40da1cd16fd7dff442fbf3241b58b5857012b0f3c28d84c59b7ff5b97f0ee735

Resubmissions

15-08-2024 00:06

240815-ad6gwsydjm 3

13-08-2024 12:24

13-08-2024 12:19

13-08-2024 12:11

13-08-2024 12:03

13-08-2024 12:02

Analysis

max time kernel
489s
max time network
492s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
13-08-2024 12:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rocket-league-spotify-artwork.png
Size

833KB
MD5

28952f1e3e40281a2fab2de9f228bc8a
SHA1

b4db183ea6ad6b6cc31c8cae5c6feba5352a1242
SHA256

40da1cd16fd7dff442fbf3241b58b5857012b0f3c28d84c59b7ff5b97f0ee735
SHA512

26a4d65a82d7594dd7cc65ecf372cd4abeb2367b7dc4589eb5e1ca55b868fae15995f0f3921580348d46e1bf2a6d803ceaad48792dde38c90ae593de8088d0b6
SSDEEP

12288:BXhYChvXgQEOUmrify0TXJq8UXyTIU8sGEcqu6vO3QSWh8Xsq0BD4jJyJoc2HaP6:jHFgQEjQsq3yckGDP3Qvq0BD4jJyJoB

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
484	Setup.exe
1916	Loader.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1916 set thread context of 436	1916	Loader.exe	161

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3761892313-3378554128-2287991803-1000\{2D54F70C-BDFA-4A54-8BB9-1CD9DBBBDE47}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Game_Setup v4.19.rar:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\roblox hack 2024.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
3704	msedge.exe
3704	msedge.exe
4916	msedge.exe
4916	msedge.exe
1916	identity_helper.exe
1916	identity_helper.exe
2368	msedge.exe
2368	msedge.exe
5140	msedge.exe
5140	msedge.exe
5140	msedge.exe
5140	msedge.exe
5140	msedge.exe
5140	msedge.exe
5636	msedge.exe
5636	msedge.exe
484	Setup.exe
484	Setup.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4712	OpenWith.exe
3496	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: 33	3904	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3904	AUDIODG.EXE
Token: SeRestorePrivilege	4596	7zG.exe
Token: 35	4596	7zG.exe
Token: SeSecurityPrivilege	4596	7zG.exe
Token: SeSecurityPrivilege	4596	7zG.exe
Token: SeRestorePrivilege	4948	7zG.exe
Token: 35	4948	7zG.exe
Token: SeSecurityPrivilege	4948	7zG.exe
Token: SeSecurityPrivilege	4948	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe
380	msedge.exe

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
3044	MiniSearchHost.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
4712	OpenWith.exe
3800	AcroRd32.exe
3800	AcroRd32.exe
3800	AcroRd32.exe
3800	AcroRd32.exe
3496	OpenWith.exe
3496	OpenWith.exe
3496	OpenWith.exe
3496	OpenWith.exe
3496	OpenWith.exe
3496	OpenWith.exe
3496	OpenWith.exe
3496	OpenWith.exe
3496	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 380 wrote to memory of 4220	380	msedge.exe	88
PID 380 wrote to memory of 4220	380	msedge.exe	88
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3336	380	msedge.exe	89
PID 380 wrote to memory of 3704	380	msedge.exe	90
PID 380 wrote to memory of 3704	380	msedge.exe	90
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91
PID 380 wrote to memory of 3400	380	msedge.exe	91

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\rocket-league-spotify-artwork.png
1⤵
PID:3068

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff04a83cb8,0x7fff04a83cc8,0x7fff04a83cd8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1624 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8664 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8672 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7972 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,14460695564139850429,6533053141820364441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8680 /prefetch:1
  2⤵
  PID:3388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3836

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4712
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\roblox hack 2024.rar"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3800
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1976
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DEBB451960B177DD9EB89F6144B6A559 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5792
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=FE62CA933459460CC2844F66FF3B8122 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=FE62CA933459460CC2844F66FF3B8122 --renderer-client-id=2 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:4848
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A96D67C865E4EB2853D2F2AD943FE9DA --mojo-platform-channel-handle=2364 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:6068
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0FDCB20156F152B885BCA234922F0E4B --mojo-platform-channel-handle=2456 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5192
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=79D8CA85CCEEEA9CD6A3C1E222E263B5 --mojo-platform-channel-handle=1984 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:1792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5488

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3496

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5808

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Game_Setup v4.19\" -spe -an -ai#7zMap32319:94:7zEvent25424
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4596

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap12644:94:7zEvent23889
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4948

C:\Users\Admin\Downloads\Game_Setup v4.19\Setup.exe
"C:\Users\Admin\Downloads\Game_Setup v4.19\Setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:484

C:\Users\Admin\Downloads\roblox hack 2024\Loader.exe
"C:\Users\Admin\Downloads\roblox hack 2024\Loader.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1916
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4a10f6df4922438ca68ada540730100

SHA1
4c7bfbe3e2358a28bf5b024c4be485fa6773629e

SHA256
f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02

SHA512
b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c3889d3f0d2246f800c495aec7c3f7c

SHA1
dd38e6bf74617bfcf9d6cceff2f746a094114220

SHA256
0a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4

SHA512
2d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
18KB

MD5
115c2d84727b41da5e9b4394887a8c40

SHA1
44f495a7f32620e51acca2e78f7e0615cb305781

SHA256
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6

SHA512
00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
18KB

MD5
c83e4437a53d7f849f9d32df3d6b68f3

SHA1
fabea5ad92ed3e2431659b02e7624df30d0c6bbc

SHA256
d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb

SHA512
c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
20KB

MD5
14c7d7b5bd6633589cac91317571d8a9

SHA1
e88ce2a6922b8cd0b853c6ec505f865a27ef6c1f

SHA256
e185743448d10775468d9d84f17ad3280ccf20857fac8b5c613bedeb7e126195

SHA512
001ac930c5201787acbca03af2cb50a6820f8df418d5239c27c09d9a07faa8d119fced1531f93147ca539967652cb8e6774a1fe0629a7dfe743b93439fc134d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
34KB

MD5
367d6749aabc56bcfd8fe6f68e8ec07f

SHA1
94603bfd837a6cc48b0b413d97e6c21294139f01

SHA256
aba7125a597cbea4846b275de47b9e35fb42202d217c321ad861b09d3b831b5b

SHA512
737b43474c49d945fcc767a082ae79734333de55374c35825993539376577af76175a966e633b8224b4ede6a42738f3298e5c42d7a307f37897857c7c65842c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
45KB

MD5
c2cbb38ef5d99970f0f57a980c56c52d

SHA1
96cff3fd944c87a9abfd54fa36c43a6d48dac9cc

SHA256
85369a1cf6e7ff57fe2587323c440ed24488b5ed26d82ba0cd52c86c42eec4a7

SHA512
50371320c29f0a682b9ae3703ef16c08f5c036e84d5056e658f5d9be7607e852adf72c13bf2d0b63fc492f5c26d330bdeb2ba38bfd8b0d4567f0cc6b0c0f7bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
1ebdf96924fd4bb11333ec842ae82b7b

SHA1
ff0de214d54b1b71622c2a284c4606eb78f741a2

SHA256
8ec90c3628de14c32963a88e01f0c0b58fef5fec55d08425772beae23856e450

SHA512
306ad4dd85242d9a260780fc33a78308769cf17688d11d4047f1d6d490f4b79c4361bf307830b6a1c2b40de9d46c3bb09626d250da5c25e7173ebc2df8c49f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
abd3c405e797e39c1df45e68ae334669

SHA1
e94fa151aeafa730cd8399218d389c47c4c5f698

SHA256
eb6f9151896a8191137549fc8cff5bd7dc9089b76d3a8a6bf4c27980b88d4d76

SHA512
ea6128883de11aae2061d2dcdb8395961541be6441cf74e1eebd09d8327abb76b5e21e8af22d20940dfba208fc7e9ccd3dc34e77ac5c4a01d5bb630cbf0aef6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7d6474da8ee7ffd9cd0711ac22a1268e

SHA1
36dbcc50c1431f0fa95ea4be8ed2cf8a5c52aaee

SHA256
40449147a7f442d0a8173521445805305937ab9825a47c0d2bae9816222d0a45

SHA512
35a0fc0a3e326f0c4ea23230abfd0ee45ab259db25fd5b18237668188c0a4236c792cfd96626a0adbde5987bccc0af82aad4ab08f7be73ef66a3df9ac7c2085d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9c7ed511fb7270357d00a5c3a38fb564

SHA1
5f6272fdf9e40515202fead4d33810a0eaa53b23

SHA256
afa69435c58b64bcba2fb76490ed4f770182928d8207822e8e0be919ee6fb45b

SHA512
06fc12e583a8187b1908df4c90bc1c5a31025924938023cfa5ddb0c349011b20e7d144c886b1cb0285cdbc575c56b62c854ea7be9a32d69ccb446fdd23fe1a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
156336f0523edfafea76ba14c35831fa

SHA1
3703a13b72fd3e2722dc22657c5acbc06e5324cf

SHA256
7e4ed1c1391eaa78d3392be3486f1a6ff47f84f2d6a9d565537b2c9dd5baaf57

SHA512
1a35afb8f068b7c8e2e9949f27c72b2180dfeb6221e5be3db9e222c1e5d6151df3290ee371942cf85d7a7362a249caa92c5fc1c9e5716617b64478d6f52201cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b8a214d5d4da1e9f2701d4eeda4881ee

SHA1
d4af430507d010ee64f80ecfadbcac5d74682ec6

SHA256
556dc2ec013539b9904fce60e7c72254b2752e2625c954f54d2827580877c0e8

SHA512
532ae44adcacea6bcb087cfc42f6faa027362c1b2cbff488de36cee69ef68a44574d379751ff8b1a1ee1b965a80a1c6045eea177ca9ad7922009c2c724af5da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a23c9fc1b15cbd417440bfec2c6e531f

SHA1
c3bf8ee0ad3bafde00b2d4f02645bfb5e554a333

SHA256
02752fca765e842512e6461b9e3ef3d28b618b0b8cdcb08163df3916fbd1aefd

SHA512
d2004dad3748f8ae630a828267d91a255ffdb8c846219c2d76ce3a2a934028a3ad3ec8260a49ed376c6e7dac1fa89528c56d48fdbdbdd40b1778693bc7bbcbae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
a4671b91c09e635d7960187a058cbfbb

SHA1
ed91b2082c12e3bdc78b4aaad7f6caab9f2f0cd3

SHA256
7bc565ae869e29201a7eebd8bb911428d9b1985256b2c5db245d0b38ebccf58d

SHA512
aed6ed3203f8c2cd5d2db71e36bfe1e10c56fb1568b4db571a2f1bc61cf7be0f489bca78427b8e66dab43b9c7087858b5542584bc761502e09f36876f93e0972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
a276e5adb163a3eaf4d0cc8d5d464afd

SHA1
632579c4d7bb7d8410f4517aa3c838cd2a8de177

SHA256
df930f34dc74d5934024e480f3f22016bc0f92250caae23c0fb60b238e2250d4

SHA512
90529baefd9013f47d53780a562e14bfdfd1cdd89eed7a6a07a5ca9c47c8993ba2e6039e0769761f52bd0c65b6f4e914e74d71b82bc6fe50a3d2df8928276d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
8919a8df3017021c309c7e2e4800f5a6

SHA1
b1c36f0e3f138ea54643b8851951b20a770fc229

SHA256
5cb6b2cc02525b466b0e0babb3e13e54a84d53ebf21490151b8c18cd2e38fee2

SHA512
914b4af6b1b336c8a381723f30f48c9868ad0d3642dbbad882c4c863878cb0df4b0ccf29bfe21ba672c210c36d4085acf9c9d38b2474825696194243a5062ca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
8e8170efa535497ef55b365020b00183

SHA1
b63704531347f5d38822564e2003e1d7fc3ba19b

SHA256
1973db59f137ec5fe7ea0ae71ea99e9eb62aec6c2254c0581ffdfa41ff71ff37

SHA512
a7f69a6981834f7225c98d2e33eb1d01e45aca7299eb46cbce07d0cac7ca89b71b8e7b917a204fe93c55ac8f54d859d50a50348f731d069a9f4b0869bd8f6cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
873af90d08dc2d34ec34cf55d5c10dee

SHA1
80d34637cf74f0f667ff5e795ea631bfa2358018

SHA256
e5ebcb18c55419771d613bce6f8008cf0be25ac4bd8628d67100cbb00ceab19a

SHA512
c830b3927e25364fa27c991e1ae708b6e7c07f19ff909469f17dd6f04e8dfc5ebf5e25e94b71d321a45796059995c28db9a33f2d9b7b31d07e9a07b4e2be4f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
85f6b072fa1545862f93c67e6f018c36

SHA1
a0531c380024e9d234bf4ee23851f1548bdff665

SHA256
ffb11a2a80af48180ddeee7053c4387e79aa315d5f016ec70d1cd8643f0c0f3f

SHA512
8098f5a9029ef4661f738066535736fd2c792db568db1446dd56b855607d742b3da1bfe0712f302b15fbf34740fc69cd2f2555f201e80907826a811248127212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
da0df4374a3c11766ad30b78003467e6

SHA1
97504f7eb40c429863628d91c947a1837a5d715c

SHA256
8142bfc2732e1249855234b9d6694e20625aae00cf9d6fafcd04102733648475

SHA512
261b6805ba02c00a05c409982ca2d6473239dfb416b9dd81ffc7e4a6dbd75d8aace425da08363f942e6711ca760b17078f4c32d54b093144b93b7995c96cf74e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8b83008a70daf86afe95ecf0a03e0151

SHA1
cdde1dfd9b4ee54461a3524bf967e1d2fd78bcb3

SHA256
9b050c4e6db87869762218eafe0cd8ebd1942528d70f7d9e96750dab07681c7e

SHA512
7a8fa68af75cf92bb08277466faffd9844e0e69d20e52458577527a2db5bc8c45508870248a8b760f9efe5ebb2ae214f83046e9355eb4ba82217d4b44930b8f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f624ad21c4cc12961eaa762029c4e9b0

SHA1
81c35559952bf4cbfe519ee5056061963cbe9416

SHA256
c5e4028141ab84e580d4b0245c169f364fd737f34e3c09d4843f482219148335

SHA512
82c8f654469ca2e9ebe22f20523cc63b996314fb139374065196976296950060275efb52ea3f7968f06179fa01f17fbd7790ed6d96039de0cfab98ee888b39d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b11d027fd3e02b42dddcf977e3006ab7

SHA1
b8e694f89339eeb5df6362dcfae5c831103d733f

SHA256
0a51d3f4a464a6c5266e6b718b6872e1708d363558a786e2fd54c35b82805f77

SHA512
59c37c2f43db1cb6d3f5c9da8206cfb2ede6dd7104c79d52de4f706347e8805cda722985c725290d6adb1b65233891482035a5d204cef53e395c7e066cfa7844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
1205cdae6eb1bc87dbbed1a99ec1c1fe

SHA1
346d40559bd780e82278214d09ea5cf71f7609fb

SHA256
11a8f2b2687485233c2c818d53d0859aca8452f0a29e00f3dac7a13e66668353

SHA512
6e035d89a1bbd44dc6fcf8560fe5eaba8937ac0e6cebe7bbf228601b0aac5e34a95207a0887115c8c27dc4cd0527ce2e73b31a2d710a86c85ecc33c30d9e1455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f8894f2e32d311a76ff6d16582cd5b65

SHA1
719ef25aeced646c8339e5acd89b2b03dead1cde

SHA256
d959817da76bf4cdebb116f858dfc01d938cf9c15f393a981490980d9ea2d55b

SHA512
b63aeeb56b378efe3d411ce45e0c9217841d50ee6df74ea32ad480176dfd2b9c43bbf4c7f7ade06093aadeaa3e49b2f3ee4df90982980861e4a946607dbc3204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eeb530dfdf7aaffb0d52818f7dded17a

SHA1
6e979a4c074cd95084b12653fb712aaf7ed59902

SHA256
193cb9f76b020e6aebacd90ae38419b0f4f2e4e3ab453bd204ef027066f8c630

SHA512
de1c417dd123a0d98dd00e7dc5dad30a7d980585eeb8ebbd1988063b253b0db4931dbfd8f7a893d52e2213434806dfb7ba0f2fb0a780f19e57d81e299f028573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
82593dc14ba38851a188bb4067d1ddff

SHA1
c1c501a9efe1f63a89cbbd184f18088f6f7ce987

SHA256
1f2a6b05337351ec2f5b06aef5e05853f3fcbe76ed4e17af5cf319026c173d87

SHA512
4d22e12e1208a4a2e7230a7a1e9004ec869b61a3e86c01ed38c0ca7b37f3c6f270b742f990064d9c31fb4dfcc327e120627cf824aab8b5976e46873299411ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7f6bff085a9388756c46765e2e99f4c7

SHA1
2df2974a33ccbd161905be9fb33456fccb51308a

SHA256
a2489071670d3d69d5c7f2bcfced64827cb6e55ce859df6e13de272dadad7c76

SHA512
9bb3b0cae1f1df60533fe25bc5173f974d316c36f725e13783461c33a00b52517208ce5fdac2b138084d2f71f12166fb2c986b742ef1ef96dac8a7799e278ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7201d4c6-f785-4f14-8b84-5f81e082ab29\index-dir\the-real-index

Filesize
2KB

MD5
3287acd54b61da9772980b02581d59bc

SHA1
d37be95c14c17c670d91f781ec8687348cada429

SHA256
12db32ca9ce5208a4f68074747a220a63d2206993b2ee6bde5c8e2f7f55d9650

SHA512
d1af5130a2eda905632647f10ff57bf7df49d25eec97e3e67f082b21e68cca890a2fa45073abd784265a048574bbea04d17f8160243c1e6561f85aaec722088e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7201d4c6-f785-4f14-8b84-5f81e082ab29\index-dir\the-real-index

Filesize
2KB

MD5
eb681a0cecaf6b82ab0eca6b40b75fe4

SHA1
66580897fdd9663167c8f36e382b63de80f7bd61

SHA256
4e91ef8ee5676885e3e3d334fa4b4526e4226fc6c40be32712ec1aa4d6d06349

SHA512
cbe2da5ff02ba3205ee7ac36084d23ed18e7ddd0b8321940633b3f13ca0105d4425528e01c15fd126f8a5909d2537bcf71d11463995251e8e2881b2bab288906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7201d4c6-f785-4f14-8b84-5f81e082ab29\index-dir\the-real-index

Filesize
2KB

MD5
44a465fd0363c07251de06dbc9da1d94

SHA1
87fddcfae385ce72c907790b9e43f16d258e827c

SHA256
6570532584504781cc4cbb782492e43e0c1ffdab8f8f243a031549745455e486

SHA512
a2e7ebfad05c8a45615c8a8dcfa55b81af75827fb18b11055eadf868e0cb0a51b22b8ba8bf36d8a53497bae2976e5abf13aa929f664b3c8f0ae3d8ed855b1bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7201d4c6-f785-4f14-8b84-5f81e082ab29\index-dir\the-real-index

Filesize
2KB

MD5
68d84c81df5bb524771a6d5d0bbe8ffb

SHA1
41606871b5b8774bddfa5658e1fbb68bf4584694

SHA256
f734b32c0b01a92f2ff2aa8c3be181ce685813422500f4ee50666fb5a89849f3

SHA512
63a51b5304428952596b3651d1527eaf2c05041e5478d4f20bccab0bdf55a0973505486f615156888aba46f65a898a6aa1762c181dc95367c41c668ad03dfbaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7201d4c6-f785-4f14-8b84-5f81e082ab29\index-dir\the-real-index

Filesize
2KB

MD5
9cffb90cd679e367695bd1adeca8a517

SHA1
e36406552614aed84ebf35af7fb3ab402d701fb3

SHA256
4ef40864416430c5af432cad35eab93896b0819017c661a9b402cf7acce1f7cf

SHA512
d3851bd8b4a74f4b9300d3b06075ca8db495b06bbdc16cb73b9c518b2ad14c1c70e1b104a1abaa0d674ea2cd3b2727671ee1d77206939eac1353ed5aa892fbf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7201d4c6-f785-4f14-8b84-5f81e082ab29\index-dir\the-real-index~RFe58c2de.TMP

Filesize
48B

MD5
a1ed84420be9a6d27720f5cc52e00193

SHA1
8bc7a7b410f731a3b13efdb8015903422f528ef7

SHA256
7c9aa9bf95f68869632652547cd9cc2dbed3c444dfddde8f19fabb698ee1b11b

SHA512
aa94972cfc3cf8124c30e87894beb8c649977f6d54a2d79259c9c1d7d17e695f9fb39bc80c76d044ebef2c3f624853571cd2c00f3c1cd57e85ff06d84248a56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9c31812e-6cff-41cc-82e5-1485077ee99f\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a6831b9d-2a1c-4b7c-aa9a-d5129ca7a18b\65150cdf46eb2100_0

Filesize
374KB

MD5
8683f2b95a9ef0515a3137da481892cd

SHA1
12e109faaf23e563fa38656baf813205ae81b02c

SHA256
9946d226e1fc06a5b943d2f69ccb1d677a925f7e1fd85a7356f31a780d514954

SHA512
6122da27df4eb885259ee676e51cd0c673f9f37474e02d45b7e750a3c1ea507aaa9d1275105a3e6a90957d938d8da1c298507129549a165e37169158e204e003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a6831b9d-2a1c-4b7c-aa9a-d5129ca7a18b\d55167c5527a3672_0

Filesize
2KB

MD5
611300cb9a9bc3643779cf7855e502fc

SHA1
a7517c43069172ac753a6843f75ef4c6905fccd0

SHA256
cb002f99e5673a6f883100da26c8c3078413c7a57b64e9789d00e1bac3f80d50

SHA512
a50a1b03f87c2455afcb96c693d7dc8837740e1237e7d204ff0497fe6a8c6f77e076524b625299a71ea547c3bd347e2f00a89e85e5051053d4447cdc9e2ad469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a6831b9d-2a1c-4b7c-aa9a-d5129ca7a18b\index-dir\the-real-index

Filesize
624B

MD5
c81b401ca872ee712f3f84ccdc776202

SHA1
b199f9ace4e4507f151d4b0ac5666f101ceb17f4

SHA256
27c409ef966bc4eb0a1116b2ba6562e05c22297cfb41935bc867ea041123c5b4

SHA512
bee523968f7256b7af84edd23b852fd82448f9cec92cd58ba8361fc877eee86ec96df277fab9764fe4d6e1033e5fc01ccb567ecd5e9e490a8bb2dda9e9f94154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a6831b9d-2a1c-4b7c-aa9a-d5129ca7a18b\index-dir\the-real-index~RFe586099.TMP

Filesize
48B

MD5
6fa793c4707926f31ebbd7637903c212

SHA1
3139afcb64fbc6b3bc2b1f7d077f6e61435160fe

SHA256
3dcfb8f384d6b059bb531a695451198cf1b5992388702c8f94d47ba6eed63ea3

SHA512
07fe6e10151f282a1d84e2f126721d4f374f6c52f7c7646c2e3c6a77f9aadd7a05d1a08907b230c18dfdd0c7d3df73e11f13619af7c6426ef595467c350a52e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
c1f3d5855d03a41b6aa8cba3200672bd

SHA1
91837fbf402d5e9fdf06a3b52dd566410b2cc087

SHA256
0f5663b49c8ce7289de89a365950e34ff0acfe7cdd8050338d30d2c6c39cb5a0

SHA512
9f230afd1002ac1245215931e0946ed6a4066ac00f4713eb8ecb5160bc6037d785d8acb6070cea77a67014c1c4b06623e1206634073a2f0e353a088c987d8b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
a6fc1dc2b83085129a99061935084fbe

SHA1
dabf2fd26a65225c17843163121d4d3d00267fcf

SHA256
89e1ec99d3a22e4a7e860e6a548e0a8c19f715aa2880114aa2d1a32c5fb506ed

SHA512
74323182ec7d124a50b40e36f59b9840bbe332c0961a616117bfb08f67c6755e63b154be0a5a65cd254b1a5b8c849e7b7568a2e72c9685b2d553d11e0cc06262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
0dcce24c874fae57ef0be6524d69ed49

SHA1
8980ef3137387ddf57ef324c1498c96f1afddf68

SHA256
2cf40057473a19aed6ba127c806be14e36687071742e15d65d21f5f9c770b65c

SHA512
497a7b04ca1264848fb1b36c80270aa7a9e066280cd882cde00f69d55c1ba0817c5a0ae9cb0bf8b6688e15f410f94cefaa4aed751a6fd4eb1c32cf6aef8dd20f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
72bf712c90b7e896ac58893a8f261755

SHA1
50ec658fe4df03a0fb9a497c4bf5d9a9bc02d69c

SHA256
e0f74347f6c9aaaacddeeff8c832ade0239b9fc93783be2f51af89423ecd914f

SHA512
ba909e78ea24a1cc6477d5c02d878639c1050ab5e4ec0a10f7c314df3140139591b13c69e3adbc3d9a679198e134bf3e35f86540aec3c676c66d950b2aa09c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
843bc92b5ec0ec0e16353f8b8b488a22

SHA1
28072b3ade05ad883af4ab7c60cbe95a253435d3

SHA256
0e722a4485f95b8661aa733c8cd5eea6f572b6bef73a08784fca8bf78c86a69f

SHA512
af55f038eb688b549d1a300167603701fe98adbec07a2459ef0a7f7842e1c3aab59491309494ef578675c74aad5e9f7cc74b3a221e0ced20a9d5ad68ffb74beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
e56446e53aa3258269d40edf7060ac5f

SHA1
f2b5145d7ca03e9c95c367e5451ba6716e94e11b

SHA256
d13c8c17522d839dc386e97a3ac48392a3811116e5163a1913df64c82b82cc67

SHA512
34cb3c4fc6c18957fda7e0d198b8bff19ead6295b60d8b7c10a659037017facb9102de199f5c664bfbb5625d07a60e697010176260b27d6cacd35a6811b7e0ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
d6d85b55840dff0bb7a83c5c7b7f0bf2

SHA1
e6297ff11e54798021481b23d5500257494cc5aa

SHA256
eb92764913d2c7be0e4e7cf3f4801b5ca5ca2bde638ce83d9d73dd73cfd0324a

SHA512
b2c7d060ee264267d805ff850788a6c38358b67a13fd65bbde6f780cd2f3c709918a95c1cce512ce4603163ccc1a50f73ee3104b946df79a0ea1f9bf6fffaba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
83e80faabbe432f346ce30ac2e43f3be

SHA1
16fbcfa1c23f699440de20b7fa8fa0de5858e04c

SHA256
8f159cd731c2c5f6096bcf0bf00a31cd74047d989b07c7e66e2afeda8a368957

SHA512
698ac9fb25f5ee8c4a3ccb8009cdf3ce763c63565b955abacd5bc0abe13478b704826836d1b334d3e6f6a9f0da890af4479c190a3de2b3e2fbc5d0c080546cd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
7971c373a945db1c64a331ea0bbd7c37

SHA1
5918b4564e2fe62d2793546a1d7bc03618ce49de

SHA256
cd6e554dd3d43b4acf39b0a411ba1d2d519523ac59f085d9f9213319bed6e28f

SHA512
e621d1370c5b12fc525db5a7363a46c332607c7d758511e97db97c5e7c754778a650b5cba90b2392dd1e4845f52ce2eabef3cdb4d4150233de0b2ad8705dca7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
60d5dfdc7b6337d6f403237dbcd77662

SHA1
68ebb1bc05de17817673531be06cffb6f83d687f

SHA256
8d85a157a5838cc29cd35cb718cafb3fd606b0a14b757946f60b52bd7f57ed72

SHA512
da8477d74a04f0b356621aa4ac6e3104449046707f1f5d359214b243a61482c3581a6c4221e09cabc8ec1ca89670f8216a59e1745051f005cfc89dbc0bb78226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
0b32cc847811f6c0781905c03bea269f

SHA1
ffab56c05a3d610a99aaabfa5fcdf7ca2e07b87f

SHA256
51d98c4eb743bac044c481979c9cb0ffa4b07e329f5c46d20c9a33b845c6d032

SHA512
651b0cf2d04dcc1861df72f097402b5630fe14cf3687d3761f50fd1fd69ffa1e207d7ed84cd521214aa5015d424a83561291137c5a031ae2feb9c6b16244ca47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
d59d09ce102afad3738a51e15b30c8ed

SHA1
b720b822e5d615014fa56b71db11c5c87bc63031

SHA256
754878d4b488ed55ed683dbea2765ffe4dc5d8f7b420b6bdbfc8a08625882f82

SHA512
5baf5406fcd3de24ebd9f7d067ba8b08cff1f09125c1c0148da03f427cbe325e40d2528ad99c9afae800cc9be3c6df54a8b76cc6bed40071a792a98983d2c912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ee709a63829e28424d7c673d5dca3b55

SHA1
5f2df021cab333ce390439e3ec174ea6cbd0457a

SHA256
4a0657b0c61ff7df88ca022f55350d3395b11109d4abece3f7d22d42957d6a3b

SHA512
6ea6f35e5e39591d1a3e42644df0e2a96e2658f25697fe459f1a99af918617caf7899d6864ed50ea80b84945e50fb96a7d35d5af759c450201f55ea0d94835c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5852bf.TMP

Filesize
48B

MD5
51987c93cb6cfd5387d9d90a70d3dc15

SHA1
e7834c212ea2c9f580106acf2a8905f1b71086e1

SHA256
602fedcf33821c833361ff3e5e86253c9584f7e7f245efc7b1908e00d95a3814

SHA512
f99073a22c41ac63c5a7a7ff1c1ffda4962374cecd547fa4165e99eef961f0cbeb75c03e026dc04b6fd642313e66a087f0335150815c2ff4be9b0e53e3b50c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0f14bdd421bba1ba1fafb9d89b9bdd08

SHA1
2d280949193f7468d155941b143b3ea51e037896

SHA256
fe340a9c44dd221dd672bb9e900e6462ca3585ee1b2253cce7231e5bff4a1398

SHA512
66caaa0e58588c4f9b2c1cf8420eca9631d3ee48a941ea7975675304437e07296dc4e4125590318c875354aec55294b7acc6117bbc202c7d9d7a426a0aa2a51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
64815bd622221c0989b0f738c4662c5c

SHA1
34001f59bdb88d30981ec5d1b93ffa0838799f00

SHA256
66e33322002e725ff4410e0daa27319f66883e06040d3afd8be1b501dd4385b4

SHA512
32d005362cfdcc2ccb0efac03324ff9481571279a45dcd4b400073916edbc36e432ee43a92edbbebed733a68c3e7f6d367d3a511bda224dc60c818604d9f7bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2d58d3f4ea4c54493597a95f82568021

SHA1
67fe29a575a08f138063fe06ef7daf66202d39ba

SHA256
31aba2881e01f83ae067868c9ba33ec6a7b3ce8b7283d6f230f0a87952d2a3b0

SHA512
3bb02e34d6ce5c51ebd077c87aadf4e329e56b04e8041713a2f27648065016d84dfacc989228a93481281d59ce5f31a7eeb159402d570562cf111b1ee6bae1da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
aed5acfdbf257791ed6144f727dc77b5

SHA1
d9fef8b69626f2b4772f7af00e507238483c5cfb

SHA256
66cfcdf14af1753df4672519fa9dc4415802a38088655a4660ea1b8201dddcab

SHA512
db209c49ba4053aacec2040aa0fadd5f3c5a83ecbfd6eeab99b471e24fdff25ffa348fcc2e7b73b743c757e692b83639ce5dce1b5b4eae1b782b13c51fbd5323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4b63add3663f89b4e26cc1e0aa3ddaa5

SHA1
76b78e04ffc09c0cf26b08522913e6b8d158071a

SHA256
ce09cebd96f750453446ad2fa0408253a842cefed4050692b5f6d474495481c4

SHA512
c8813b573307412efd77cb7528c0e0d55765e1852350ff4f6ec29db1e7633ea6bb3baaed2972119d6b74c020cb429edc546c8666172af112217d5f959a638ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1ccc0fe93b7987136161b34b7cca817c

SHA1
cac390d887ea20c3385a56b7f9934cb9e4112bbd

SHA256
4dc191edc64478a23f7fc0bdff8d70a207360ce71b17ead1b7667200fd764bcb

SHA512
840eac07992cc9ab860e94d6e1991bf8d41e28d5ac22229acc28af5f3d8681f87206ac417311a1c9bd776f24a34caa0778e321711118d632e6ddecf74238e625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
26f808a8a36fa8e46b41d44a9a006463

SHA1
a4e3b647083c624a0fcba61dacddc1c3889551d8

SHA256
9c5a64113444570fc2050c46bd10aeeb97422617bd73f84d1ed6ac33fc98f055

SHA512
e44b001dd065a5cc9a898f1b1503a77b129436b78e02a5a1af5bc62359ee455aaf5d7461dc3bc9c46e32056e404fe47dcd1f77de107419983e63d6db66cb84ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583081.TMP

Filesize
1KB

MD5
21e3fd151c81d875466488b77f16a53b

SHA1
3a99fa84fee9134b12a958d9c276ba9f8dd29742

SHA256
4f78e8667990c89b1b025ae991c561783dd9dca44fa783459b5464d2a6d519e2

SHA512
99c7f7d32f559fa2abce1f5283254cb7730be44c7daffe72be96827cd51495a3cb806e08ea07b35bd62dd3bfc5e1831114f4d39171937b89d4bb6150eb207793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8a8a71095ecb9eb139422c8ed3dab95

SHA1
2badffb9b34f08a5378573f5626430eb2f4eaf24

SHA256
384f4abd635d5f47d70e44548827285bbc5e1cc073060bcff6501c36c0cd6a1f

SHA512
a121f6eaafcd9748005b7e1685c3f8e86f0734fd2430677e072a3a6de2e0647486b39a4f5ebd7adfda97a1c9e1202c4125750fc7930aff1277e6ace7da0b3f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b225ab345f579a0daeee148bc4c5d3c9

SHA1
047ba2bb274b2d5caa8ccd1031b2c35bcfd38f31

SHA256
e64ca07e18c8f9fc5bfdfa1401c57bbbc37036d26680f083a9526bc4e1dc8905

SHA512
6abc5872e4f7daaa3b71e2aa9a2151be9fef0e51b07de8e590c8f30ba4d914f61eef2121133069f6c4e044d60387aa925b25f603b6e0410f58d5f26f8bb6a49f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0835bf5a9d0dbcd6cbc2d0182dbd5c29

SHA1
935b22a1260e9d4cea3936c78e6553658ad49d47

SHA256
594af029b0cb37993abbd718bd6acc90e4b72ad65c814e984fcec64451a9e083

SHA512
0e2ec6003239ec8dbab1be97d1b7f36490251bcebf70fa154bccc854536a4f1226ab8d009cba640f97fd46e3a46ab23ad6cb558bcaa8d3ee1772f884d5124bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
32a724983cd9f8f0e4eb6ade5fa570ca

SHA1
a7a572a4d091e3173a8d0ff8655676326c727158

SHA256
f32addd94780923361bc95664151a87f2c1161c66a3106ba432840cf7d980318

SHA512
6eb48cbd13d3bb9082717486e9b4423947482e265cc8db980ab3d05c7bfe9d8b9f981b9957040a214488280464f4d5956e57905ad77f13c64b01531157eab066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a76bc35b4c8ee4324a2e9cdc0bee7cc2

SHA1
42dce182886d1f31357f9eee190c7a8fd32d5ad5

SHA256
ba8cff62b49fb0be39adb673c5c7cac6418291c8911c2065202c072db7cb73e0

SHA512
74735a210ef6379296eb37959fda0f97ce00623c9410301957edc4665edac5cdc5b7ef0b292a7d6d5e3d1e7331785800f963d4a6b68a317a8444734a576514be

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
d12e797f18cb79137ad12b5e5139e1b8

SHA1
f15fb437b1be86b714e278ce927b315fa0e16ea3

SHA256
afb0f4a0229174f8118ab512b569fdb9eb3ebb0389cb11c9f4a0a2aa88ec258b

SHA512
f6e8f99bcd0ecff7683c8e56fa2ffa3fdff16d6c17a2066b36bc3d78e2838130b5b23059a239b29a7ebdd0b5ca36b3f9cf388945bf1aad50a3f91cb8091223cd

Download Submit
C:\Users\Admin\Downloads\roblox hack 2024.rar

Filesize
28.9MB

MD5
3b55b537d74a0a55a7f402623cd3bb34

SHA1
113ba8856ddfc66a5b205c20a95cf4e4c6df4599

SHA256
74ed4eff9c9f0f1d334a799d85473e817ee329875fc92526ae56f1644f5bdd74

SHA512
70ee8c709b86bde4886f2328132496fa3690e030ca8d51c2556283cc286215d9b4e0a82657c7b20c649655e966b45543015c56bda7f5de79dfb84ea1bc7632a2

Download Submit
C:\Users\Admin\Downloads\roblox hack 2024.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/436-2318-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/436-2320-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/484-2287-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

Filesize
4KB

Download
memory/484-2290-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/484-2291-0x0000000000B40000-0x0000000000B41000-memory.dmp

Filesize
4KB

Download
memory/484-2292-0x0000000000B50000-0x0000000000B51000-memory.dmp

Filesize
4KB

Download
memory/484-2294-0x0000000000C20000-0x0000000001C1F000-memory.dmp

Filesize
16.0MB

Download
memory/484-2289-0x0000000000B20000-0x0000000000B21000-memory.dmp

Filesize
4KB

Download
memory/484-2288-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Filesize
4KB

Download
memory/484-2286-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

Filesize
4KB

Download
memory/1916-2316-0x0000000000650000-0x00000000006A8000-memory.dmp

Filesize
352KB

Download