Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

windows11-21h2-x64

8

Analysis

  • max time kernel
    236s
  • max time network
    238s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14/08/2024, 03:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/folder/itohohfh3cbrr/roblox+cheat

Score
8/10
defense_evasiondiscovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • NTFS ADS 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 14 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/itohohfh3cbrr/roblox+cheat
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1836
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffddae93cb8,0x7ffddae93cc8,0x7ffddae93cd8
      2⤵
        PID:1092
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
        2⤵
          PID:2392
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2396
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
          2⤵
            PID:1548
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
            2⤵
              PID:2748
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
              2⤵
                PID:1516
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2224
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3952 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:5052
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
                2⤵
                  PID:1364
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
                  2⤵
                    PID:3596
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                    2⤵
                      PID:5044
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
                      2⤵
                        PID:2836
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
                        2⤵
                          PID:4160
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
                          2⤵
                            PID:2208
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
                            2⤵
                              PID:5052
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
                              2⤵
                                PID:4712
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
                                2⤵
                                  PID:3460
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
                                  2⤵
                                    PID:4596
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                                    2⤵
                                      PID:696
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
                                      2⤵
                                        PID:4288
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
                                        2⤵
                                          PID:3796
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
                                          2⤵
                                            PID:4568
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
                                            2⤵
                                              PID:3128
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
                                              2⤵
                                                PID:3996
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
                                                2⤵
                                                  PID:2748
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
                                                  2⤵
                                                    PID:2036
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
                                                    2⤵
                                                      PID:3132
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
                                                      2⤵
                                                        PID:1892
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
                                                        2⤵
                                                          PID:4588
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
                                                          2⤵
                                                            PID:3356
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
                                                            2⤵
                                                            • NTFS ADS
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:2892
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7540 /prefetch:8
                                                            2⤵
                                                            • NTFS ADS
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:3536
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1588 /prefetch:2
                                                            2⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:5044
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
                                                            2⤵
                                                              PID:3584
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
                                                              2⤵
                                                                PID:4668
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2580 /prefetch:8
                                                                2⤵
                                                                  PID:4156
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7228 /prefetch:8
                                                                  2⤵
                                                                  • Modifies registry class
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:2768
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
                                                                  2⤵
                                                                    PID:1776
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
                                                                    2⤵
                                                                      PID:2712
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
                                                                      2⤵
                                                                        PID:2652
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
                                                                        2⤵
                                                                          PID:3436
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
                                                                          2⤵
                                                                            PID:3584
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
                                                                            2⤵
                                                                              PID:2452
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
                                                                              2⤵
                                                                                PID:4740
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                                                                                2⤵
                                                                                  PID:4520
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7080 /prefetch:8
                                                                                  2⤵
                                                                                    PID:4596
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8012 /prefetch:8
                                                                                    2⤵
                                                                                    • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                                    • NTFS ADS
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:3404
                                                                                  • C:\Users\Admin\Downloads\winrar-x64-701.exe
                                                                                    "C:\Users\Admin\Downloads\winrar-x64-701.exe"
                                                                                    2⤵
                                                                                    • Executes dropped EXE
                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                    PID:1500
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
                                                                                    2⤵
                                                                                      PID:2264
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4838078525514029818,3127798078661054701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
                                                                                      2⤵
                                                                                        PID:3996
                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                      1⤵
                                                                                        PID:1252
                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                        1⤵
                                                                                          PID:2088
                                                                                        • C:\Windows\System32\rundll32.exe
                                                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                          1⤵
                                                                                            PID:2184
                                                                                          • C:\Windows\system32\werfault.exe
                                                                                            werfault.exe /h /shared Global\677ebdcfd4f54149a7b93182139e97c0 /t 3020 /p 1500
                                                                                            1⤵
                                                                                              PID:1312

                                                                                            Network

                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                  Replay Monitor

                                                                                                  Loading Replay Monitor...

                                                                                                  Downloads

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                    Filesize

                                                                                                    152B

                                                                                                    MD5

                                                                                                    9af507866fb23dace6259791c377531f

                                                                                                    SHA1

                                                                                                    5a5914fc48341ac112bfcd71b946fc0b2619f933

                                                                                                    SHA256

                                                                                                    5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

                                                                                                    SHA512

                                                                                                    c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                    Filesize

                                                                                                    152B

                                                                                                    MD5

                                                                                                    b0177afa818e013394b36a04cb111278

                                                                                                    SHA1

                                                                                                    dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

                                                                                                    SHA256

                                                                                                    ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

                                                                                                    SHA512

                                                                                                    d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
                                                                                                    Filesize

                                                                                                    20KB

                                                                                                    MD5

                                                                                                    87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                                                    SHA1

                                                                                                    eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                                                    SHA256

                                                                                                    e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                                                    SHA512

                                                                                                    37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
                                                                                                    Filesize

                                                                                                    20KB

                                                                                                    MD5

                                                                                                    9985fae88748763dcbaeb52cd5bb1c97

                                                                                                    SHA1

                                                                                                    db05d8e97e2cc2979c5a33ff1358749f996c9d40

                                                                                                    SHA256

                                                                                                    a7c300f3096bcbb9cf24d472c9513ea876572eb14bda58f9bf7bad439ff805c2

                                                                                                    SHA512

                                                                                                    b701e77edb480296609129e518f4e1b9f153c9c113b648f9b0c83dc7d3d54dc8d46a369551fa9bd9141c0b30609a6837247bf5a3222d960fa5c03f576440256d

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c
                                                                                                    Filesize

                                                                                                    20KB

                                                                                                    MD5

                                                                                                    73c902955ca3b471da95fc832d229686

                                                                                                    SHA1

                                                                                                    9b5c5ab5f958fc963db270c40b5908e5128448c0

                                                                                                    SHA256

                                                                                                    03a0fe2e76c2e440352b8ba3bb80e750a4df1f5571a4645dc1481aec2fb15975

                                                                                                    SHA512

                                                                                                    5bd71fbac24389f7e7d30d1c4c6cd0816a619f63aca3cfdc09bac6741eb27984e82edd61fb5c085361c27aa5756e962012c11907480eddd4fabb856879115b1c

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4dbc62c1aeb01320_0
                                                                                                    Filesize

                                                                                                    54KB

                                                                                                    MD5

                                                                                                    a84e14f2b8a93e61a7196d9b53810122

                                                                                                    SHA1

                                                                                                    d537f7ae3bad6f09f8b4904fce2c35753442fe5f

                                                                                                    SHA256

                                                                                                    93e9882da9b0500c50d7961b58f4893090108f5f7312f0a295dade981fb4d6bd

                                                                                                    SHA512

                                                                                                    052f2ff64ce0de2d70c10b12f1e8e94bb95fc9944740146d4bf6b4b5c6c00ee595bf898194b6ca4c17751ab3923f93dfe3f4e2434ac4a7e3b55ccb294ff2b841

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    81e6cb4a418f1a6729309ef955479947

                                                                                                    SHA1

                                                                                                    565ac23bdb70e849cdbb49cf2cdaa1091c9001e0

                                                                                                    SHA256

                                                                                                    c731e5eb85d0c8b9a32aa306fc31042a08139bd7e37b26343504054f636d1687

                                                                                                    SHA512

                                                                                                    69060f48ac0be123db3230451e2c69a22ce4c950415e9b582d2f76bdfd98ba9fbaf317cef06cb371c22a2cd3ddd7a8232e7dd7fe3963bc95f0ba856e6d869596

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                    Filesize

                                                                                                    5KB

                                                                                                    MD5

                                                                                                    b654cf5a0f61eac73e45a422abdbc043

                                                                                                    SHA1

                                                                                                    7e948a3166a96c0e76c2a59b059a8e422ea93194

                                                                                                    SHA256

                                                                                                    e79cc710af1ea60867d24a8c50c4bbe588ffb8194783360e32d8e3523c835b93

                                                                                                    SHA512

                                                                                                    59479ea68a81cf85f8b6afbb41929d25092cb28cdc0faf7866ac30202eea1943c5d55575e6042c1a6c6b36e3e32daa873bb9319d1eefc6255374bd1aa6bc95a7

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                    Filesize

                                                                                                    5KB

                                                                                                    MD5

                                                                                                    6add510d9b45ce317e3f978abf384d5e

                                                                                                    SHA1

                                                                                                    12298f234cc7dfe47312dc0b9c3433b9ce70feea

                                                                                                    SHA256

                                                                                                    ccdf75a00795b14c29273848e887b57ae2782fc32583b402f1b8568d25182f19

                                                                                                    SHA512

                                                                                                    1f46ab5bc8ce75cfa1a49af48fedb37c07e2a859f35df20b8ea37ef49dc2190f08419184ccc1a908421ce59a326f36b96208d5d58bde1c0372056bbe3b9e2edb

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                    Filesize

                                                                                                    2KB

                                                                                                    MD5

                                                                                                    bda5fb47da8f7921a083c688b1c78e1a

                                                                                                    SHA1

                                                                                                    8f1e1e8659b64fbb47972a1f4114c22adf14eea5

                                                                                                    SHA256

                                                                                                    d70428205aabd0f8f8cd5558840ca6f6c9116221280cb24d20820ef7b006f0df

                                                                                                    SHA512

                                                                                                    3f07b8378ee000d19d6614bc7ea5aecd2826357c7252f5014e338c3ab69ce0d5e38e18a242facf6915ec1b3b453f3bbd3edb2d0afd3066399edc35c01ad459eb

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    5409f67736703b19f6b2eddb3a32230c

                                                                                                    SHA1

                                                                                                    4e780c911b582c4f5cd4738bbebc3f9a7058565c

                                                                                                    SHA256

                                                                                                    4acd5d1104f682e175620f50ed1d97d2752094addd8bfd04208b6005c6ab215a

                                                                                                    SHA512

                                                                                                    ab8a93a1ced913710ab943da2dde657e93837a2d218a4151ea54fb1e9ea3464ddb2a2ef6be6b754eddc92c5373c32efbf40e0acd0faa349737461fb07db6995d

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    97bf1f50dc60cc966932e84c579512b6

                                                                                                    SHA1

                                                                                                    494bee320088164c6a3c3cd5c6b14c23710d3c86

                                                                                                    SHA256

                                                                                                    5d1b45d7c4aa6b25d6ea21efdbf2eb1f3fe0660d316b37517f967b5e85fe9344

                                                                                                    SHA512

                                                                                                    e2be309bd1c277c762b46e4c534e330f9408d905e9362954f5063b57c1c149ca836d7fca355dd6e3609057ee0a987ded9c7ae7a9a22f28ae0c1aa59da03a1a4f

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                    Filesize

                                                                                                    8KB

                                                                                                    MD5

                                                                                                    84872dd10a49e34e2eb9649bc0ea6065

                                                                                                    SHA1

                                                                                                    eeee1ea0457985a24441efc0efee7f7ee1fdea35

                                                                                                    SHA256

                                                                                                    37cf9df0a097c5a42cf4d1b9c079410b12c3239015de43c8f0218c9f72def2b5

                                                                                                    SHA512

                                                                                                    b8639f95c77362d981c75ddf7faf893d65e8abe9e43b4c35dcede74bfb8c8c02c80acc6c6fd73f2995b0ce111b283869b1a4ea8bbde8e73fd37d06b226251402

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    6KB

                                                                                                    MD5

                                                                                                    70bc366bc269f659ce7189f481921dcb

                                                                                                    SHA1

                                                                                                    1d6368f23d0e1d59bc6b6538a0794b2a2efdc259

                                                                                                    SHA256

                                                                                                    75804e685f9690578a2939f5e5bca2ebc09d19eb3f78e8e940a2671cad2bb680

                                                                                                    SHA512

                                                                                                    65998eeddf54dbffbb79d2a5b8d170ab70438c63d12a0b920734e61b73e5726f934ca63e1601ac808d234051c0805042484f5254dfdf597889b83f96c3c617fe

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    7KB

                                                                                                    MD5

                                                                                                    87ec8db8187c563d7ffcdb41446b38ae

                                                                                                    SHA1

                                                                                                    377a8fd1d7ee60a35b24c7685c1df04bfab29415

                                                                                                    SHA256

                                                                                                    28c863ad45fc3273d3e09d56d2f96f1c5afc512104ae9d6b955451b9fe742275

                                                                                                    SHA512

                                                                                                    193af23a86e27921bcd603aae10402b473a3652d40c7a9bb2acb6cb6386aba92582e70ff0183c99d0501981a7e30f9c6810283f52a8d99a8140a14c492045b69

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    12KB

                                                                                                    MD5

                                                                                                    37b9c78032f372e3e96e4586368a541d

                                                                                                    SHA1

                                                                                                    b1bd41b3b4f0e58772a569e94c298e33a99fe423

                                                                                                    SHA256

                                                                                                    7cb0ef6ceabf4c57f8b5660589d1b63a95e9f0b7df0a2b84d56b6edd6acf442a

                                                                                                    SHA512

                                                                                                    def440625b8983154141768b442c83b29a2ec3f277ad14222c291ce52bf33b5c649440069b9f518f46155712418f3a5f16330724a2a104663df95c5777fc6728

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    12KB

                                                                                                    MD5

                                                                                                    933536d436227969c5434f3331df1fb1

                                                                                                    SHA1

                                                                                                    389dccdea85880ad1b0469f238198ec77fb06ad3

                                                                                                    SHA256

                                                                                                    55f5d996f2048c5ca8a78c4c592786dc7995d608f9e3e1c5fcc4633ab6feea9d

                                                                                                    SHA512

                                                                                                    992a96883d5d967bba7d55621398a5fc63d5a50770102235f9e7c7c37fd6c209f0185c49d910a0e2ae19542b87e4e840c883797fef00fd4529dcfa697f0acfcb

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    7KB

                                                                                                    MD5

                                                                                                    3e8a2cedc5ac52d5c3644297de40de6b

                                                                                                    SHA1

                                                                                                    2e4db5f8a0bce46ce56e2ea7c4794e0ab091294c

                                                                                                    SHA256

                                                                                                    d23e390b0d6bd8f8264e286dda82d2f5ae0d01c4a3085d9e309f385f38a53d3a

                                                                                                    SHA512

                                                                                                    c569985ada46b9aef53049c4536d74cba377177c3cc8288157bc4c9f731b107a3e12f1f65a2ec6031351d8fff22b8548b6ce23eca0a56cb759d81e222f2e11f0

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    12KB

                                                                                                    MD5

                                                                                                    abce4253ad3979df2dcb523d87065ba1

                                                                                                    SHA1

                                                                                                    b47784a879a6c19c751309b1decfd2fabe3beae2

                                                                                                    SHA256

                                                                                                    a1e46686525888d9da332dcf1a17631cc93ae16afd2027e4f1073983407e1f2a

                                                                                                    SHA512

                                                                                                    6b363bcba2b54b2dffb774d696a8c120402ec732b18a2b7e8b8804ea59797b4ed0e72c384afb3102775a7a8d3477463709e74d8205ec7a315a768f6bf400bcd0

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    2ff9ac749df1f9a1b32d6f2f26d8d967

                                                                                                    SHA1

                                                                                                    7614a463e87b5de6d964e02f63a1666f13570295

                                                                                                    SHA256

                                                                                                    9b972bcca78eb3960d01f7acb7725933de75ebb3e1836bdf7a73539a77514ac4

                                                                                                    SHA512

                                                                                                    e92bbd4e47f6ff93fca9a89df663d10d3eee89fd66884b193022ebdafb329de662f7fffb34722dedd64924847eba6b0675e661db8f23c486bfa90758bad99819

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    baead2b70162f706a4c309537ab9226a

                                                                                                    SHA1

                                                                                                    0ffd5f4f7d07705cf91d46ad08bf0ff2a564841d

                                                                                                    SHA256

                                                                                                    f21b3fd0aa64a75c029cb73949b84035f272517069992334f6e5d8f42a050086

                                                                                                    SHA512

                                                                                                    717cac34a7980c2fdc1d28a46c6bd39f5ca14eb6d33b16e8b85f63fefedaf5117537327b28c0c9d7b01d62b54437759d5c8412af1dc8fb99946117af76896b61

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                    Filesize

                                                                                                    8KB

                                                                                                    MD5

                                                                                                    97d24d09d9061b73c292ab9b4274730f

                                                                                                    SHA1

                                                                                                    95cc49664e6c4bd037b6701d3dc5c9eaa302b508

                                                                                                    SHA256

                                                                                                    6babe4949f387402886038fc1c25b3fbec6b47810bfebc79cdce1076348f1876

                                                                                                    SHA512

                                                                                                    05ec0af418050d22147a6e894031ec6e7ccb74e89d8830a2b60190ca1a59bb8a31dcf4d1c5a272d0d1667cce18e10603bc18bc4a1ed7abd6f656ee57213b2ba8

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    fe95b8ca80552a52995f12c106ee31a6

                                                                                                    SHA1

                                                                                                    ac47d86c50a2528bbc4bab5cba3ce0d700730f98

                                                                                                    SHA256

                                                                                                    89385a1bc7e2c65cf03edfb06d7f36377f320213f69f9f7f44f69e63909bbe83

                                                                                                    SHA512

                                                                                                    e2f43c28725dda36d81b4d53337a7957a728ee4249833b894ee0452ce84c0204069c3c136479aaeaefd315015dfdedae2690e8056a85a0172a7e5d109be42d4e

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    49b41c65358ef5380537b820fa3f50d1

                                                                                                    SHA1

                                                                                                    b3d220b60a0ef62e32b9b3dc822fb57a0c668529

                                                                                                    SHA256

                                                                                                    51bef0413e762e0ca60b14ee0fe5c9732cb5369f04e28a35d064adba0ea2ae2e

                                                                                                    SHA512

                                                                                                    4c031f65a4636eddf451988af931fa9eec866719305dae095eb979db8636780a9882cdeac0e1bb76a84175b34ba6fafab0af25f5ccf0259f418f644ed52fb230

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    1a55599cf2cac207c931e74d871a78ba

                                                                                                    SHA1

                                                                                                    30737187c8f0946a2b95b3b02169df167ff98fb5

                                                                                                    SHA256

                                                                                                    d776a9e4c0cc93fb45a089b5d4a252f43198c18ef162db9da1506b9782ff15bb

                                                                                                    SHA512

                                                                                                    09cd570eb1d1f34c0ebcf9784e678863dd7e7d0a32e420bd6e466285b8819e94428adb37cd4bf84fd702ef89d2436df8ce66a220490c86413e5bae5bfb8620c4

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    8825d0cb3f83d716c9f5ad79d20f21fa

                                                                                                    SHA1

                                                                                                    e34b144f1cca8b92d7aefe254f65667a846847ee

                                                                                                    SHA256

                                                                                                    b0db3a6e52aa625f3b31f8d50aaf8ba234b367d3079ff45056e99241dc9a821d

                                                                                                    SHA512

                                                                                                    2847d8c758db0d5995d50a827c393215e5e1f24efe124f79283df0c773de4f6afb31ccf00730c970480aa990ebb8a61103687ade2af3518da8e4b9b174dffa96

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    3KB

                                                                                                    MD5

                                                                                                    d63c0ffadfb2e83741a48ac2cd09e126

                                                                                                    SHA1

                                                                                                    2593845edd7375d8c011424c1ad1184376f56cdd

                                                                                                    SHA256

                                                                                                    b924d6a8bd06a35365a814477e492338e3909db3128267e85095d09dacfef5d4

                                                                                                    SHA512

                                                                                                    ec3d7886cb27509cdba3f7ffa6438c47f4461bed8f7a5baa748f0896e1031f098f37f405b7971118c0560826ebbc0fda7230a25893c09ee97fca0aa0ece43a1d

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                    Filesize

                                                                                                    4KB

                                                                                                    MD5

                                                                                                    5ac7ab9dae69a8f5b4f5becf6bd89341

                                                                                                    SHA1

                                                                                                    6125d73839e651eef26f56aacfdb50b3ecacd739

                                                                                                    SHA256

                                                                                                    f7c31eda30d5f52b5ede2cd5b5e4e644ca6bb1f0830c148ed92288bed8ae308b

                                                                                                    SHA512

                                                                                                    25a8d45255fa75d7b71a8b0fac4ffe1edf8d7f19224edab14f68e2e9b05151e06e8f2573b5bd9ca8e144e8cbc69bcb2a5a9aeff6e6bde5642de878ff0714d972

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f02c.TMP
                                                                                                    Filesize

                                                                                                    1KB

                                                                                                    MD5

                                                                                                    48776affb837feb96fae614117e1cce0

                                                                                                    SHA1

                                                                                                    473e76a8060a1141f111abe3abaeef471c3b59d3

                                                                                                    SHA256

                                                                                                    e3d8dd7c9a292e9afc3a14c795b3fd5984cebc0d9fc23a3e9daedd4e98ed87a4

                                                                                                    SHA512

                                                                                                    e19319269e336b5cbb64a93a2c486c0642c397389622d9374ea4371c41429e0674262383a12d58d50fe081924920054695526682efae7217486b17de26d8a612

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                    Filesize

                                                                                                    16B

                                                                                                    MD5

                                                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                                                    SHA1

                                                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                    SHA256

                                                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                    SHA512

                                                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    f55b7b222c2f5da41e2a5ccac8066ecb

                                                                                                    SHA1

                                                                                                    eae69e46e6b18806dd73bd3706854d7f33036d8b

                                                                                                    SHA256

                                                                                                    7e546d93bcb48868ccccf3c7eec40e7c523cfba58a91c4024bde1ca48882378e

                                                                                                    SHA512

                                                                                                    6048c124d413d875ee28fd99fa0fe87aeabc65eeada298da36d9757fe9d39873bcb33ba8c4d5b6649b04e6dce03a7b29d5c4461e531b531e9207a470b4f8af9b

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    b00a0441058ddbe6a7aef2b33070ba0a

                                                                                                    SHA1

                                                                                                    313bf01c067dea01e6e1f418f11955fc605d89e1

                                                                                                    SHA256

                                                                                                    cc41c5c3dbf5cc2f0fda14c66d9da9011ad0a751e8163230527f6c0e36abf4cd

                                                                                                    SHA512

                                                                                                    4b86d0798c99df83c9f540432f72bb9e0b0b35076c67f4bb245940f5d3e149e47d5a89d288d35977b5cd5bb49267572989c7034ef518352b85347bef1d71f0c3

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    47c9fee370da9a91943695219451e111

                                                                                                    SHA1

                                                                                                    b3a7156d75eec6892982249dc23d741a653551eb

                                                                                                    SHA256

                                                                                                    be36a84f628770545244b0bf931e7c4f495564d53f0f06542eb5749aff67e387

                                                                                                    SHA512

                                                                                                    07e93c1adf235322cc1552358dcbf1edd412f2ec16bec62de1f3e741aa5fb04adadaadc6bbf6177801a1925c854dee3657b442fff042de0348cc4c0886f2abe6

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    54a04b77d4dba8b6fc17318f1a44683b

                                                                                                    SHA1

                                                                                                    edfc5481eb561e85ca28b0821eee5914599adca7

                                                                                                    SHA256

                                                                                                    ad5de21c9528aa5c5ff61eef1c37cbd6f4abc9eca26915dcb72148c0501d0a00

                                                                                                    SHA512

                                                                                                    4152b37083208950b44be44840606c09c3ff090d040c6de6c8afe498d85ecf25ccaa4f543974ef545471f3f5aaafc8eb6f64a9fa8689e711bce4b6d1b126b204

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                    Filesize

                                                                                                    11KB

                                                                                                    MD5

                                                                                                    7335abaf9852941429a237c02159397a

                                                                                                    SHA1

                                                                                                    3a08c2e566dc2e6ecb3f799156904927c725e509

                                                                                                    SHA256

                                                                                                    9f6c03cc94b8cf398d188a60dfbd1ca47274c570d706c4ec9316bf44140dbce7

                                                                                                    SHA512

                                                                                                    9b2ca93c299f1598b9f013c992a2f1ab10ee9bc064c45db80cae1afbfda819746ce919967d399fbc3258cc8b5e31602cfa67e1a478f4be5c974e0527fc0e98fe

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\Downloads\ROBLOX Cheat.zip
                                                                                                    Filesize

                                                                                                    20.5MB

                                                                                                    MD5

                                                                                                    8f5344bb4d6a4a8d3eba500944d5e3b6

                                                                                                    SHA1

                                                                                                    354a2f7ea380e6ef79ac35395dc2f00b5256299a

                                                                                                    SHA256

                                                                                                    0afcfe24ff6be25d50d858a1c617cde7aacd2edf58494c1ad91ea2bb20e0a3fa

                                                                                                    SHA512

                                                                                                    f2aab0d56b9d380067390bcf9b8e24f9281ba66b1210f5894ac31d80d7c344aeb77c4971d3517d10f8f636b7c9583a06658e8eb9b3a3da8fcee1f171f6a1d286

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\Downloads\ROBLOX Cheat.zip:Zone.Identifier
                                                                                                    Filesize

                                                                                                    26B

                                                                                                    MD5

                                                                                                    fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                    SHA1

                                                                                                    d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                    SHA256

                                                                                                    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                    SHA512

                                                                                                    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\Downloads\RobloxCheat.zip
                                                                                                    Filesize

                                                                                                    20.1MB

                                                                                                    MD5

                                                                                                    06445064ac520d5e389d0a35035d0d70

                                                                                                    SHA1

                                                                                                    aca86cb3c97fcb5a5aa611abae9bb24c52ab4db3

                                                                                                    SHA256

                                                                                                    0fbed677990f6cedb153f8ffeb59b9cbe4a0cf72f177aac0e4e9aeb2ded206f1

                                                                                                    SHA512

                                                                                                    2e14503c6e6d44e222f5b4ebf1dcc6da74f14c187a0d6eac4ef7b32d218c86507463128486c14fa9387d09b8a916cd3713a3d10e4fddb100e41866abd4ab6918

                                                                                                    Download Submit

                                                                                                  • C:\Users\Admin\Downloads\winrar-x64-701.exe
                                                                                                    Filesize

                                                                                                    3.7MB

                                                                                                    MD5

                                                                                                    3a2f16a044d8f6d2f9443dff6bd1c7d4

                                                                                                    SHA1

                                                                                                    48c6c0450af803b72a0caa7d5e3863c3f0240ef1

                                                                                                    SHA256

                                                                                                    31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6

                                                                                                    SHA512

                                                                                                    61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

                                                                                                    Download Submit