hxxps://nezur[.]net/Nezur_Launcher[.]zip

Resubmissions

14/02/2024, 16:14

240214-tpw75sgb57 4

14/02/2024, 15:59

240214-te2d4sfh52 8

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://nezur.net/Nezur_Launcher.zip

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
1592	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
3432	setup92645010.exe
3408	setup92645010.exe
2580	setup92645010.exe

Loads dropped DLL 64 IoCs

pid	Process
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3408	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
2580	setup92645010.exe
2580	setup92645010.exe
2580	setup92645010.exe
2580	setup92645010.exe

Checks for any installed AV software in registry 1 TTPs 8 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	setup92645010.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	setup92645010.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	setup92645010.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	setup92645010.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	setup92645010.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	setup92645010.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	setup92645010.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	setup92645010.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1815711207-1844170477-3539718864-1000\{14C3FDF8-2D4B-44B6-B9A8-2B26EBBDF2DD}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Opera GXStable	Roblox Evon Exploit V4 UWP_92645010.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable	Roblox Evon Exploit V4 UWP_92645010.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Opera GXStable	Roblox Evon Exploit V4 UWP_92645010.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable	Roblox Evon Exploit V4 UWP_92645010.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	setup92645010.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup92645010.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup92645010.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 116209.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1464	msedge.exe
1464	msedge.exe
3440	msedge.exe
3440	msedge.exe
680	identity_helper.exe
680	identity_helper.exe
5008	msedge.exe
5008	msedge.exe
5068	msedge.exe
5068	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
388	msedge.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1592	Roblox Evon Exploit V4 UWP_92645010.exe
1592	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
3432	setup92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
1592	Roblox Evon Exploit V4 UWP_92645010.exe
1592	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
3432	setup92645010.exe
3432	setup92645010.exe
1592	Roblox Evon Exploit V4 UWP_92645010.exe
1592	Roblox Evon Exploit V4 UWP_92645010.exe
3432	setup92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3432	setup92645010.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1592	Roblox Evon Exploit V4 UWP_92645010.exe
1592	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1736	Roblox Evon Exploit V4 UWP_92645010.exe
1592	Roblox Evon Exploit V4 UWP_92645010.exe
3432	setup92645010.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 2892	3440	msedge.exe	34
PID 3440 wrote to memory of 2892	3440	msedge.exe	34
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1492	3440	msedge.exe	86
PID 3440 wrote to memory of 1464	3440	msedge.exe	85
PID 3440 wrote to memory of 1464	3440	msedge.exe	85
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87
PID 3440 wrote to memory of 1332	3440	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://nezur.net/Nezur_Launcher.zip
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee4ba46f8,0x7ffee4ba4708,0x7ffee4ba4718
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4616 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6288 /prefetch:8
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068
- C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_92645010.exe
  "C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_92645010.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1592
- - C:\Users\Admin\AppData\Local\setup92645010.exe
    C:\Users\Admin\AppData\Local\setup92645010.exe hhwnd=328200 hreturntoinstaller hextras=id:ad413892c2b60f5-RO-8jA2z
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks for any installed AV software in registry
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"
      4⤵
      PID:320
- - C:\Users\Admin\AppData\Local\setup92645010.exe
    C:\Users\Admin\AppData\Local\setup92645010.exe hready
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2580
- C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_92645010.exe
  "C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_92645010.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1736
- - C:\Users\Admin\AppData\Local\setup92645010.exe
    C:\Users\Admin\AppData\Local\setup92645010.exe hready
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,1764198704824575469,10310126071813255483,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
1bac88119d73b08d53ba32ac0ece3388

SHA1
2c4c95afe28554c557e4635f1e16cc363b8ba618

SHA256
98c2db5f24c693e7aec5acf5dd3f6642ed602726fb9df94b22342a5fddd11880

SHA512
5b54d45246920f77c3a333729f3c804afcc902385c0334949e2eb8995d551dad9aafbe4efa08e53889f16cca32cc909ce194d2ea11b7d9b48ee50c9eb54ceb99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3465EF07B9A6512425B2408FA7DBF4E5_F38ABF5BFFF4E687C6F66BAEAE5ADE1C

Filesize
471B

MD5
e851ab711d569a1d63809c7cf1132182

SHA1
5054b8cef471c1ff05da7f6a1fddef4191a3e614

SHA256
4b87afa202210b34f3358014e69a76a56c7bb7bb7eedb5bd98770e709ed6cb38

SHA512
42daac8e4f5558b3a6341e3d750217a37d0a7239a7ca5c1e4ab887d5b37cf96565cd2e9797910d2c682a3bb1592308fee6df1e87f74648740d3c8776cbe5d488

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13

Filesize
724B

MD5
037ae8164352ca91e80ad33054d1906d

SHA1
1d6520e9f51637e61ee4554393f5ac5eddb18ebd

SHA256
07c018eb07002663d5248daa8a65eaf587955e3db45735e7e3ac9cb13d7d664e

SHA512
a092a9e43bb47bdb0e081bd4f2c0ef7c6f0ab9fbe3babd624d577186ba52e52e86209a527ced887275b74aa127b03e83c476a2a39a1d6dcf0ba1d024e7bd7730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
ca8126a0336a45bbb597b6bb94853761

SHA1
da5ea7ce419f01be2aaa3ffb0309560547a76e37

SHA256
15cc9ef91a30a4b582bdcb4ab9ecca3dc2f908d603504faaa01a2aeee0bef12d

SHA512
e576dcb554d08c42618baa92ba09c80a0a2eb5b89a168ecf2bb6ebe34bd51d3f674f41ddd961839f2af9d12442b8ed49e3ca2685a4d6c9ef2b5b41b13753d071

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
c5d306bb9d1de70dd19f3376fd1deab0

SHA1
0fb9d4e9b4e397c1186b712e970c6983a9360f32

SHA256
4e4d52d9cd73097653e74e15ada38bb3d13bcd3e07588e7b2c97a8a0b53e625b

SHA512
bee492d24d85ef42ad38872e1eff9e87ff669b883776652eea30e944793be4102fdb1e761581b92d5e80c9a4785d5649568c10677adaf488dcacf61b305d63f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3465EF07B9A6512425B2408FA7DBF4E5_F38ABF5BFFF4E687C6F66BAEAE5ADE1C

Filesize
430B

MD5
17c5271735c8b487da68ca365dab8246

SHA1
f135b14065dc38aa0d0d37b6aa5c935e36c927fd

SHA256
398cb6524ae05da8f1de405ea969ed97cc47c245b0bc2eafc905ce9445dc833c

SHA512
69e92bbdc015323f425c011658f3600f6ec6894e358e02b76c64866bcb893c9aadac871a03f61f1e3e61003cc59bf7063a59f6592688eba61d7fd967a94160c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13

Filesize
392B

MD5
d6b2057a11120f188b291870ad8ce183

SHA1
28bada0a852e77261dee8d8402dbb837f6782e44

SHA256
0632d5200a0191b7740a8ae6377e370c9be846919f05d659fcd804ef5619e3ce

SHA512
0b361bd24cde70e8cd73205e55f66c8fe34eb88bc29c7b5a25787e936c399adb616de4d115926a7a66c53ee1e3e20c4a4daaa462f561c728ddd63972e1b8267c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\197289f8-0889-4653-8950-7289d7b1f7d8.tmp

Filesize
9KB

MD5
44e5c3c35d17d2d18caaae7e9a08fb8b

SHA1
1caddf8493833a703a5a7e371d3a637ce5f018f2

SHA256
658d3dd2370262ccaea464a296198fb784141e64439bc9ea7e1578c1652628f4

SHA512
5de3ed2c4932f82f742ae3965a7bf56cb239091cdd1ecad288b4aeded2cf2f98237212473d4abe71bf72892d60903d319f51dae14735abb096ddd234e71a4ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\550202df-fe67-4622-a04e-bee7b845c7fe.tmp

Filesize
1KB

MD5
19047804c0dd5f6023212ffbd19b0290

SHA1
8b0ea85ae47090540f25a82af721c25539c7af0b

SHA256
9cd4ba28ff0b1dd7a845b20eed65131f17ba5a27aace18172047b521f2323d61

SHA512
5903ebfb63a81e31404c870761bface372bfeb26a3adc9feda581b8ab0749d5927ea7af2ccb04517c9c202da3f026dc19982e2b8b4c19fcf55401cee2ff90d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
28KB

MD5
e969e99f960c2a9c52616ed38a74af82

SHA1
0dbda7fb75e89704519d6af653cedcb760ad78a4

SHA256
c02e3222ba87462777803058a8bce8a643342db13fbd74f242cd320ef9921d5c

SHA512
8414ba71d1eeba0fcaa37225b321910ad6c7a3930b16ae4ec286a8ad9c4ad93437e6bcc50ec6cfdad6fcaffbb32f2e4c61bbc9ec9053749c91a2d90e3860feb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
07917e07d6e233b89f4d254dd612aa8d

SHA1
1a4d73470c380be3f01eef133bdb4df32facae85

SHA256
9d4c742ace35aaf98b2824219398d0f433ffdd8eb3337892474f08828ddc4b7f

SHA512
79dc109b9d39e4dc89058080498aa80334ec5c3340dbd556d8a39a30c779dcae2cf405106999c2a5b7883126996dd1c72d94479eb52aaad7e69a9e98c2461c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
959fb4b00721432d23c64b50a21f0062

SHA1
a88e15dbe4f3ffc51672ba00b24cbf871bf54579

SHA256
888b3c6464d7f513e7ed2270bd74e74f79a4d2b0ecd34cacb12a0941e2b7a345

SHA512
5d17c0fd003eb6fd4426bfc312bbe4bebbb8a34581a00f421ba8a154caef79b55d243153db464d6be69b243118f5f6e3760c9851a5e4fbad62e489c37e8297ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
527509637be3717c439bc45a75c606f6

SHA1
cf265a577e532ff773774f9479b31f3023087313

SHA256
25ada64e363866b26cab5957cbc57ecea24be70719b57b502a71c0608ee78075

SHA512
55397ca931f579e36de851af0c483ea2a7292f2c4fb0c88f9e2586405cdc0a83e9fad7cb4c9cec185a98c18a2527734ce165f717ef2a186c23eabf7bc5f6445d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9fed8c8129c9644b22492cce03faf249

SHA1
9ea5f09af70d01a4d5536b45b9a078b6ebb1ecf0

SHA256
1ae28ce654e789a0306ed3967e893e582862d184ddd4f412746cc3ac6640a6c7

SHA512
294707bb576e0c1d34943990a36a034a3d513537f56a3f996f760d60eb700439885555289072ae0e8b37c59e18c455df7299c73059608f06459a1258acb17ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6d38de140492b9ffc93f9077d60c0584

SHA1
468b0fc16d4ed206413f69661b0a8216b190e02c

SHA256
1cd892e4269acf1ac7ff55563b2c9768c20ac26eb17aac802ddbcfd97ab498ee

SHA512
cef80b9f7476a7a67c14b3353d288fd28595794f8d8d1e7d59ae40b859f8ac2f70e49ff63bea04137da475eeb3562e9aefd7d2952939e5b09e2db8b93374fe06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
108975d32373e7bcf2443eefb45a3681

SHA1
5036ffcd6687d4e8354652343b24ac703def2942

SHA256
438f41b0ee5a333f8dbf640fcf8b2cfbbbbcafdfacb937c4db1cd669268d5f25

SHA512
e41e8d466c072e33cb091d8565b216eeed36b6c0808faa2bcf40fac56ee2ca0525bfe3cca0e68fb535d8d0693dc0aec00bde0b0f56929e0140ff56cb5fc5ec47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
49e0fca812d8181cf844bad37247a215

SHA1
3b9649317e142b3b810cd97b6d2c0fe83e044ddc

SHA256
ff0c6b5e3f4df469eb153f4debf9ae930e894478a5168154c3b4d679a0c446ef

SHA512
175b2a0122545c6a9b9e000716917b89e954fdd309bf52e5fe24bc37f2ef54f17d7105d23b69faabde509429af611fad2635ad6ecb9f7a663a3e8eb801e8deb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6fa9a95a90040bea26f844e96c572207

SHA1
0687841a3186c70201254ba78c3963308bc53f7c

SHA256
d04c7cd0c1e2a2979a22771374b0b4a39328bd39ec6c9fc887f1029576f5dc70

SHA512
473e81532410be9e993ec970aa08e41f2c31b4c49604b96d305bf331341c724552500bdd86156e1213127748666a12576c0b96325053a56332465882654d25a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d428abc9a3dd2a9f4812786b02ca29f1

SHA1
d2c5a2c877533fd9dd2dd736156ffdc2575bcf9e

SHA256
4265acb4812e85c084badc65abfba0ad88b349f934ea2f9f48ade80867923786

SHA512
9212f1b70528617449364ce09b1d53369c43697de4759a233347d55fa5bf6171826de6e7ac2deafc9d035f2e9b884f74f0c54450777614a42f75f24281e15670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4e21d2182fc9bb90593eea6ebc5a3db7

SHA1
eab86d9d1fa6a2034eafe082f2e8d5917042a4b6

SHA256
e40569e0c61a061172e2ca290787083ea52fab87ed87117cde64237815c3cbc3

SHA512
0b67f1030aa072a854559d7ebc8a6043e1905bf0f3c06a086902914df42ade4ff50b7b5396a41a20103f395f3e343bd42e2e2a6fa862c74105f9baa3ae39b8c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cc71ea10f4b5d944e8b5daa1c93bc44a

SHA1
b2dc876a195416d506f57a339adc9f6b99562ed5

SHA256
2858454d7b796ae99ab9cb899f962700b4261d365be62bdf606e0f036c951284

SHA512
f670294fc5e0d3719518dd8ec28b95092e2eb37a60ab07c7e885953b38bcd7ce3a6baa945b45253f132a2e6cdaa461b7fb967b343d64dd7888ee4a3d2062ddf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc3364e2039a4fab264f624f187bb854

SHA1
48d55af968ff8dce8ce2bad5b00bd584f956992d

SHA256
51c2dbe865bbef1eea92db02bb535375666dfb13f0413756a97380d426137a2b

SHA512
0ca5b7aec7dd45f199da0719518d88810525b66a9eebfc8371a8e204dbbaa3069b862bff5bf729263b1060e3c40642951e51878df643f9581d8848ee61569744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
888cac2d2f2ab6b7771597bd10bdf908

SHA1
5dc50ef7a12867abc087fc9e88d922d1cd7fdc17

SHA256
8c2d90385262b2d816db43e932e12ba9440e0fb8e7f63eddf09d0f0133ef7823

SHA512
4cd31ad439c62a86f1ce2267dfefe9043789fc757dd6567d5bc45d50b0c604b4d7f015b2f9b63901913eb968197a33aa5eced48a905bd0ad29b00b71619630c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5865d9.TMP

Filesize
1KB

MD5
c00b620b6d3282494e7f865821c87ddb

SHA1
68a1869b15471d23d99cb8d5f7e8ab0fa877d04c

SHA256
a521e39face8cf20fa753533fbc48050c4e82bbebd42f7b506406e6a99fb2dd6

SHA512
1163742957eef3be193ad9208b5b4ff77fa67b2ab963fcfa97f046d7f97ae55c4dc90835638a017a88c0bb6a808c260cbff7a1b9d87d3c6585c515c6cce683d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1534c31142b955e8d98c94951adc2556

SHA1
2b613ce53387b8b47d5c3e0b24e68961761bbee1

SHA256
a7b781183fb3e67bdbd3b969c354942d829edd2b1a9ab3625362d76002b9afdc

SHA512
c783ff4fcea2ea6e742d408c6c077ce42e3cb7f92c94addb89f423007fbd603d6c6ae1d5bbaaac975097d27d5d04b34ccb4a2fb8e1d74d70b5b6bfaadc37762d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4d926a8cc409941cc8860576fc049fd0

SHA1
9e5efd5832e4519362dff03e5b673907a7a24819

SHA256
6ad0ca883a3cf62630464e9796f742994fecb4a320a758ea8d78c29c0b96a266

SHA512
e8f31a331333470074e00b9fefebd95e4cc862aee65c2009387c627b7f29121d7b242d2128810f427f9a6c8f6bc9a639468e80de3aad91aab8ce893e78def8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4848fcd252adae0389ad6596249f85ae

SHA1
a5286a62ae26b45d0835ac1fa01817dc4a1c0cc8

SHA256
e99c255e693dd8ff3de8b1e82748b607116ce5e2ff0ee20d50cc3887f249d5e6

SHA512
8c285fdc81c4cae0891396995c1ad67d20942325c6f88e138e531e36be0d3caec4099c744e8dbbbedf36f7611fd9120857fdf382d6d206d8ca67ddab29348706

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll

Filesize
5.7MB

MD5
38cc1b5c2a4c510b8d4930a3821d7e0b

SHA1
f06d1d695012ace0aef7a45e340b70981ca023ba

SHA256
c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2

SHA512
99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll

Filesize
15KB

MD5
422be1a0c08185b107050fcf32f8fa40

SHA1
c8746a8dad7b4bf18380207b0c7c848362567a92

SHA256
723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528

SHA512
dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll

Filesize
75KB

MD5
c06ac6dcfa7780cd781fc9af269e33c0

SHA1
f6b69337b369df50427f6d5968eb75b6283c199d

SHA256
b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d

SHA512
ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll

Filesize
19KB

MD5
554c3e1d68c8b5d04ca7a2264ca44e71

SHA1
ef749e325f52179e6875e9b2dd397bee2ca41bb4

SHA256
1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e

SHA512
58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll

Filesize
119KB

MD5
9d2c520bfa294a6aa0c5cbc6d87caeec

SHA1
20b390db533153e4bf84f3d17225384b924b391f

SHA256
669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89

SHA512
7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll

Filesize
8KB

MD5
be4c2b0862d2fc399c393fca163094df

SHA1
7c03c84b2871c27fa0f1914825e504a090c2a550

SHA256
c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a

SHA512
d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe

Filesize
26KB

MD5
cef027c3341afbcdb83c72080df7f002

SHA1
e538f1dd4aee8544d888a616a6ebe4aeecaf1661

SHA256
e87db511aa5b8144905cd24d9b425f0d9a7037fface3ca7824b7e23cfddbbbb7

SHA512
71ba423c761064937569922f1d1381bd11d23d1d2ed207fc0fead19e9111c1970f2a69b66e0d8a74497277ffc36e0fc119db146b5fd068f4a6b794dc54c5d4bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll

Filesize
172KB

MD5
b199dcd6824a02522a4d29a69ab65058

SHA1
f9c7f8c5c6543b80fa6f1940402430b37fa8dce4

SHA256
9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4

SHA512
1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferPage.html

Filesize
1KB

MD5
9ba0a91b564e22c876e58a8a5921b528

SHA1
8eb23cab5effc0d0df63120a4dbad3cffcac6f1e

SHA256
2ad742b544e72c245f4e9c2e69f989486222477c7eb06e85d28492bd93040941

SHA512
38b5fb0f12887a619facce82779cb66e2592e5922d883b9dc4d5f9d2cb12e0f84324422cd881c948f430575febd510e948a22cd291595e3a0ba0307fce73bec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Config.tis

Filesize
291B

MD5
bf5328e51e8ab1211c509b5a65ab9972

SHA1
480dfb920e926d81bce67113576781815fbd1ea4

SHA256
98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b

SHA512
92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\app.ico

Filesize
766B

MD5
4003efa6e7d44e2cbd3d7486e2e0451a

SHA1
a2a9ab4a88cd4732647faa37bbdf726fd885ea1e

SHA256
effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508

SHA512
86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll

Filesize
128KB

MD5
b2224e70faaeb3a66e3a75ae5a46fbca

SHA1
e6bbdad69d488360c7cc81b1c0492a9c7241c38f

SHA256
76af79fb18bb4d4ae6ea1c20dcce5d625fecdcbd1df27b48bfe82f871f1138ef

SHA512
d30492f818a962727f19e561a7ebe4a4998bfa40aa54c186b1ab1f73cbdf5ad5ffca527b5a8c35de2d042b088e962b7244f8b403186eb0f038303b9a5b06460e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\setup92645010.exe

Filesize
3.8MB

MD5
29d3a70cec060614e1691e64162a6c1e

SHA1
ce4daf2b1d39a1a881635b393450e435bfb7f7d1

SHA256
cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

SHA512
69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-us\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f145ec5ac78108cb5ea050202f13fc91

SHA1
1be7d1221e86d37874465c0d0e2643c0c0157213

SHA256
0e1e29360466db227030148d1e6299c2308137829124ee12238a7b6ca05e6b1a

SHA512
94702f1431d70d22ba06386d0092871ef2dfba4fa2c6c01686596debfa013f7de1df99c9d47630babbd6c6d47e242b12a9d42bc910e8e24abdfc0ec975fa114b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f1dfb6bfc871a825ed8a3d2c3d547b99

SHA1
2b1a7f8bc59a3c75c4df236591588e6b277dfa2a

SHA256
3735ec08051804443e09c1ee3cff3f56d8c4a516c0e869baa23bc9749efee5d3

SHA512
dbd2d000aead11757e10288dd9001a9be0815ff9cda83f85f9fe1cd8d70debecb8127e50148b4967fbad8f3b9148cfc7e74ac6db4b8f7cdb52c0fa8f35b9d6c8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
9b8a7adb9e8590aa7da5a80c7685172f

SHA1
cca58ebf83cb050acf3cf9d2f283208eaddf0599

SHA256
955a5ad90a604173ce3d9b217e59429a6afd79f2e2dd0870d68a759f3bbf2218

SHA512
eef650490057033d49eb423486adc5f328d50011bb6c57eaaa0b400565fa3fa1e1253780381053ac37d40c4f2c0e44bd5852540e6c8063635cdd19268241d9be

Download Submit
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_92645010.exe

Filesize
8.2MB

MD5
8e7d2c96c019279bb7ae1fd235d5faf8

SHA1
3f27511b6228ccf2c8e00c31cc52a1517c5d2994

SHA256
b003afc8c0cdc7a1736a595cd115ab82da511c5690cd7e99213b78ca6f2a70e8

SHA512
a26d2fa08b7de43fb2a14caf1aeb6580fc8773bcf35d759d25c7bad4582eab2298bfc0d9a028e5b37f545b48df2a916981f3fe1baa3b4c8bde16da383d08a5e7

Download Submit
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_92645010.exe

Filesize
3.8MB

MD5
75ebd4401a79d961d0c979fc07263e97

SHA1
744ccf3c2b7b3d2ed1db3cdb109df03fd5044b5e

SHA256
f227bde0b0a7036de965d6eba8a2be3d47abeb2762b6210751099551755762b1

SHA512
3b521ef1c90265bf55ef34a7a51d91c69614d24fba808390b67a573ab1d888ca9d339a2f686e29b3ffbe31d333859e874b02313a3994c06ae4993eb4c7216f3e

Download Submit
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_92645010.exe

Filesize
3.7MB

MD5
784c53d3d2717fa2eb9538d87f2cb92e

SHA1
b931bb914eed1bb548ca8f7f3a5ee456abbc6ea2

SHA256
4edf9c7a89de6b0d6f32d481b5be84fb037b2604b669ca25784e4581020f64a0

SHA512
00d2faf0b7c2943729d151b9d99c5fe1d2f4df057d1c2ddcd5b7dd8d02a85294ae1e38ffbaac1375b78001eb39c4683b288fdc44f29c90d991ddca073cdc48d4

Download Submit
C:\Users\Admin\Downloads\Roblox Evon Exploit V4 UWP_92645010.exe

Filesize
3.9MB

MD5
95d0e28f43b8c45218fadce646892113

SHA1
3f01d45f648345f01d21ad3598c90228c348b667

SHA256
c9f702ae944cee21d234e560c757aeb49a72ca4327944af8026ced2300a2b9f0

SHA512
2bb24e793eb827ba6b3a9d27891083e78e5fb34093eea7cd591b9e3a57158d3f18b95959332d28eac6b52f9b3919caa019abe2f99b267c1699228d61a8db2364

Download Submit
memory/320-1108-0x00000000720A0000-0x0000000072850000-memory.dmp

Filesize
7.7MB

Download
memory/320-1107-0x0000000000860000-0x000000000086C000-memory.dmp

Filesize
48KB

Download
memory/2580-1020-0x0000000004E70000-0x0000000004E80000-memory.dmp

Filesize
64KB

Download
memory/2580-1019-0x00000000720A0000-0x0000000072850000-memory.dmp

Filesize
7.7MB

Download
memory/2580-1109-0x00000000720A0000-0x0000000072850000-memory.dmp

Filesize
7.7MB

Download
memory/3408-967-0x0000000005800000-0x0000000005810000-memory.dmp

Filesize
64KB

Download
memory/3408-960-0x00000000720A0000-0x0000000072850000-memory.dmp

Filesize
7.7MB

Download
memory/3408-1071-0x00000000720A0000-0x0000000072850000-memory.dmp

Filesize
7.7MB

Download
memory/3432-1027-0x0000000007150000-0x00000000076F4000-memory.dmp

Filesize
5.6MB

Download
memory/3432-927-0x0000000005710000-0x0000000005738000-memory.dmp

Filesize
160KB

Download
memory/3432-1009-0x00000000065D0000-0x000000000665C000-memory.dmp

Filesize
560KB

Download
memory/3432-947-0x00000000057B0000-0x00000000057D4000-memory.dmp

Filesize
144KB

Download
memory/3432-1014-0x0000000006550000-0x000000000655A000-memory.dmp

Filesize
40KB

Download
memory/3432-1015-0x0000000006680000-0x00000000066A2000-memory.dmp

Filesize
136KB

Download
memory/3432-1018-0x00000000066B0000-0x0000000006A04000-memory.dmp

Filesize
3.3MB

Download
memory/3432-998-0x0000000005EE0000-0x0000000005EF2000-memory.dmp

Filesize
72KB

Download
memory/3432-941-0x00000000056E0000-0x00000000056FA000-memory.dmp

Filesize
104KB

Download
memory/3432-1024-0x00000000065C0000-0x00000000065CC000-memory.dmp

Filesize
48KB

Download
memory/3432-935-0x0000000005740000-0x0000000005772000-memory.dmp

Filesize
200KB

Download
memory/3432-966-0x0000000005870000-0x000000000589C000-memory.dmp

Filesize
176KB

Download
memory/3432-1031-0x0000000007CC0000-0x0000000008274000-memory.dmp

Filesize
5.7MB

Download
memory/3432-953-0x0000000005790000-0x000000000579A000-memory.dmp

Filesize
40KB

Download
memory/3432-1042-0x0000000006DD0000-0x0000000006E62000-memory.dmp

Filesize
584KB

Download
memory/3432-1057-0x00000000098A0000-0x00000000098CE000-memory.dmp

Filesize
184KB

Download
memory/3432-919-0x0000000005680000-0x00000000056AE000-memory.dmp

Filesize
184KB

Download
memory/3432-994-0x0000000005800000-0x000000000581D000-memory.dmp

Filesize
116KB

Download
memory/3432-911-0x0000000005650000-0x0000000005678000-memory.dmp

Filesize
160KB

Download
memory/3432-1089-0x00000000720A0000-0x0000000072850000-memory.dmp

Filesize
7.7MB

Download
memory/3432-1090-0x0000000005700000-0x0000000005710000-memory.dmp

Filesize
64KB

Download
memory/3432-903-0x0000000005620000-0x0000000005644000-memory.dmp

Filesize
144KB

Download
memory/3432-891-0x00000000055D0000-0x00000000055E4000-memory.dmp

Filesize
80KB

Download
memory/3432-867-0x0000000005700000-0x0000000005710000-memory.dmp

Filesize
64KB

Download
memory/3432-862-0x00000000720A0000-0x0000000072850000-memory.dmp

Filesize
7.7MB

Download
memory/3432-852-0x0000000000850000-0x0000000000C28000-memory.dmp

Filesize
3.8MB

Download
memory/3432-959-0x0000000005820000-0x0000000005828000-memory.dmp

Filesize
32KB

Download