privateloader | hxxps://progressivebangladesh[.]org/server3/AppGate2103v0115[.]exe

Analysis

max time kernel
148s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://progressivebangladesh.org/server3/AppGate2103v0115.exe

Score

10^/10

privateloader evasion loader spyware stealer

Malware Config

Signatures

Modifies firewall policy service 3 TTPs 1 IoCs
evasion

Modify Registry
T1112

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

AppGate2103v0115.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\C:\ = "1" AppGate2103v0115.exe
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
loader privateloader
Downloads MZ/PE file
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

AppGate2103v0115.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation AppGate2103v0115.exe
Executes dropped EXE 2 IoCs

Processes:

AppGate2103v0115.exeAppGate2103v0115.exe

pid process

5356 AppGate2103v0115.exe
5448 AppGate2103v0115.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

58 bitbucket.org
68 bitbucket.org
77 bitbucket.org
87 bitbucket.org
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

52 api.myip.com
53 ipinfo.io
54 ipinfo.io
50 api.myip.com

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\C:\ = "1"	AppGate2103v0115.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4204450073-1267028356-951339405-1000\Control Panel\International\Geo\Nation	AppGate2103v0115.exe

pid	process
5356	AppGate2103v0115.exe
5448	AppGate2103v0115.exe

flow	ioc
58	bitbucket.org
68	bitbucket.org
77	bitbucket.org
87	bitbucket.org

flow	ioc
52	api.myip.com
53	ipinfo.io
54	ipinfo.io
50	api.myip.com

Drops file in System32 directory 4 IoCs

Processes:

AppGate2103v0115.exe

description	ioc	process
File opened for modification	C:\Windows\System32\GroupPolicy\gpt.ini	AppGate2103v0115.exe
File created	C:\Windows\System32\GroupPolicy\Machine\Registry.pol	AppGate2103v0115.exe
File opened for modification	C:\Windows\System32\GroupPolicy\GPT.INI	AppGate2103v0115.exe
File opened for modification	C:\Windows\System32\GroupPolicy	AppGate2103v0115.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640402354829878"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 16451.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 16451.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exeAppGate2103v0115.exeAppGate2103v0115.exechrome.exe

pid	process
4408	msedge.exe
4408	msedge.exe
3888	msedge.exe
3888	msedge.exe
4992	identity_helper.exe
4992	identity_helper.exe
5248	msedge.exe
5248	msedge.exe
5356	AppGate2103v0115.exe
5356	AppGate2103v0115.exe
5448	AppGate2103v0115.exe
5448	AppGate2103v0115.exe
5328	chrome.exe
5328	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exechrome.exe

pid process

3888 msedge.exe
3888 msedge.exe
3888 msedge.exe
3888 msedge.exe
3888 msedge.exe
3888 msedge.exe
3888 msedge.exe
5328 chrome.exe
5328 chrome.exe
5328 chrome.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5328	chrome.exe
Token: SeCreatePagefilePrivilege	5328	chrome.exe
Token: SeShutdownPrivilege	5328	chrome.exe
Token: SeCreatePagefilePrivilege	5328	chrome.exe
Token: SeShutdownPrivilege	5328	chrome.exe
Token: SeCreatePagefilePrivilege	5328	chrome.exe
Token: SeShutdownPrivilege	5328	chrome.exe
Token: SeCreatePagefilePrivilege	5328	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exechrome.exe

pid	process
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe
5328	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

AppGate2103v0115.exeAppGate2103v0115.exe

pid process

5356 AppGate2103v0115.exe
5448 AppGate2103v0115.exe

pid	process
5356	AppGate2103v0115.exe
5448	AppGate2103v0115.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3888 wrote to memory of 2304	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 2304	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 3952	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 4408	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 4408	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe
PID 3888 wrote to memory of 1176	3888	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://progressivebangladesh.org/server3/AppGate2103v0115.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82fef46f8,0x7ff82fef4708,0x7ff82fef4718
2⤵
PID:2304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
2⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
2⤵
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:1780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
2⤵
PID:1228

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
2⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
2⤵
PID:3124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5668 /prefetch:8
2⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
2⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
2⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
2⤵
PID:3592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6296 /prefetch:8
2⤵
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2208,7393821317648387297,16154950147718876965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5248

C:\Users\Admin\Downloads\AppGate2103v0115.exe
"C:\Users\Admin\Downloads\AppGate2103v0115.exe"
2⤵
- Modifies firewall policy service
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5356

C:\Users\Admin\Downloads\AppGate2103v0115.exe
"C:\Users\Admin\Downloads\AppGate2103v0115.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4292

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
1⤵
PID:5636

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
1⤵
PID:5656

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff820d1ab58,0x7ff820d1ab68,0x7ff820d1ab78
2⤵
PID:5384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1960,i,3128532519416721366,5102264055904789323,131072 /prefetch:2
2⤵
PID:5608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1960,i,3128532519416721366,5102264055904789323,131072 /prefetch:8
2⤵
PID:5680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2180 --field-trial-handle=1960,i,3128532519416721366,5102264055904789323,131072 /prefetch:8
2⤵
PID:5788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1960,i,3128532519416721366,5102264055904789323,131072 /prefetch:1
2⤵
PID:5924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1960,i,3128532519416721366,5102264055904789323,131072 /prefetch:1
2⤵
PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1960,i,3128532519416721366,5102264055904789323,131072 /prefetch:1
2⤵
PID:4364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4468 --field-trial-handle=1960,i,3128532519416721366,5102264055904789323,131072 /prefetch:8
2⤵
PID:5128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1960,i,3128532519416721366,5102264055904789323,131072 /prefetch:8
2⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1960,i,3128532519416721366,5102264055904789323,131072 /prefetch:8
2⤵
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1960,i,3128532519416721366,5102264055904789323,131072 /prefetch:8
2⤵
PID:4380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4024 --field-trial-handle=1960,i,3128532519416721366,5102264055904789323,131072 /prefetch:8
2⤵
PID:1196

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4468

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
d777a127b413028583acc4ad452aa11f

SHA1
715a92ee2cfc2815fe4c94f0dc0fff55bac4ab5f

SHA256
375da88d437018886525f28c32e403c156b351d0c70f73e978687555cf79ae87

SHA512
9780502b7602f1971886da25a692b1e8eabf57718bafb31858e5e679e13a26b849113da70484edcb62d1286aaf07e388c2a65b56eb3f4c60cc965c2b5db27b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
ec5432dc7da60e55134b2508b29ed1bf

SHA1
467bb534fd3674182b7a56a4e563b663bea2f905

SHA256
f5f123abf849265054bd0199ca34e40a1a45a340aefc00ed1e0d10b184a507d4

SHA512
677e532190a7aca409b5b390e19010d0e979df2400f3998df3797d4e08e65751039083d370ff66ee0c40aa55d6db6d83ce79872d31332da04e58ef62c1792f6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
4a11c95a0e0cd073097867f383fbf8b0

SHA1
d4cd90217ddf484815d67623664e06a7037606dc

SHA256
ed8d848805846358ef740231c03fd0a5e40995adde7cd263a4f9ec38d6e290e6

SHA512
9b8aa10b91179ca3bee51bbdcdd9c77a6efe04e97375b0fe80eddcac90b8d6bb41b62a53c5631ba3c4f3cc2ca728ccbf3617924e56e45e4233779f206358b1d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
502a921148c62910c124082145ce9f03

SHA1
100fb8061432bafd3e6cae2e363d14aeac3e932a

SHA256
c0d97343cd8273c6c30561ec4597fd673452e06d7e081a32e4b415f174b51d8f

SHA512
3aef6702a8a505aa1b5707825bd5ee3379710a2d518df8b0105f802277ad9408b25b276d7ea754b15d6f6c2cdc8e2fd7ea8ceee3434eaaedefbebff41c4f37a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
281KB

MD5
e02e7ac63ae35f88b8460d90034c1892

SHA1
81157ee5c70d6429fd53bb2231385c977e18699a

SHA256
d31f65e42ce55e26f9bcf88cbfe316e020009b8429690d762e2642d28fef6e5f

SHA512
8fba6b7e340c585ca1ae2951f75b883feb02aeb44e0ae2a05d43b1357c8e67084ea98273f782292a0a784171c5b83330525fc888b53361afeba43bb73f1d5a18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
413B

MD5
55b3c750faf41fcf9403f278ad17e853

SHA1
bdeaa0cdf501dbbd1bdd2548f037dd469a02c433

SHA256
b6d96ea5912a5d1288886a03852fba0c19fd3f2c95e551af22da1483308253ec

SHA512
6b475169d3c931050fc4dbf58975785fbb942de1334a9224776fcd0e42b83550f4fd25d6bce996da4f9bd338afc47c6a5363cd350be3f355601909f8922aa764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
e9740b412f87d1ecaec50abc055734ee

SHA1
cdcf015dba51c9e2b07676545d96bf1c62f3352b

SHA256
f99d60cf9fbad76b8fb2b22dee29f7d9f3dcdec8fc7e351e7c3cca939f2e0fea

SHA512
cd67b54c4882340cf1da7ed20cebedc80130edc8c1aeb63d093d948058f5ef16c3ffff21998f08cb246197a255943736119f859d8d0204a3156538f39d121396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2d32987144299a2ec4302bc320abe6d6

SHA1
34f3585163077ca6d31d5f9e5f21b531531afbef

SHA256
509ff8227506b080454db229f84cf2ce2066bc6da5cc7451a8ccba5050b6e413

SHA512
94c395c530b6f47638c18ca6516c340d4422c4c80de1c28b39275a2935f0ab86da222ac006efb4766959fe47a576216c43a0cf835b8a57cd079f33297c27ebf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c73802704b6bb461ae0ff7740aacc72f

SHA1
3380a5bc0004f28c82b95f6e42b704cf275185b6

SHA256
3bd076efc4a332579d4d15f82ac525e8ef10f38415b31967d81aa8ec8850c7ef

SHA512
ea5e033298f313af8c4deeb6107f874f1c29c398e7a55bc7c9fbab7db3a27a8f132357e1c6423872dc51591d403da90144859940bdbf81200f69a5e40420e08b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
2fdd7bcc360b4600b505b11b57f3dba0

SHA1
cf703c4d2277bd8b8e18e53e8d6a64c2bbdd013b

SHA256
8b88b0b8b20fa7a2958e9bb32e6897dd6dce7ff381ec9b4a474ac33abb080b89

SHA512
1d39246b020a8899edef026b69e11ec0546d02c8c27fbd0ea52d92de125cbb4d398d47d53e05ebeebeb5f5575b956362f1969966cd14fdfddd6ee8e4cdefbcf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
6f66707092ac7c2dffcadaaf749f7170

SHA1
ebb30db01b3622bd4fff04d5590c21cc1a818dc4

SHA256
86efdb8bcb64efa9baed1fcffdf9e9c67c94f590e2a52f50a828bb09e631ade2

SHA512
a0c689b8035de7f697301b50129912e02a6222a4b260e79b898b1ec6e8f5158e8d9d324a6ab23b8c173590cec79d63cbe423f7ba44b571884dea333bd7a906c3

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\4aCQNo9OlR3kyE034vNcd5y6.exe
Filesize
8.4MB

MD5
e75b157e639b54dbd603da6f5274ae7a

SHA1
42bf3073fc63234d2c3f5c937e7ddbd069e8ed4a

SHA256
a0a8fe7208a6065d64ae9c463d64498d1808279d3aa788fa98871bc4d33466cc

SHA512
68683e9a55662322fb5eb266dcff16f26ad2923ba4fe21892d552d2f2409e3aaa86cc6d91f8d26cefbb8f98f99e19d0f5340be3094449bfa7fcd56435692cd03

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\4fMC5dN7ADUnHXFFllDmwiXW.exe
Filesize
4.2MB

MD5
b57a671d00e510a3b749fff9b03cfcbf

SHA1
76e6024670117a3f997d9b1b1bd6e5efb01a6d33

SHA256
500267d1d87474a25373ae860edbe65629b19ec4a69d7f686263b4135de3e646

SHA512
54e32fc6b3d935fbdd9e0ac835321862e66423c82c7e8340cf7f419319c9c26035c6424d8a8d29c60e46de162784049e6e285a2ff2805da2f2e71ae0e9751938

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\BpsxrNhq0qXGS7pCyFaZvA9p.exe
Filesize
7.3MB

MD5
010c8c87466abcb2a32b2163b67d68ac

SHA1
eb67d5a6af71b12bc46b57d85abe65136233845b

SHA256
c0f825b3d1347026069bac0d262107921fee18370791816661e76cb35aa4fcf9

SHA512
aced790dc6dfa85bb9162d7d23ec59cff2673046031a8bba763c49c000942335329d83e465f3b766cea2ab782ef28dbd97d670895ac57e07f986c0459e7c90d1

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\MVb4L9gECAICEeqDxN_I57kF.exe
Filesize
256KB

MD5
3252c17a431587c438a944a20a330b66

SHA1
dc061a2c033d852c82ebcc2a75efcd21b3aeeab6

SHA256
d4b99b694bf67a5eaa60f2332b493aed29aee6c6f2b204ff3d6690458d4a789e

SHA512
2b800c76706819f49f5b128292bc733f8e41407855990888e8eeb1a2c956b356ae699f00097ffd9ef2bc510ffc0ba073ea9aef8f4c3011ffb9a205af25519d15

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\TpF_IxjFobk5si63JpbCpPRG.exe
Filesize
2.4MB

MD5
0f8b01fce87324b3c2e7fa5964ae96cf

SHA1
cd0126cc397c04e8dbc75d488298c2c8b6d4adb2

SHA256
420a0afef2b1ca0becba2405377ee528cc5d1e6d903eac4e59de97b1ac22ca86

SHA512
c643bffeee45d14b6724d1b240328714440bf80959c7922a11715cbd3d7172723035a72348e079eca7edec62b8a62dae84185a16b4e0f1fb5a016d1ac4e6933a

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\UJRpk7NjjDVdyKyvIf180Yct.exe
Filesize
492KB

MD5
b37adccc006fc81e1d1b03dc40de16ce

SHA1
bcb6505a4631e83dbc2d9b5edec17c541bb64ddf

SHA256
4497b525e1f49133a01ba83f0c2340634938409d491511ef4b80525a50c14a34

SHA512
bccdfa26fe9c1cae61b014b364dc7cea42d856bfefaf7e98186aab6dde4011a078b081fffde6efbdbf670d6fd8048b916a4841da6d39a95db512d7e6e86dc306

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\XoPn1snjU_qvuP3hfAR38Jd8.exe
Filesize
10.1MB

MD5
3b24971c5fef776db7df10a769f0857a

SHA1
ab314ddf208ef3e8d06f2f5e96f0f481075de0f4

SHA256
0d990bedac4696a67ad46dbc686750086f72f4795ed8a6121782ba3b0dc736b5

SHA512
f70dccd6fd95516eac21b0cc30c70fb5f17c3c8f1f3b28fe3bdaec6053c2de53daf68caf422dea8861e4ab84f3dd7be36965c6998c1380dbf2a05a2a74b36b28

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\aLeNXi1yZQHFpaBmPE91fArc.exe
Filesize
5.0MB

MD5
3fc1f529394200426c03956364c7cef4

SHA1
526fabe86cdc747e026a471bfb6d8274db8b4a24

SHA256
3a9888a86b74398775697706a6ea0b022f6e15e8dc5c1a6a2ddcf9278c959287

SHA512
fc2f8f9a3d65849aa7e873c13c3283a4c1f5c8e0ef731082197aca91b048938944bdc0d7eab1ec89e50560628a19a1a85a1c4c8d8685b34368ca42232b152190

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\pt3CgcUQNTHxK1tpoT6BUxbx.exe
Filesize
3.9MB

MD5
c7963c85378191d91134f9e5372661ff

SHA1
3b7cb39f71defd7fe4f27d1b2d75983872824d0e

SHA256
876755be3a42103b0e6a39c83b4ce891a87d905e25d5dbadace24d1bd802f2fb

SHA512
0c121b05f59c99de25ac9466688622ee62fa5ebd26635877b198ca1287638f3f6145dcf48881764f3f4e69d6ffdff6a41efde9a5c78b05141e6199910db9278c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 16451.crdownload
Filesize
4.3MB

MD5
d25bee31c30313658d2e010c0fb5f66e

SHA1
003a49d195dd719b9af213fedcf9c39d8b6bf480

SHA256
d963acee9e469ee9b95e16ca8d4f77412663b6f92928d885cd35c82595bea7ef

SHA512
323bc94eb61a776c4a2a112d064bef17bd9874e3560040672288cd4447065dca4bc47bb346ebb13319bf999163704fc56beed345bd8c24dc487803f3a8db3dc7

Download Submit
C:\Windows\System32\GroupPolicy\gpt.ini
Filesize
127B

MD5
8ef9853d1881c5fe4d681bfb31282a01

SHA1
a05609065520e4b4e553784c566430ad9736f19f

SHA256
9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2

SHA512
5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005

Download Submit
\??\pipe\LOCAL\crashpad_3888_UWEAJMKIQEMKTLCJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5356-81-0x00007FF83C6D0000-0x00007FF83C6D2000-memory.dmp

Filesize
8KB

Download
memory/5356-320-0x0000025043280000-0x00000250432A7000-memory.dmp

Filesize
156KB

Download
memory/5356-82-0x00007FF83C6E0000-0x00007FF83C6E2000-memory.dmp

Filesize
8KB

Download
memory/5356-80-0x00007FF83E5B0000-0x00007FF83E5B2000-memory.dmp

Filesize
8KB

Download
memory/5356-79-0x00007FF83E5A0000-0x00007FF83E5A2000-memory.dmp

Filesize
8KB

Download
memory/5356-78-0x00007FF83EED0000-0x00007FF83EED2000-memory.dmp

Filesize
8KB

Download
memory/5356-76-0x00007FF83EEB0000-0x00007FF83EEB2000-memory.dmp

Filesize
8KB

Download
memory/5356-77-0x00007FF83EEC0000-0x00007FF83EEC2000-memory.dmp

Filesize
8KB

Download
memory/5356-83-0x00007FF797D90000-0x00007FF7985A4000-memory.dmp

Filesize
8.1MB

Download
memory/5448-101-0x00007FF797D90000-0x00007FF7985A4000-memory.dmp

Filesize
8.1MB

Download