (x86)\EagleGet\test_wpf.exe	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\perr_04_01_init_dialog_1.179.532.sent	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215039_perr_04_04_start_dialog.sending	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215039_perr_04_05_show_dialog.jslog	net_updater32.exe
File opened for modification	C:\Program Files (x86)\EagleGet\luminati\temp\net_svc.exe	net_updater32.exe
File created	C:\Program Files (x86)\EagleGet\is-ELNNS.tmp	eagleget_setup.tmp
File created	C:\Program Files (x86)\EagleGet\luminati\20250214_215102_07_service_stop_1.179.532.log	net_updater32.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 18 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	test_wpf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	test_wpf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eagleget_setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net_updater32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EGMonitor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EGMonitor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EGMonitor.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EagleGet.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	test_wpf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net_updater32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eagleget_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net_updater32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EGMonitor.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
1448	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
4532	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 21 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\ = "Customdown Class"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\SOFTWARE\Microsoft\Internet Explorer\DownloadUI = "{13D6E221-D1CC-4cc1-8410-66CD89818A6F}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download all links with EagleGet	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with EagleGet\ = "res://C:\\Program Files (x86)\\EagleGet\\IEGraberBHO.dll/201"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download all links with EagleGet\ = "res://C:\\Program Files (x86)\\EagleGet\\IEGraberBHO.dll/202"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\Software\Microsoft\Internet Explorer\Main\	eagleget_setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "ye"	eagleget_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\TypeLib\ = "{1FE29BBF-5745-45a1-B1E7-2DFD97926CEF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\Version	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with EagleGet	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\DownloadUI = "{13D6E221-D1CC-4cc1-8410-66CD89818A6F}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\Version\ = "1.0"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with EagleGet\Contexts = "34"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\InprocServer32\ = "C:\\Program Files (x86)\\EagleGet\\eagleSniffer.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Validation\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download all links with EagleGet\Contexts = "243"	regsvr32.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	net_updater32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\ProgID\ = "IEGrab.Customdown.1"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\EagleGet.EagleGet32\CurVer\ = "EagleGet.EagleGet32.1"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Interface\{E22ABA47-7A14-5B5E-941A-AAEEFCEE01F9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\Interface\{47A50A6B-EB5E-5DB3-8955-89A3AC3D64F9}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7EFCB4C-66F9-475C-97FB-03687DAB0EB3}\ = "IEagleGet"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F7EFCB4C-66F9-475C-97FB-03687DAB0EB3}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\TypeLib\{5BF350E6-763C-5778-8960-BF006540067D}\1.0\0\win32\ = "C:\\Program Files (x86)\\EagleGet\\npEagleget.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGrab.EGet.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGrab.EGet\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E871FF8-029C-4732-8AA7-39E3D3872057}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\AppID\npEagleGet32.dll\AppID = "{B415CD14-B45D-4BCA-B552-B06175C38606}"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\ = "EagleGet Free Downloader Plugin"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D700DDC2-DA60-4312-B1CD-8944E93C3EF6}\ = "EagleGet Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGrab.Customdown.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\MiscStatus	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\Interface\{E22ABA47-7A14-5B5E-941A-AAEEFCEE01F9}\ = "IFBControl"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Interface\{6BCF4892-5428-53D9-A1D9-56D55AEF29AB}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGraberBHO.EagleGet\CLSID\ = "{D700DDC2-DA60-4312-B1CD-8944E93C3EF6}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1FE29BBF-5745-45A1-B1E7-2DFD97926CEF}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{46B30FC5-D638-4323-ACA1-EA7541FA65F1}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{46B30FC5-D638-4323-ACA1-EA7541FA65F1}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{97C13EA5-DECA-4355-B789-7788B7EB154A}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Interface\{6BCF4892-5428-53D9-A1D9-56D55AEF29AB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\ProgID\ = "EagleGet.EagleGet32.1"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\TypeLib\ = "{5BF350E6-763C-5778-8960-BF006540067D}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\TypeLib\{5BF350E6-763C-5778-8960-BF006540067D}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{46B30FC5-D638-4323-ACA1-EA7541FA65F1}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\EagleGet"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGrab.EGet\ = "EGet Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E871FF8-029C-4732-8AA7-39E3D3872057}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\AppID = "{B415CD14-B45D-4BCA-B552-B06175C38606}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\TypeLib\{5BF350E6-763C-5778-8960-BF006540067D}\1.0\0	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\Interface\{6BCF4892-5428-53D9-A1D9-56D55AEF29AB}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGrab.Customdown\CurVer\ = "IEGrab.Customdown.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\InprocServer32\ = "C:\\Program Files (x86)\\EagleGet\\eagleSniffer.dll"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Interface\{47A50A6B-EB5E-5DB3-8955-89A3AC3D64F9}\TypeLib\ = "{5BF350E6-763C-5778-8960-BF006540067D}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{97C13EA5-DECA-4355-B789-7788B7EB154A}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Interface\{6BCF4892-5428-53D9-A1D9-56D55AEF29AB}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{FBDC47F7-F27C-463B-9976-16683FBEDED5}	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\EagleGet.EagleGet32.1	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\CLSID\{9843d1f9-641f-5b9a-bc7c-f59bba9a8f25}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{46B30FC5-D638-4323-ACA1-EA7541FA65F1}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7EFCB4C-66F9-475C-97FB-03687DAB0EB3}\TypeLib\ = "{46B30FC5-D638-4323-ACA1-EA7541FA65F1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{97C13EA5-DECA-4355-B789-7788B7EB154A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\MIME\Database\Content Type\application/x-eagleget\ = "EagleGet Free Downloader Plugin"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\Interface\{E22ABA47-7A14-5B5E-941A-AAEEFCEE01F9}\TypeLib\ = "{5BF350E6-763C-5778-8960-BF006540067D}"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Interface\{E22ABA47-7A14-5B5E-941A-AAEEFCEE01F9}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\Interface\{47A50A6B-EB5E-5DB3-8955-89A3AC3D64F9}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{46B30FC5-D638-4323-ACA1-EA7541FA65F1}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F7EFCB4C-66F9-475C-97FB-03687DAB0EB3}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7DA3D5E0-7F3A-421B-8FA8-AAD6C3385583}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D700DDC2-DA60-4312-B1CD-8944E93C3EF6}\InprocServer32\ = "C:\\Program Files (x86)\\EagleGet\\IEGraberBHO.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\IEGrab.EGet.1\CLSID\ = "{1E871FF8-029C-4732-8AA7-39E3D3872057}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1E871FF8-029C-4732-8AA7-39E3D3872057}\ = "EGet Class"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\Interface\{47A50A6B-EB5E-5DB3-8955-89A3AC3D64F9}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1318997816-2171176372-1451785247-1000_Classes\WOW6432Node\Interface\{47A50A6B-EB5E-5DB3-8955-89A3AC3D64F9}\TypeLib\ = "{5BF350E6-763C-5778-8960-BF006540067D}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{46B30FC5-D638-4323-ACA1-EA7541FA65F1}\1.0\ = "IEGraberBHO 1.0 ÀàÐÍ¿â"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{13D6E221-D1CC-4cc1-8410-66CD89818A6F}\InprocServer32	regsvr32.exe

Script User-Agent 6 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	159	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	161	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	162	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	171	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	135	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	146	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
3684	eagleget_setup.tmp
4756	net_updater32.exe
4748	net_updater32.exe
4488	net_svc.exe
4488	net_svc.exe
3972	msedge.exe
3972	msedge.exe
368	msedge.exe
368	msedge.exe
3516	EagleGet.exe
3516	EagleGet.exe
740	identity_helper.exe
740	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeDebugPrivilege	4532	taskkill.exe
Token: SeDebugPrivilege	3684	eagleget_setup.tmp
Token: SeDebugPrivilege	4756	net_updater32.exe
Token: SeDebugPrivilege	4748	net_updater32.exe
Token: SeShutdownPrivilege	4488	net_svc.exe
Token: SeCreatePagefilePrivilege	4488	net_svc.exe
Token: SeShutdownPrivilege	4488	net_svc.exe
Token: SeCreatePagefilePrivilege	4488	net_svc.exe
Token: SeShutdownPrivilege	4488	net_svc.exe
Token: SeCreatePagefilePrivilege	4488	net_svc.exe
Token: SeShutdownPrivilege	4488	net_svc.exe
Token: SeCreatePagefilePrivilege	4488	net_svc.exe
Token: SeDebugPrivilege	3516	EagleGet.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3684	eagleget_setup.tmp
3516	EagleGet.exe
3516	EagleGet.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
3516	EagleGet.exe
3516	EagleGet.exe
3516	EagleGet.exe
368	msedge.exe
3516	EagleGet.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3516	EagleGet.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
3516	EagleGet.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3516	EagleGet.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3892 wrote to memory of 3684	3892	eagleget_setup.exe	86
PID 3892 wrote to memory of 3684	3892	eagleget_setup.exe	86
PID 3892 wrote to memory of 3684	3892	eagleget_setup.exe	86
PID 3684 wrote to memory of 4532	3684	eagleget_setup.tmp	90
PID 3684 wrote to memory of 4532	3684	eagleget_setup.tmp	90
PID 3684 wrote to memory of 4532	3684	eagleget_setup.tmp	90
PID 3684 wrote to memory of 1336	3684	eagleget_setup.tmp	96
PID 3684 wrote to memory of 1336	3684	eagleget_setup.tmp	96
PID 3684 wrote to memory of 1336	3684	eagleget_setup.tmp	96
PID 3684 wrote to memory of 828	3684	eagleget_setup.tmp	97
PID 3684 wrote to memory of 828	3684	eagleget_setup.tmp	97
PID 3684 wrote to memory of 828	3684	eagleget_setup.tmp	97
PID 3684 wrote to memory of 2024	3684	eagleget_setup.tmp	98
PID 3684 wrote to memory of 2024	3684	eagleget_setup.tmp	98
PID 3684 wrote to memory of 2024	3684	eagleget_setup.tmp	98
PID 3684 wrote to memory of 4756	3684	eagleget_setup.tmp	100
PID 3684 wrote to memory of 4756	3684	eagleget_setup.tmp	100
PID 3684 wrote to memory of 4756	3684	eagleget_setup.tmp	100
PID 4756 wrote to memory of 4788	4756	net_updater32.exe	103
PID 4756 wrote to memory of 4788	4756	net_updater32.exe	103
PID 4756 wrote to memory of 4788	4756	net_updater32.exe	103
PID 4756 wrote to memory of 1856	4756	net_updater32.exe	108
PID 4756 wrote to memory of 1856	4756	net_updater32.exe	108
PID 4756 wrote to memory of 1856	4756	net_updater32.exe	108
PID 3684 wrote to memory of 1396	3684	eagleget_setup.tmp	110
PID 3684 wrote to memory of 1396	3684	eagleget_setup.tmp	110
PID 3684 wrote to memory of 1396	3684	eagleget_setup.tmp	110
PID 4748 wrote to memory of 3276	4748	net_updater32.exe	114
PID 4748 wrote to memory of 3276	4748	net_updater32.exe	114
PID 4748 wrote to memory of 3276	4748	net_updater32.exe	114
PID 4748 wrote to memory of 2964	4748	net_updater32.exe	116
PID 4748 wrote to memory of 2964	4748	net_updater32.exe	116
PID 4748 wrote to memory of 4488	4748	net_updater32.exe	117
PID 4748 wrote to memory of 4488	4748	net_updater32.exe	117
PID 4488 wrote to memory of 1632	4488	net_svc.exe	118
PID 4488 wrote to memory of 1632	4488	net_svc.exe	118
PID 3684 wrote to memory of 1256	3684	eagleget_setup.tmp	119
PID 3684 wrote to memory of 1256	3684	eagleget_setup.tmp	119
PID 3684 wrote to memory of 1256	3684	eagleget_setup.tmp	119
PID 3684 wrote to memory of 3516	3684	eagleget_setup.tmp	121
PID 3684 wrote to memory of 3516	3684	eagleget_setup.tmp	121
PID 3684 wrote to memory of 3516	3684	eagleget_setup.tmp	121
PID 3516 wrote to memory of 1568	3516	EagleGet.exe	122
PID 3516 wrote to memory of 1568	3516	EagleGet.exe	122
PID 3516 wrote to memory of 1568	3516	EagleGet.exe	122
PID 3684 wrote to memory of 368	3684	eagleget_setup.tmp	123
PID 3684 wrote to memory of 368	3684	eagleget_setup.tmp	123
PID 368 wrote to memory of 1440	368	msedge.exe	124
PID 368 wrote to memory of 1440	368	msedge.exe	124
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125
PID 368 wrote to memory of 3300	368	msedge.exe	125

C:\Users\Admin\AppData\Local\Temp\eagleget_setup.exe
"C:\Users\Admin\AppData\Local\Temp\eagleget_setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3892
- C:\Users\Admin\AppData\Local\Temp\is-OQA2C.tmp\eagleget_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-OQA2C.tmp\eagleget_setup.tmp" /SL5="$602E0,10028740,175104,C:\Users\Admin\AppData\Local\Temp\eagleget_setup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:3684
- - C:\Windows\SysWOW64\taskkill.exe
    "taskkill.exe" /f /im "net_updater32.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4532
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\EagleGet\eagleSniffer.dll"
    3⤵
    - Loads dropped DLL
    - Installs/modifies Browser Helper Object
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:1336
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\EagleGet\npEagleget.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:828
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\EagleGet\IEGraberBHO.dll"
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Modifies registry class
    PID:2024
- - C:\Program Files (x86)\EagleGet\net_updater32.exe
    "C:\Program Files (x86)\EagleGet\net_updater32.exe" --install-ui win_eagleget.com --dlg-app-name EagleGet --dlg-tos-link "http://www.eagleget.com/privacy-policy" --dlg-logo-link "http://admin.eagleget.com/latest/EagleGet-Icon.png" --dlg-bg-color "#ffcfe3c4" --dlg-pos "screen" --dlg-btn-color "#ff32363f" --dlg-txt-color "#ff32363f" --dlg-not-peer-txt ads
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4756
  - - C:\Program Files (x86)\EagleGet\test_wpf.exe
      C:\Program Files (x86)\EagleGet\test_wpf.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:4788
  - - C:\Program Files (x86)\EagleGet\net_updater32.exe
      "C:\Program Files (x86)\EagleGet\net_updater32.exe" --install win_eagleget.com --no-cleanup
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      PID:1856
- - C:\Program Files (x86)\EagleGet\EGMonitor.exe
    "C:\Program Files (x86)\EagleGet\EGMonitor.exe" /installnewtab
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1396
- - C:\Program Files (x86)\EagleGet\EGMonitor.exe
    "C:\Program Files (x86)\EagleGet\EGMonitor.exe" /install
    3⤵
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1256
- - C:\Program Files (x86)\EagleGet\EagleGet.exe
    "C:\Program Files (x86)\EagleGet\EagleGet.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3516
  - - C:\Program Files (x86)\EagleGet\test_wpf.exe
      C:\Program Files (x86)\EagleGet\test_wpf.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1568
  - - C:\Program Files (x86)\EagleGet\EGMonitor.exe
      "C:\Program Files (x86)\EagleGet\EGMonitor.exe" /rm
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.eagleget.com/welcome
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbea046f8,0x7fffbea04708,0x7fffbea04718
      4⤵
      PID:1440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2011256764003329765,7248872136009824107,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
      4⤵
      PID:3300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,2011256764003329765,7248872136009824107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,2011256764003329765,7248872136009824107,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
      4⤵
      PID:216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011256764003329765,7248872136009824107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
      4⤵
      PID:1656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011256764003329765,7248872136009824107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
      4⤵
      PID:2532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011256764003329765,7248872136009824107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
      4⤵
      PID:4788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011256764003329765,7248872136009824107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
      4⤵
      PID:1880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,2011256764003329765,7248872136009824107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
      4⤵
      PID:1460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,2011256764003329765,7248872136009824107,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011256764003329765,7248872136009824107,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
      4⤵
      PID:336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011256764003329765,7248872136009824107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
      4⤵
      PID:2576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,2011256764003329765,7248872136009824107,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
      4⤵
      PID:5020

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QUFCMTA5RkMtMUUyRi00RDM5LUJEN0YtMTg3QjNEN0Y2OTBGfSIgdXNlcmlkPSJ7OUQyODQ5MzAtMjVGRS00QzMyLUJEM0UtNjMwMEI4MTJEQzBBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NkEzOUVBNTQtQzRBMy00OTFFLTlFQ0ItM0NERkQyRTkzQkEzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIzIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MzkyODMzNzEiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4Mzc1NDE5Mjc1MzAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MjkyNTYwODA1Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:1448

C:\Program Files (x86)\EagleGet\net_updater32.exe
"C:/Program Files (x86)/EagleGet/net_updater32.exe" --updater win_eagleget.com
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Program Files (x86)\EagleGet\test_wpf.exe
  C:\Program Files (x86)\EagleGet\test_wpf.exe
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  PID:3276
- C:\Program Files (x86)\EagleGet\luminati\net_svc.exe
  "C:\Program Files (x86)\EagleGet\luminati\net_svc.exe" --info
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Program Files (x86)\EagleGet\luminati\net_svc.exe
  "C:\Program Files (x86)\EagleGet\luminati\net_svc.exe" --workdir "C:/Program Files (x86)/EagleGet/luminati" --no-root --parent-die-stdin --sdk --sdk-version 1.182.660 --appid win_eagleget.com --uuid sdk-win-416ca5d6c0bc6f1cb49a9df3cd586f94
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4488
- - C:\Program Files (x86)\EagleGet\luminati\net_svc.exe
    "C:\Program Files (x86)\EagleGet\luminati\net_svc.exe" --report-idle
    3⤵
    - Executes dropped EXE
    PID:1632

C:\Program Files (x86)\EagleGet\EGMonitor.exe
"C:\Program Files (x86)\EagleGet\EGMonitor.exe" /svc
1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\EagleGet\CrashRpt.dll

Filesize
300KB

MD5
30cefec9a8cb46cf3d616786733c9b22

SHA1
9c3557d373369541e4f680b30304358d14e6203c

SHA256
4fac77783dfd5ed7dc74f0304606b3651a3b95b0b64f112e59930fee90281a4c

SHA512
8faf988b3c5ba17167e8f6644f9b0cbe24d3dd26f71ed84e75ab228e81bfd57ffc2c4081ed9346c3e997ca9d80cd4a77efd7212cca8745ffe5c9cc17115ee9b6

Download Submit
C:\Program Files (x86)\EagleGet\EGMonitor.exe

Filesize
332KB

MD5
7945dbf2bd3579910342eefbb275f1f7

SHA1
57356643f1f7cd28b485bd4e35dad3f1b13c40c1

SHA256
1103cbd9f49ba8c55c2aceab21a8cf65fe5a73e56205d9e2f69ed3bec08e481a

SHA512
92335555e2ebd7646356f08278c54aafaadd915f53fcd10a235499b106964aa45b8f7c1ec20c5fcfa25efeab8609328076c326c3a7490ba0a6bd71f762d8902b

Download Submit
C:\Program Files (x86)\EagleGet\EagleGet.exe

Filesize
2.4MB

MD5
8d8aefc2b4d66894bd68ed2dbdc86fe4

SHA1
1025b9dcf7e31e9ecc476071990c36c7cf4a518d

SHA256
7ac390e54c07f2050d8a8952459760d9053662c16b54a13bac392ea675c1c15b

SHA512
14b0d104405e6e78b456af09b9d2478d5907d56bbadd055883a735b16920945511db39865fc0b31c6851ece66dbf303a7538f3e26d7e3a6eab864f91a8af0616

Download Submit
C:\Program Files (x86)\EagleGet\IEGraberBHO.dll

Filesize
245KB

MD5
0fe061737437748e16a7a3bf7e02f49f

SHA1
ab96533d19f0feb70cf2ea7fadac475e8920a37d

SHA256
7ab0aa799da04f539dde8b832ea645e058de0009be1a1f5319ab277e0b7d58ca

SHA512
f256bd0249af853003f24c09b19c610a04864cfaee826647d82923eb6319fa2fbc38cd1f1573d0d50949cb611d8416cff7e5744e8981412cbc108cbf55025b69

Download Submit
C:\Program Files (x86)\EagleGet\UninstallIco.ico

Filesize
17KB

MD5
009d9bdffb6ee378d30150031b620695

SHA1
11dea417c23f5682bf8102e6dd566f05ae9d7e3e

SHA256
5b003443e41fd99f26ecb3049b887bb9e2dec66fbe495f5f1dabc7d2fde1e801

SHA512
8972887f569f845a2312f0fcacc1e881990c5ab999b14184c1907931766fb7e6efd2e079efb1245007a0114ede419c41d8581c844f1936a9de4fbb029aaa9975

Download Submit
C:\Program Files (x86)\EagleGet\_eagleGet_x64.sys

Filesize
77KB

MD5
7cebfad0c6236844d930aaa0f6502e9b

SHA1
67a451f41d453e7c0cc8eb6f56b4c9ec257cf689

SHA256
2e2d1651f3b57376f0e100ead43c95481d27a9815ad13742f3034c7ebcc43f59

SHA512
33136266b8f4433dbfd728ed3ed3a70e0afc2d0064628dd056add79c78648e9012408341817097a128a5264e85191a7b43ebe46be53937eaae2d9f8d51b06311

Download Submit
C:\Program Files (x86)\EagleGet\_eagleGet_x86.sys

Filesize
62KB

MD5
7149e56fe2673c5a82d99848d61f5823

SHA1
7c74a82c264661ee511952727812e4fe63324579

SHA256
ee61881a1a99836a2a580e08aea53e6eba295ead01b76139b09d0741345fade3

SHA512
59921aa7740ea28b64833d60038f57dba1474352b1e6ad833fe57859867fccbe5c2b0ea69535533316bc726f7f70959d61bec69197677828cc00109081afa76e

Download Submit
C:\Program Files (x86)\EagleGet\addon\[email protected]

Filesize
98KB

MD5
6997ee816d37fe1e548bb32f4f5f8993

SHA1
13f1355d947404fac10dbce79dfabbda87a98054

SHA256
f198c64a51eb62a25e615eeee988e404de1ceb63e5cfa311657359892e636e05

SHA512
bec46c4a63dce75bc2d6aa229a26454bd966dab2d0350c8b8bcb4830f5da38e9e5e38f5b3f531ad43047d138a91d88a098030971c22a3c181bf4b70c5d916916

Download Submit
C:\Program Files (x86)\EagleGet\addon\[email protected]

Filesize
104KB

MD5
bb9452d61f8e9637265a08935893d999

SHA1
ec4a265a8d3d1ad5e962fbce9ac4e827e62d9456

SHA256
9f84f0cfb863b9c31adbed63b5392b6ad562c80354c3494c6aed0da178d20ea4

SHA512
448346beb56fa925701add8c9faab5c864cc716c353dc641d79f6775ed4de9d6a1764570eb7ea32d70659ef9fc626b767187adff5982df94c4d3f3709471062d

Download Submit
C:\Program Files (x86)\EagleGet\addon\eagleget_newtab.crx

Filesize
961KB

MD5
b41e30bdb9035bdb2d73a22320263930

SHA1
8232e2431565a1e7274059808f7f75a358b451d7

SHA256
145ea4ada358df598bfbc9faf1fc73f1b41df15d72799712b7b8f410aac963d9

SHA512
e1efbfa845c218c751fdcf2b9cc70fedbe3c2305ec70648f55e68a7c6b63c63f48f583a25a3c6206ef2937d7e34d87206410c51cfdf7811e40bf7b7a124ca20f

Download Submit
C:\Program Files (x86)\EagleGet\addon\[email protected]

Filesize
18KB

MD5
a1af69c6512bd7641c2ccdb4025c8fd2

SHA1
1898a9e48f9fca77ba11e882d127839749ee8e96

SHA256
ef2e2baad155b62ae37138c190127aede4d86948db0be96e952e97052395f837

SHA512
9f64e5b95318edffac6ec1dd09f5b1ddf3324e8e1eaebeead5ea4e25367a0d262b95428a47665f6fc215980da773e31d94ab6e6b3fa4159a4a08fba0daf31568

Download Submit
C:\Program Files (x86)\EagleGet\com.eagleget.chrome_extension.json

Filesize
398B

MD5
ce86ee686db7743eb5bc3850159092c9

SHA1
69434018ee6e609da7a3ed27a89af852217e458e

SHA256
cf951b06fc0b9c97ad1e731b68bb5fa09642900e9b615760caf63aad96251a99

SHA512
ed2664e86ea50ad4ecfa717f0c4bc311ebb92b02d7080bb11cedc73000387282e1b112d5a6cc1561ea18202dfc0c8ec871ce67e53539c8497a98519190993e54

Download Submit
C:\Program Files (x86)\EagleGet\dl.dll

Filesize
4.1MB

MD5
9bd37fa783b7327114d2a619030d2c36

SHA1
f72b16e81f6f5eef009648d42480416ce2e9d52f

SHA256
9eaf7bc716f92ae20cc4d90adf80827c315969e7b5afeb74d3a283abfb11d0bd

SHA512
a0194e01d40c869618db30429bcad3002e6fce49ae2ccd93a29048bda9251cfa95fbaa9350c2e7efbdf8fcfe3c29af7227db5570f15bfb362a221ac7b5bbe422

Download Submit
C:\Program Files (x86)\EagleGet\download-complete.wav

Filesize
120KB

MD5
0efa3ef40736d08b8504575dbcd281ba

SHA1
bf900a29a60a2d109db849ae33b89e6544e48b02

SHA256
5c734125eaabaad56362f76c311fedeb86bfea5f19bd68a11d696be561f59651

SHA512
094e901553317895400190d66529f02e048e513be1a1a5b21f9eef25715dce2ac32adf197620f82a630d495380188972162d40635b290b688776afb916d8fd28

Download Submit
C:\Program Files (x86)\EagleGet\eagleGet_wfp_x64.sys

Filesize
84KB

MD5
cb9a12bde2db323740692f0f54f83dd8

SHA1
87f02a72c44ea04ad38d8d726c0c253fe0783d69

SHA256
69287e35b96f50df7fb628b8132f9a58bbb2d1312705aeccd15fc1cf3048fa2a

SHA512
e3153606a1c2d2c86c967ed2e680b714bc1ac6127dedb85409b16f582e9bee1fcf6f4fefcedd969dc3a9c1e9768318f46ffa735b5fca806b9364b9f57ae9af9a

Download Submit
C:\Program Files (x86)\EagleGet\eagleGet_wfp_x86.sys

Filesize
67KB

MD5
549219f86174d095f30b4f1da4189358

SHA1
432e98a1118e82160d5abf5e4658d0f7f5fa8404

SHA256
a1c5453dc41ab2176c985422e02a14f7b9113ed9af2fe5b9141c6d32a4e8a93e

SHA512
5adfb74807b39ac5ce0c91e501f68bbb85267cc2bc77b3ecddf91393d339c0bcc22dcb8200ab84798d30818a367ce945e4549877e960d0243c4d3cf07af614f7

Download Submit
C:\Program Files (x86)\EagleGet\eagleGet_x64.sys

Filesize
74KB

MD5
61745181308202b14cc2f47d50e85cf6

SHA1
b665b8004ae3fe4a5d141a5a95b0e28135d23ca8

SHA256
2875cdbd6960ada13590ee6569a077e36271653c03eca9996af166aad64e6385

SHA512
6424dd4c395326410a5222d26a6518a650524aad8a3e9428f16d06117e8c9b72a990f1b1df53ce342b87a3bb10ad609e640d290f2180f93ee2aaa571142dcda5

Download Submit
C:\Program Files (x86)\EagleGet\eagleGet_x86.sys

Filesize
59KB

MD5
5bf0b3477ce8b7c40d7f3fbd083147f4

SHA1
ee72e488b6ddd022fa0d4377ef8e6c4aec813d34

SHA256
617ecb74de35e7d27d6ea1e556aaab0b5e038e9a96963f5011b6fea203666cae

SHA512
bbc4e3da130b4b1963a0eca3fcb93287135057b3d1ec43384d083c90c11d810ee138f2306979912ec149fd94ae3be53d9eddcaa5f79b1842d7ef039d46480526

Download Submit
C:\Program Files (x86)\EagleGet\eagleSniffer.dll

Filesize
803KB

MD5
5fbfd71db6dc897a41adfda41d97514f

SHA1
d56a8c9700cca04d3db9d6bc37e225c5819b1caf

SHA256
972b50833e22e5815c64c1a5d81786e9a595380010724dc0ee1c6d8f4c632873

SHA512
35087276ec3b181c5ffe2b41a976740e9f7067629a04a775f766365155d05d8f64dea67238856e122ee1dbc1f9d3b08da836edcc2728446b8ea72520df0a5c36

Download Submit
C:\Program Files (x86)\EagleGet\error.wav

Filesize
1KB

MD5
72309f20f2bfee0595fe8d20b8cbefb0

SHA1
efc2b2b263722dddffea44ffc7a116daf09709b3

SHA256
dce3297d94996c91126446e133145e4395c87ba47c4b731ca86c4c845dad8049

SHA512
0de89f9b0ca62cd9977e2becf30d8e9c416ad42f66d1bfbf78e34dc6301e0cec559813d76a05f11abeb39c7cac45e6c20bdf88c86c398c09158cb9f6c3af5942

Download Submit
C:\Program Files (x86)\EagleGet\libcurl.dll

Filesize
302KB

MD5
58192a77dd1227417ba37d50c20859cf

SHA1
6271865dc7a1760da766bee9474f777135321cbc

SHA256
b226d36387441d3621a7ed1cecd1a096f06af246f9931b96da7c8eb10573b021

SHA512
ed638a7ab850ec16a966d85fcf5865beeea871f55cc8189f16b3665c71b02b184235238c489780f4dd639cb8285b45bd42e59e82090c4c7a9dd93e2fa4e6e4d5

Download Submit
C:\Program Files (x86)\EagleGet\libeay32.dll

Filesize
2.2MB

MD5
61d8d7cbbd1cc7d544c8168d6c917ce4

SHA1
c003fbc9167817d98e34269c3f45eb5113aa7f89

SHA256
4a7768932385e490443dfd0f8b1402a0028f2a5736ebded5093c128a45b5da72

SHA512
b4790ca751abb622abaeea8b766f16d57a2b8f1f14442399a7ecc150ec605881f372481190c750ae5bf1f8b2e2ae63ca3a42e4c04d83207ac480dd8e92bb82c2

Download Submit
C:\Program Files (x86)\EagleGet\libgcc_s_dw2-1.dll

Filesize
42KB

MD5
c4b4409f186da70fcf2bcc60d5f05489

SHA1
056663c9fd2851cd64f39d882f6758e7a987bd42

SHA256
b35f2a8f4c8f1833f3cdec20739c58e295758ce22021d03d4335043148bd7610

SHA512
cdcb945a82a0304e4d7cfc9ae9d7e5a5e81d4e3025e982494c87c283f6fac542181e9e1e3028456b9b0b5b6279990cb3e1a50f9df0f6e707c70fa0e23c7a808c

Download Submit
C:\Program Files (x86)\EagleGet\lum_sdk32.dll

Filesize
2.6MB

MD5
801aa0f965ccfdb58e701ca458817b75

SHA1
38c209de69bb67955521642250b06149447a29e9

SHA256
2dd3bebb5267db126f0e8e403c78826d5b85c21cd523312cede9960062535801

SHA512
a353320c405ed5e905ca1b9230898532cbe64a94ea05ad696335df0122b063ca684f9096138fd6ff8e403d1cd4929e886be15f3b5ec005d5e4981b36d317f236

Download Submit
C:\Program Files (x86)\EagleGet\lum_sdk32_clr.dll

Filesize
1.4MB

MD5
464ed84f91c4316f4ca7597299635898

SHA1
5286271397e1c1615d6683cf07b811304a6e95ea

SHA256
94d26589d5a38dfeef21b51a056a30d1eddd1a297d34b4b3356c17f27072591e

SHA512
99e09015a99cc1875fdbda7bab571fc8441f232f9cc4b05e96fdd771e87f58b36518328009dddd4dd1fe8d3ea62ef2e15d5313b2703724c03fe4c55a7a9b452e

Download Submit
C:\Program Files (x86)\EagleGet\luminati\20250214_215033_04_02_supported_1.179.532.log

Filesize
1B

MD5
68b329da9893e34099c7d8ad5cb9c940

SHA1
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

SHA256
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

SHA512
be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

Download Submit
C:\Program Files (x86)\EagleGet\luminati\20250214_215039_perr_04_04_start_dialog.jslog

Filesize
936B

MD5
e64f1bb0f333e7e4e3931abb8ea4add9

SHA1
ac84a28cfe1e373f5e8d573773812067144a4cc2

SHA256
b98e0851a1c6352f1002757938656e7666f1a77714ed903e77a23bf4c76f8cf5

SHA512
d1f4cfeb1c0b7d480213d2a903c1c1e0bb53c6b423d0b5084baa4859ed234f07ec7bb1871bc26ba64a6976533661e9d8de34fb99e1afb4a912517654e3fe5196

Download Submit
C:\Program Files (x86)\EagleGet\luminati\20250214_215039_perr_04_05_show_dialog.jslog

Filesize
936B

MD5
22976317438c0e5979fc6d49d5a0effc

SHA1
af1df9afcef3f5f033f62a338047fdd93ffdfe11

SHA256
aeaa8553486a84017ecce42daec552effefff7a7a946430cf762df08ca8cf15b

SHA512
249ce87957e83c832461784d3335ba5774bfc1e7d46779b3f7bc1ab5ff12e299308bbcaf78c8bcc1d4dfdcaf23d61c63f74a97ea6969070fbe8be84e3dea1155

Download Submit
C:\Program Files (x86)\EagleGet\luminati\20250214_215048_perr_04_06_choose_peer.jslog

Filesize
936B

MD5
3354d0ca619b40ecdaafad10daeb534b

SHA1
9d25b255ba415e87cfeec7b2b5c58824c78c35b9

SHA256
40437224ec117e71a861965d7d2fe8e4de2a04ceda7c1cd49cfa75dffb0a254e

SHA512
732d6c3ad89533142cc7f3977b77688c80a4bb2056fb374f4aed1b1d7927303eb524c5f762615aef9f5d4380789c7b6e41d3d2a68d7e878f89c04e9847bf1e02

Download Submit
C:\Program Files (x86)\EagleGet\luminati\temp\net_svc.exe

Filesize
21.4MB

MD5
8f34457c690e5037672940452db574af

SHA1
8d48f26b69b8a580a72ff05a873baec17427e12e

SHA256
e7fc6e83e1e4bbf179ac0f4aa2196c3e397b95462ff8dd2260fa72c7333b131a

SHA512
724dbc36f725bef3083169a12766b0eafbef29b1be89ab3b7ba3077f73c96d74aef7827a33aa50e752dff76d2588b4bb2a036ec2bffb7f67a8358598e6397052

Download Submit
C:\Program Files (x86)\EagleGet\msvcr120.dll

Filesize
948KB

MD5
034ccadc1c073e4216e9466b720f9849

SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1

SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f

SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7

Download Submit
C:\Program Files (x86)\EagleGet\net_updater32.exe

Filesize
2.1MB

MD5
19559eba93aac9597c74fcbfecefb58b

SHA1
5b64f44bf93738769cc192b4bb2aba1c928d87a4

SHA256
26348c63d65901560fa6ced6b48e6a9ce2dae5e87f2a71727b1b4be5a5f3e9d3

SHA512
c1ccf75f093c09df758d72eae1b85b86e3a23120c4a7f9cf2c3be461278481565bc901a9c952b4e171356cd6cf5489ebf0ea222c48b8c1eb140e5692ffe028ad

Download Submit
C:\Program Files (x86)\EagleGet\npEagleget.dll

Filesize
1.1MB

MD5
054e9138c058522469c15914b6cac191

SHA1
3348718abe2975375a3a7edc3e458c66216ae62c

SHA256
fa775101b3e3d36934e716cc1718ae1008893d91a344aa94a9d2424092c2266e

SHA512
d1e713e7506e67a989e196ad3ad1899599ece192150b79595f68a5df70f30bb2dc3b092f1461a081ddf9fddc69717ce03934e431fbf2271b02eb9c3dcea2d455

Download Submit
C:\Program Files (x86)\EagleGet\proxy.dll

Filesize
935KB

MD5
efd86d051508f93eb579fe383c4a178d

SHA1
1245f64675be60a46f9bd06cd05c745f2434b249

SHA256
3e082acacba78908405821eb3e20385398e19548dfa8917a886794403ddf78c5

SHA512
730d4e72f8b47932904ec3f7d5b0b245de82c485d698fbe0c88e4c7dcb94d453fcdfbd4fe26235ebc729a4cd60e7ea8d18bcffddaaa5658aa713401efb2d7d90

Download Submit
C:\Program Files (x86)\EagleGet\ssl.dll

Filesize
854KB

MD5
80b5db28b47b24b3e7b4a47d97b388dd

SHA1
1ccf29c865131d3b50d3e58440c71fc528f1d3a5

SHA256
9d291067306ebe42b235c10b4c19a1f90f35c37cc0ed857c440965cc3f170a6c

SHA512
9fb4d9f7c0d12840b7a0c0a87a412e617e227822638fe97588ef9f5b9464a7f5c8ad763d7b20d0a4d41def3420186686b5a81a7b5f37af0f8335e54e45a1c2de

Download Submit
C:\Program Files (x86)\EagleGet\sslQuery.dll

Filesize
201KB

MD5
9ca51368973e5952a4bc278cd7eadb69

SHA1
470194ce089622cc1118a4cf06fcfafefdf30bb3

SHA256
b622e2fab8885d48357d2272959c858d7c2e8bc06a1aa78baf0d5f0427e1436a

SHA512
a8b9f2f557c678b9662cf2c89e6f9f11176fda99dee70c4a55e0021852fe189b624cdeda13c5d511e73a23f4e23d58b28687c14b71ec073c47c5d27814640704

Download Submit
C:\Program Files (x86)\EagleGet\ssleay32.dll

Filesize
576KB

MD5
8c32276fe49dcf47b6f3364e3e6ad610

SHA1
839d246d96e12babf3963d62d0bdb378dc916638

SHA256
bcc7cc8af2f8d4ed65866a09640ca8391f9065f199526a32d783def445b0f3b8

SHA512
387f0296615355264bd48a15c7e7c8be3c4707ea02de40a2dfecdf61d5d041a8a60b71621c4f0835df5e1d9dda3dd1921b9bc2054dc1332d8097684f7eefa329

Download Submit
C:\Program Files (x86)\EagleGet\test_wpf.exe

Filesize
28KB

MD5
72978e4ce557cf89edcd4631ecf9c6cb

SHA1
812ade90d65e5d87fdf438b520006bd0aa8a7f28

SHA256
9b536656fcb975c70f8baa53c5170daf9566159de01bb569fb5236d73d55cb8d

SHA512
abbb1f1f829c7a1932bb343efd5e813784d7040bd89f75dfa71b6fb73a2715e129cc1eb064fe21199b52c6569fd4cbf733693db3c9452366798a5bef2547b2be

Download Submit
C:\Program Files (x86)\EagleGet\unins000.dat

Filesize
67KB

MD5
8b8344518f6a5d85dd89ac8ea0c55f66

SHA1
f9dc941905e976f4033ca96360f8a4eba47f5e5f

SHA256
16601a45f4f766f1ce035d051ac5851ffe245a0b3ded2147e587b9b1d43f7fe6

SHA512
d0267496db640dead84263e7d1ee8bc66e80896b5539f143dcfaf9ced373c2617b74578b01f74f4b08433a2c138287cfb19b3d5f4d77f7cdd60fab39e3360d38

Download Submit
C:\Program Files (x86)\EagleGet\unins000.exe

Filesize
1.2MB

MD5
44d563ac5e67e28730b5bad898bd4518

SHA1
775c67f4912fafd639c12c1e38ef4624f54edcd7

SHA256
f9ae0a8a53e9d0314b25f92f29892316bb3e228a22173e312a05627bcde1e31f

SHA512
3502f35038b1a28b538fb203db0951a2fcf445817c14c4352f76bafe44ffc9066ff66c395c7efaf5290d2d29b566e3b217a48aac98b2fc163a85572a49039d89

Download Submit
C:\Program Files (x86)\EagleGet\zlib.dll

Filesize
52KB

MD5
87eddceb9d22c129e386e652c5cda521

SHA1
0447ff30dfe7a5234624ea21a6947e88f6e80054

SHA256
792d768258eddaec86d9263e51ff64ee6f0bed2f28205f535ee150e94f8d6a2b

SHA512
83ae55dde165165b8001463cb3c4b3713ddc5108a68af5289055bdb10b2c10f1338e2eb6337703edc299e375f9c9f04e757d92eee535994ab61c841e2dff78ec

Download Submit
C:\Program Files (x86)\EagleGet\zlibwapi.dll

Filesize
382KB

MD5
b97a71c359c03cf1e9bc1c06e3aa9162

SHA1
c3d1971f3556a2d60df7683b601e7d0d42805588

SHA256
2c22a3dcad17df613e8bf2ae1db82387aef9826747136436c6d6f00b43dfa5ad

SHA512
f3e884abb645e101d80a33666bb610290fabd47da6855b4a5618d17d260730b9ffa0426f2c3ce9cc17068bdf496fed368b0c334f7421fc5575a58354718aa9c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
19a7f42782b4e728bb12731ff9a460f6

SHA1
495d51f1a8fa8b55063f307f919f3bc6d67af241

SHA256
126eee474c67271293ded1ff06e56bab87c21c0884d22a419fb40e4bc87cacba

SHA512
50f21223f1b013c727b26327976f74faa11ec830f6d540eee02d728d9d7b9b617e0b48b63c7b9ebf248d818e5c65bd6e4007e2352f9f59e182c4625a28b28f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
08edd5c04b02f0b7175bcda703fd0f38

SHA1
d4f1968dd481ea01a4023b1ad333e16115cb0e18

SHA256
afbae8fd296e93092ced684ac3683e56b28a3e809fe952fab4c9116995dfec09

SHA512
474dbd8d089b549cb68585a2657486f35b8aff0b644bceca10714077c4149b84e5d910d4fda400beca016ac83620d8627d2b0ce7cac292fda7c45f3abaea1379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b76fec670c006b42a15f0347aafae136

SHA1
f6ac641eb73633e9103dfa482acf9265a26e94b0

SHA256
6a554d7079fa2f833effd493f789d519d830a34643491a2d3b7e0c4e70fdad8c

SHA512
5db5ce457ec0c11c2c5f8e28472a1d1ca4ead9ddeabc9660bb9d7a2585af8a3f5a11a3adc0e23e0f41bc989b1d1ef58ca13a368f045c398e54010fcc3bfcc021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cef23e11c808e3e5b837c6ef4403cce6

SHA1
9c9d0dcb7c4e5366cc2c71fa0a582e6caa5e9cd3

SHA256
46a1d8b0b0e2c3213c66a38d94218fd6156434c31cf6c6cf59bb7e22584f3b70

SHA512
46bd82ebbfa7392d003432855cbf752f431d6df96f24da1ea1bc8a2796e848975ee5812f0bb75a29089210c2609d352ed9caba0bb2c1d21aeb5af5012154fd66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
771fe29eefd0a3aa4a3cacb28059a01a

SHA1
c5325f7f34aa60c9e6189a6fac0f03a57ea9e23d

SHA256
d2fd033af70d9a599b64f2ddc8cb311a57c11b1f2d92e9ab992610b5b720a699

SHA512
2bc53f0c8bc9c5c0562e7f1f03cf429fe0a5a48dc0087f15c5d70a43d50371ade9b20a73ef6d5453383b4a95883477078b1c48d9e20d470d3c324eeae3dc1801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9ecad3b2aab0094a2e9792d3fadb440e

SHA1
b0b6b1a1784bf3fa615a423b8c0e13c7254e966f

SHA256
917e554230a48c16e82bf5a20c6a8ae1f9b18fa862e974a5a54df5afd1e966c1

SHA512
9303e5ea0030430c86247695784f8e2a92229536163538557db6eff4f5b8bab924857da8f20e27f8208fc479a83d12bc5522fa4b766e281051e795c51c73b70e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c0361f2b140ee89953779a689efa3479

SHA1
9234e6dc84ef0e109d6268cb03f5fabc9e774d75

SHA256
b358c4a266208541cc5c7c4420ce831ecd30c55af023424dc4e8b317ea7efee7

SHA512
10ad46b9b8ffe598d77086d2fa7d117b4213b161989356c12ca7447c7155e3569550f40a5d08a7b36aca0e889395caacf1b872fbe11a09873a719f844b73c53d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\CallbackCtrl.dll

Filesize
4KB

MD5
f07e819ba2e46a897cfabf816d7557b2

SHA1
8d5fd0a741dd3fd84650e40dd3928ae1f15323cc

SHA256
68f42a7823ed7ee88a5c59020ac52d4bbcadf1036611e96e470d986c8faa172d

SHA512
7ed26d41ead2ace0b5379639474d319af9a3e4ed2dd9795c018f8c5b9b533fd36bfc1713a1f871789bf14884d186fd0559939de511dde24673b0515165d405af

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\back.png

Filesize
2KB

MD5
ef9ed169ba900bc5250d0210d25619e3

SHA1
d333ee23b4441e7da0109886159f7c9e78819c5c

SHA256
806f42fddd09b24993ec053e6fdcae023e4833b371590843a498aacac20b8c7c

SHA512
042e7fef639b74e421ab456e41301dedd1a91f29795b5594eea89ee95ff6c44b3f72936e639f8671bba3874fb6f536c7ef01bc878c5e3a1bdc1e73ae2f716267

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\botva2.dll

Filesize
35KB

MD5
0177746573eed407f8dca8a9e441aa49

SHA1
6b462adf78059d26cbc56b3311e3b97fcb8d05f7

SHA256
a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

SHA512
d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\btn_browser.png

Filesize
2KB

MD5
8dd4f9f2c22073544694eca39c4f305d

SHA1
f7944cd8aa4f4b5233867dbdcea034a8d4be69e2

SHA256
0f6e9827ef681b88722d2013ae44fe5f8eeeaf22b6fe64904ecd0852de8197c8

SHA512
1c8708c77e8e61659ad7a903a4b5431e72532645486ca62e9b84d42f2e1fce2ebf07d17b64241656e08f32d766843dea6bc40fe7e8ff6e010201de8860a0d189

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\btn_close.png

Filesize
204B

MD5
b780d58e26ddf76733743501d00123d4

SHA1
594b7196378628bcc7107e8186e2f2f6da07ac0b

SHA256
8a6026306c1774d027022b3ee600c34b296ab8135f46c872d74c734baa239eac

SHA512
8691a1c2a00311f31224fee23803a91bc2a7597aa2ac928cfc43291b7c6cfd89bce7f7fd60d8448603b5c441ff2706f9686e1fa71c56041d0c5377eb1e14ba5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\btn_complete.png

Filesize
2KB

MD5
af03b33cb3b3fcce4b69e62cd1078dc6

SHA1
d15fc6f9ef7eb0d7d0d02981692dd355ffafdd5f

SHA256
a37b5af0b4ec0c9598e0fd6570f4b4f60a4d9d9d10e589b93f509a60f04ace55

SHA512
edd54d31a64d302ba0ba1ada691b464b9c3252ca752ad9817ec8caa0f8b375a94786d6ded8fa313666fc07d648463fc9b47a937877c3716bf245e53a649343df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\btn_min.png

Filesize
103B

MD5
2e9c0f6a83184050751c5cb0dfae2397

SHA1
f1c3e7a900db6572ac0940b833b1ec30141bc17d

SHA256
686967328122f54acd92f85f6c162d42a8f607148f511ec4f7ab41010fc7db66

SHA512
03256bfcf0df9e390e1cfa1b4571aece489270d6c72f231db1c0a1d22b9c181a89fb2865810af217956b052eb47f34d5636edef4606074f607203358370ffc90

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\btn_n.png

Filesize
1KB

MD5
66deff37283bca24ea963ae3a3963b38

SHA1
6c2410db0d9d77ed8019c01d68cb9fcdfa93b330

SHA256
d9f0859f6a5648b0a9060200cc9a7534161e1b22844f631766e4e3540090790a

SHA512
706a5f2b297694f48f623ba3ab9b0cbadd4a48be9d3b619ec76cf0aadf1638134d65a8de492b869573c136665778bfe86133cb9973d47f29f95683c4bb83faa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\btn_setup.png

Filesize
4KB

MD5
212afbaedaa752a5e8957a609a0ae9f1

SHA1
73e210e0fdd3ac797e6b30bb57a17f2ddd195002

SHA256
d95a68be5109a23db0d0dff20ba3453ca69d39f48f2ae996255b84557a96881b

SHA512
b83e22c50f011f2bb42ea6936bd2b776d9371c933119a7aa19181cb2a3f7e050478c8e679410aea39ecc750b408ecf55fd927bad1234fa041a89ebd737ac5061

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\checkboxdeep.png

Filesize
351B

MD5
3f5325a8962d480ccb89be73e7e054b5

SHA1
319e2f9e1c6c681f79265f6b24606574cbbeebbc

SHA256
ecfe768ec009c8cb24edb1dd3cfe8a8e8a583fcfc90ec90442ce1c8d59241cdc

SHA512
5994ba26c4fdc4ae3a94af2e0e48e3e173c8094fa8b069bfa47b1403ba8283e2ee312f49c308eed2f0d9d244373577244c6d8e4495d4f91f8b6597fff90b4db1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\license.png

Filesize
1KB

MD5
8277d98e048ba1adf360d63622f5b0bf

SHA1
0bdc270cd963b2b34e919250455062f782052a47

SHA256
9a004daa7630d4916c962e681f1a1f95db3ff476fe82272dc937f7ac200683a2

SHA512
5b8a354efe4073473a92118027b06d1fe599a422f395fbfa17ce0bf5c3a0cb94c7bfadb1c324e66829ad478e1561200259d32d05514fbaa22f6bbc3a90a8579a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\loading.png

Filesize
89B

MD5
589ac6ffe91a177aff97dabe25689011

SHA1
36e1bf95b0ddee3359b906aedcd1bdf74dfb646d

SHA256
2313bd947e407ccee25c6bcba3c7d45f5c92159950d9d1277d258a293760a732

SHA512
688dd947443dcb79a85843ccb845c5ec4a867dbb393e6fc0e4bf5d143faaf8ffc13360d4663aaa37862e30ca8a52f1adbb066c29e893feed8f057fcbd7ca1a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\loading_pic.png

Filesize
12KB

MD5
cd6306a12fc1fcedfa3b58da75386bda

SHA1
7ca8035de254c7daa138d4fbab14e3a1045538aa

SHA256
a6a1ee3dfe884126494a906cc36fb34f7a75ee0db932e0f4b4507b5cf9851765

SHA512
bda08fcfe9ccf5b9ac41adc4b5fd53cb510ad4f89aec611206d5e8125319e99972d6c28aabac4e492927efd9602bca51fdfe8ffaaca886dd224c3c50bf587b1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\loadingbk.png

Filesize
112B

MD5
bc922799a665701140e9f65da9722b61

SHA1
6f3248d471ac006145266498e6f0012423bd25c4

SHA256
08e0aa5886e0951fa48c3c1d6b6307e542dfcbed8e953c5d685e88433293b652

SHA512
b9ca303317906d6e9dd5efc30e10fadb5191725d03bcd7b99a7519409948543fa83f7e85db03428ab7594bbb42c8e598dac447a91e404aa2c31cfc80eeaaa5df

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\sqlite3.dll

Filesize
596KB

MD5
ee7e9a4cb1bc952e356145eb6306a6ee

SHA1
e32952efe8daf7c58821cd008ae5169719c0e580

SHA256
50f7c306c28a22cd277daffa5d3f28ac7cb4c561b260aa8c4626587f8e82f103

SHA512
44fb2e38fd36e860685bad86fde03a9b829c98d4b8fa1bccbc061eb038a9e9031166f2249caeee135d584ee8b9fa1cdf27902ff017dfe6fa7285e75eb1c96c8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\util.dll

Filesize
1020KB

MD5
ff4feaf7b5a9ac2f170be9100e3d545d

SHA1
1ec232776aab63dbc6c5e60f78956bbf08ce5d46

SHA256
98e42f53f795c03b180e2750d14c1a77bfd9078f7663d35886af91b92d5487a2

SHA512
93d3efa7f6fbbfa474e4172f7e422a6aa349efba280db593ac61a2d298607f2e1dc716b3c04ab5809de2bf36f6f4dab2449332f80a26cdb09ffe9015325859e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5ISSB.tmp\xy.png

Filesize
11KB

MD5
e92f3fbf3876c4044722fd975281b3ff

SHA1
d92877cad872663616a48f25af291e8bffb246aa

SHA256
31137ad0ef19381e1778eb89b6cb9f70a9ee5244ad943ad494e1e57b18b48ab7

SHA512
46fdb373fe54ecf762adcba6a08a0e2e67080d97931fe1407d4f60b74921d9ef7d38ec7104271805635a015ba5230a09e16de60010aecc5c404ae376efddfac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OQA2C.tmp\eagleget_setup.tmp

Filesize
1.2MB

MD5
eb42e5720e09cd014694a22c86929f5e

SHA1
b619dccd5e1deb090d8eae6c6bac5e5dae91fdfb

SHA256
4dc2d414277e497490d2009f370051298bccaa649d0a335b064269a0bb9bbbf3

SHA512
4f5ea3e32f7da75799b8067351a860f6c840dba8108c92d34d4be7d6b811140e6b2dd161ba4bd90df77dff41b74e1e85b536b3776cadb656018a1914acc3ee2f

Download Submit
C:\Users\Admin\AppData\Local\luminati\494419af5d7e83503dd53f7beed2d6841c1136e5

Filesize
32B

MD5
ba2108a82e7b0afd8f1ea61c2fa3fae0

SHA1
28c5cdf0ebc18bdc5ea9f0a5bfe6415e2587e9a8

SHA256
9f9f8237aea106308e4c985e27da1252648e4a3e8346daeca2b0eeb013fdda77

SHA512
717d0ec128056eaf616f08e400d2322b090b763f75b98b0fc0d312cb2b35334236bb87647029afddd75a332b3e8a1d50eee8914708f73a07b539695ed2b4ad0a

Download Submit
memory/3516-677-0x0000000000F30000-0x0000000000F95000-memory.dmp

Filesize
404KB

Download
memory/3516-761-0x000000006E400000-0x000000006E479000-memory.dmp

Filesize
484KB

Download
memory/3516-697-0x0000000001B90000-0x0000000001C79000-memory.dmp

Filesize
932KB

Download
memory/3516-699-0x0000000003460000-0x000000000387C000-memory.dmp

Filesize
4.1MB

Download
memory/3516-760-0x0000000063080000-0x0000000063254000-memory.dmp

Filesize
1.8MB

Download
memory/3684-548-0x00000000074F0000-0x00000000074FE000-memory.dmp

Filesize
56KB

Download
memory/3684-56-0x00000000074F0000-0x00000000074FE000-memory.dmp

Filesize
56KB

Download
memory/3684-109-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/3684-128-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/3684-107-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/3684-855-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/3684-519-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/3684-815-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/3684-547-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/3684-108-0x00000000074F0000-0x00000000074FE000-memory.dmp

Filesize
56KB

Download
memory/3684-7-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/3684-747-0x00000000074F0000-0x00000000074FE000-memory.dmp

Filesize
56KB

Download
memory/3684-746-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/3684-428-0x0000000000400000-0x000000000054E000-memory.dmp

Filesize
1.3MB

Download
memory/3684-429-0x00000000074F0000-0x00000000074FE000-memory.dmp

Filesize
56KB

Download
memory/3892-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3892-856-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3892-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/3892-106-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4748-580-0x0000000004A70000-0x0000000004BD8000-memory.dmp

Filesize
1.4MB

Download
memory/4748-598-0x0000000006050000-0x00000000060C6000-memory.dmp

Filesize
472KB

Download
memory/4748-581-0x0000000004CD0000-0x0000000005024000-memory.dmp

Filesize
3.3MB

Download
memory/4756-466-0x0000000005C50000-0x0000000005C66000-memory.dmp

Filesize
88KB

Download
memory/4756-488-0x000000000A940000-0x000000000A948000-memory.dmp

Filesize
32KB

Download
memory/4756-464-0x0000000005D20000-0x0000000005E88000-memory.dmp

Filesize
1.4MB

Download
memory/4756-465-0x0000000005BB0000-0x0000000005C50000-memory.dmp

Filesize
640KB

Download
memory/4756-467-0x0000000005C70000-0x0000000005D18000-memory.dmp

Filesize
672KB

Download
memory/4756-468-0x0000000005F80000-0x0000000005FA2000-memory.dmp

Filesize
136KB

Download
memory/4756-469-0x0000000005FB0000-0x0000000006304000-memory.dmp

Filesize
3.3MB

Download
memory/4756-489-0x000000000BA70000-0x000000000BBF6000-memory.dmp

Filesize
1.5MB

Download
memory/4788-403-0x0000000000FA0000-0x0000000000FA8000-memory.dmp

Filesize
32KB

Download
memory/4788-404-0x00000000058A0000-0x00000000058C2000-memory.dmp

Filesize
136KB

Download
memory/4788-405-0x0000000005970000-0x00000000059A8000-memory.dmp

Filesize
224KB

Download
memory/4788-406-0x0000000005930000-0x000000000593E000-memory.dmp

Filesize
56KB

Download