Overview

overview

10

Static

static

1

URLScan

urlscan

https://bloxtools.ne...

windows10-2004-x64

10

Analysis

  • max time kernel
    155s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-12-2024 00:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://bloxtools.net/AccountBeamer

Score
10/10
mercurialgrabberdiscoveryevasionstealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/975244014364270683/FZnH_sfT1E7Axl_7pfCffp86xK6BWVM_UXXb74CN2p4kpHxH_6kuQsuzlglxNPVfnIm6

Signatures

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber
  • Mercurialgrabber family
    mercurialgrabber
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 6 IoCs
    evasion
  • Looks for VMWare Tools registry key 2 TTPs 6 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 6 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 12 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 27 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://bloxtools.net/AccountBeamer
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4412
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb993b46f8,0x7ffb993b4708,0x7ffb993b4718
      2⤵
        PID:3324
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        2⤵
          PID:3556
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3824
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
          2⤵
            PID:4632
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
            2⤵
              PID:2868
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
              2⤵
                PID:2564
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
                2⤵
                  PID:4968
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
                  2⤵
                    PID:3132
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 /prefetch:8
                    2⤵
                      PID:4948
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4332 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2932
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
                      2⤵
                        PID:4276
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
                        2⤵
                          PID:632
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
                          2⤵
                            PID:3028
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
                            2⤵
                              PID:4536
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                              2⤵
                                PID:632
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
                                2⤵
                                  PID:4276
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
                                  2⤵
                                    PID:3196
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
                                    2⤵
                                      PID:4900
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
                                      2⤵
                                        PID:960
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
                                        2⤵
                                          PID:4140
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
                                          2⤵
                                            PID:2708
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
                                            2⤵
                                              PID:1268
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
                                              2⤵
                                                PID:4228
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
                                                2⤵
                                                  PID:4572
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
                                                  2⤵
                                                    PID:1116
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5856 /prefetch:8
                                                    2⤵
                                                      PID:4276
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
                                                      2⤵
                                                        PID:532
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:1668
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
                                                        2⤵
                                                          PID:2216
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1876 /prefetch:1
                                                          2⤵
                                                            PID:2580
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
                                                            2⤵
                                                              PID:3176
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5896 /prefetch:8
                                                              2⤵
                                                                PID:4196
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
                                                                2⤵
                                                                  PID:1648
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
                                                                  2⤵
                                                                    PID:1780
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1324 /prefetch:2
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:4484
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
                                                                    2⤵
                                                                      PID:4384
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,11070404467966259785,18154461411189314994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
                                                                      2⤵
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:2196
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:4400
                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                      1⤵
                                                                        PID:3288
                                                                      • C:\Windows\System32\rundll32.exe
                                                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                        1⤵
                                                                          PID:3464
                                                                        • C:\Windows\system32\AUDIODG.EXE
                                                                          C:\Windows\system32\AUDIODG.EXE 0x518 0x4a4
                                                                          1⤵
                                                                            PID:4912
                                                                          • C:\Users\Admin\Downloads\RGF-main\RGF-main\RBF.exe
                                                                            "C:\Users\Admin\Downloads\RGF-main\RGF-main\RBF.exe"
                                                                            1⤵
                                                                            • Looks for VirtualBox Guest Additions in registry
                                                                            • Looks for VMWare Tools registry key
                                                                            • Checks BIOS information in registry
                                                                            • Maps connected drives based on registry
                                                                            • Checks SCSI registry key(s)
                                                                            • Enumerates system info in registry
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:1968
                                                                          • C:\Users\Admin\Downloads\RGF-main\RGF-main\RBF.exe
                                                                            "C:\Users\Admin\Downloads\RGF-main\RGF-main\RBF.exe"
                                                                            1⤵
                                                                            • Looks for VirtualBox Guest Additions in registry
                                                                            • Looks for VMWare Tools registry key
                                                                            • Checks BIOS information in registry
                                                                            • Maps connected drives based on registry
                                                                            • Checks SCSI registry key(s)
                                                                            • Enumerates system info in registry
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:4000
                                                                          • C:\Users\Admin\Downloads\RGF-main\RGF-main\RBF.exe
                                                                            "C:\Users\Admin\Downloads\RGF-main\RGF-main\RBF.exe"
                                                                            1⤵
                                                                            • Looks for VirtualBox Guest Additions in registry
                                                                            • Looks for VMWare Tools registry key
                                                                            • Checks BIOS information in registry
                                                                            • Maps connected drives based on registry
                                                                            • Checks SCSI registry key(s)
                                                                            • Enumerates system info in registry
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:2316
                                                                          • C:\Users\Admin\Downloads\RGF-main\RGF-main\RBF.exe
                                                                            "C:\Users\Admin\Downloads\RGF-main\RGF-main\RBF.exe"
                                                                            1⤵
                                                                            • Looks for VirtualBox Guest Additions in registry
                                                                            • Looks for VMWare Tools registry key
                                                                            • Checks BIOS information in registry
                                                                            • Maps connected drives based on registry
                                                                            • Checks SCSI registry key(s)
                                                                            • Enumerates system info in registry
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:4248
                                                                          • C:\Users\Admin\Downloads\RGF-main\RGF-main\RBF.exe
                                                                            "C:\Users\Admin\Downloads\RGF-main\RGF-main\RBF.exe"
                                                                            1⤵
                                                                            • Looks for VirtualBox Guest Additions in registry
                                                                            • Looks for VMWare Tools registry key
                                                                            • Checks BIOS information in registry
                                                                            • Maps connected drives based on registry
                                                                            • Checks SCSI registry key(s)
                                                                            • Enumerates system info in registry
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            PID:2168
                                                                          • C:\Users\Admin\Downloads\RGF-main\RGF-main\RBF.exe
                                                                            "C:\Users\Admin\Downloads\RGF-main\RGF-main\RBF.exe"
                                                                            1⤵
                                                                            • Looks for VirtualBox Guest Additions in registry
                                                                            • Looks for VMWare Tools registry key
                                                                            • Checks BIOS information in registry
                                                                            • Maps connected drives based on registry
                                                                            • Checks SCSI registry key(s)
                                                                            • Enumerates system info in registry
                                                                            PID:2920

                                                                          Network

                                                                          MITRE ATT&CK Enterprise v15

                                                                          Replay Monitor

                                                                          Loading Replay Monitor...

                                                                          Downloads

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            8749e21d9d0a17dac32d5aa2027f7a75

                                                                            SHA1

                                                                            a5d555f8b035c7938a4a864e89218c0402ab7cde

                                                                            SHA256

                                                                            915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

                                                                            SHA512

                                                                            c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                            Filesize

                                                                            152B

                                                                            MD5

                                                                            34d2c4f40f47672ecdf6f66fea242f4a

                                                                            SHA1

                                                                            4bcad62542aeb44cae38a907d8b5a8604115ada2

                                                                            SHA256

                                                                            b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

                                                                            SHA512

                                                                            50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                                                            Filesize

                                                                            67KB

                                                                            MD5

                                                                            27d9344de055e50044e074ec3b54231d

                                                                            SHA1

                                                                            d07ff356acb90c9d4fa1c1e3e48188b1a2eeaf8d

                                                                            SHA256

                                                                            d5c1eb2d4d0a13aa42ee68f03218ae01f420003f64f572b77cbff7d61edff388

                                                                            SHA512

                                                                            ad045b2f4e6d58e43de1e26a1d5c0a46d912b65caed68ac4bc07f0c26223c5a9927a74ccc8956e074ee74db6e7b05415f3baa3634a714f3048278982bcddf26a

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                            Filesize

                                                                            67KB

                                                                            MD5

                                                                            b275fa8d2d2d768231289d114f48e35f

                                                                            SHA1

                                                                            bb96003ff86bd9dedbd2976b1916d87ac6402073

                                                                            SHA256

                                                                            1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

                                                                            SHA512

                                                                            d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                            Filesize

                                                                            19KB

                                                                            MD5

                                                                            1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

                                                                            SHA1

                                                                            6dd8803e59949c985d6a9df2f26c833041a5178c

                                                                            SHA256

                                                                            af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

                                                                            SHA512

                                                                            b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                            Filesize

                                                                            63KB

                                                                            MD5

                                                                            226541550a51911c375216f718493f65

                                                                            SHA1

                                                                            f6e608468401f9384cabdef45ca19e2afacc84bd

                                                                            SHA256

                                                                            caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

                                                                            SHA512

                                                                            2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
                                                                            Filesize

                                                                            62KB

                                                                            MD5

                                                                            c813a1b87f1651d642cdcad5fca7a7d8

                                                                            SHA1

                                                                            0e6628997674a7dfbeb321b59a6e829d0c2f4478

                                                                            SHA256

                                                                            df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

                                                                            SHA512

                                                                            af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            b23fa04d8669a4e189e393e33eeefdd8

                                                                            SHA1

                                                                            da437ef3900742d760ba2da38ffa482126faa19f

                                                                            SHA256

                                                                            cbd4df50a261973c58ef43b49c2353b66d66b29a53f972a93cdde4cc8cf09812

                                                                            SHA512

                                                                            c0c8b89654708fd35b4b4a228ccd8ec2c35349c594173f15c56c0b16da994f0262e8168b9a3298e0d8f3beda8f2b319de424b4457c94cab6dd220a9efee1ba30

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                            Filesize

                                                                            3KB

                                                                            MD5

                                                                            f7e062f65413ec3931359c150e3376a9

                                                                            SHA1

                                                                            ce189508877a70d487a0e3a84eaec586b1210de6

                                                                            SHA256

                                                                            af64587d0b95d9c71dba7bc74ff2c5a17db24b692ebd1ae078107991166989c8

                                                                            SHA512

                                                                            e030c58556b35269899326d7fe89e39914adae74fd2a1fbc30773bd1b2ef10907dc1ad60711e1176362627f8055609f2cd40da78caa37da5df89273428083b19

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                            Filesize

                                                                            865B

                                                                            MD5

                                                                            0525def682502c6691c731dc0d212a34

                                                                            SHA1

                                                                            86025cc652f7b1f82901bcf620002dc57ae919fe

                                                                            SHA256

                                                                            6a29dd66cb7cc7a2194a32c534e284700e3a3537508568405f3c5c71e235d284

                                                                            SHA512

                                                                            2ee4420a3d699a39c826ae7cc37137366c491ca740d6a50a44a3e34c10ed509d7a44cc3741d67b6fbd7ab3662da7f374ab5dc74d519d4617798c07c4a849778f

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            ee87ef36f8ab72ad112c7a52149174aa

                                                                            SHA1

                                                                            3f2fba8c63ae4ed480385e8432dca1139bb81213

                                                                            SHA256

                                                                            83327f7b0e360433eaa8b6264a80a30c67ad35f099a557e471775e811d22600c

                                                                            SHA512

                                                                            355e7cec0dd1e9391844f97753188c6a2730fb9a48ba699d0fa12a41c21efc844b83947e99537dd89427e79ec1b6bc0bee5eca1c7b37343babbab04cdfd29d27

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            4baa239a4613f71c14c32e9780a9c6e1

                                                                            SHA1

                                                                            a46bfc472b67c50f66b6540868f5237fe34ae0c6

                                                                            SHA256

                                                                            44f5f9424f8772b396f389cfcd944cfe921aa88494c4348a45c5201233e79c25

                                                                            SHA512

                                                                            304aedbaf081279bb576545e9b8721bd231a62ab6feb268dee0db6f94d497bada871dd813da5495f88a2bc56de8e885c121a50d865a35df3ca33898e2a40393e

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            5KB

                                                                            MD5

                                                                            1cb03c8cbc40ffef2817a860f295b527

                                                                            SHA1

                                                                            a355b9a33b8cfc636e8abce53294b689674a5515

                                                                            SHA256

                                                                            38a231c2971255871d7f102621a9a5c58cdd06f2da55486d19ef8003a95c642c

                                                                            SHA512

                                                                            060fa108f63743c1e314999a507012e8b5c7a2974b38d68b7f302a747bd0008f2c44e40a1c31db4f2590153c7e9fe6407f9ef95c3178086c1fe90fdd80e8d3eb

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            7KB

                                                                            MD5

                                                                            e3757100d7e89a15ec67c53c7252ee1d

                                                                            SHA1

                                                                            0cd5f798fd78f88319adc254e1e8e42b9bdfce65

                                                                            SHA256

                                                                            675b44c17c3330ec2909f2641e23d66ba5b66483fc011bd806c84eab84a058ea

                                                                            SHA512

                                                                            5e6252906da9b80d406b8c3636baca06ba975bd36d3d6ae015a95dbcebaa5cae7a60e22013be65e44cdb9547addef960946ecb4d7af76d2c23bca2ce0f829c72

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            a6eb601990c4874b1a619e376eb0c62e

                                                                            SHA1

                                                                            472242426b5f8a7719014f14ff3b89a5b28a0a80

                                                                            SHA256

                                                                            2cc07c20aa158f79e2f50272bd007160cb78d0021da6eef645e2d6991b0f9e83

                                                                            SHA512

                                                                            fd04388cc6f51643ee6c7742d840651ed1af0997f618e78516f1d80a20beec4e926429beb31085b7b13c61e9fff5de3528639c96679ea8bf9002ed4e5f2841b6

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                            Filesize

                                                                            6KB

                                                                            MD5

                                                                            ae6576fdc3250ec71522ff39298ffba2

                                                                            SHA1

                                                                            3f3e55b74a74ceca575c962eefcc1875d1415380

                                                                            SHA256

                                                                            cc3c4d9bf11a04a41e257cef22c4d4baf08d43e992ceb993f576ebe434f80338

                                                                            SHA512

                                                                            bafdcf1b48c7b303e88474d639e30abd27fd60468250d59c833b707baa8618fba3ec868624e28b05546009dd82054860a6ad8549bbda99a9977202f0cf45ae50

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            4abafebcfd2e44543f685a19f0b2d69e

                                                                            SHA1

                                                                            000902a5f5571817b248ac15d1512a6ef0694b60

                                                                            SHA256

                                                                            e646de9c973a903dab0a59e669122305e7182d9a2d291386b9d2e27f5f12bd56

                                                                            SHA512

                                                                            5dd681931a2639479d8faef573d67891fc976f5527d6e0f35fade9d5621e326cb79e00cc2263fc52c3a78631cf1484d86ccec7eefb32ec474edf790e42c1b08e

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            6d4c3e3976c2655327ffaa6c40729dbd

                                                                            SHA1

                                                                            3d83e6b49a62af9ae089f82caefa0dd67d3eda50

                                                                            SHA256

                                                                            e3bc20f30f351cd01c7eb7941b33f3cc3b7136d22dd4c368411fb48088185faa

                                                                            SHA512

                                                                            ad08d9b0057cb1b21b272d767ce4c9052f2d1c9413d28619034494be70909e0b4745474c312bfe7edfa6c8a5ab37afb716eeaa6ccefa0331105152546f595909

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            7bd439bb9400abd6b1c3aa78c10c0f69

                                                                            SHA1

                                                                            db85a2e1f011acfdf9e31038faeb8446594c6e1c

                                                                            SHA256

                                                                            bca2c2150d494468a14ce1a94b5712d3dc48ae43ebd1ac877312915ec33fe0b2

                                                                            SHA512

                                                                            87c3ded47fd61899c54cd474cd8c8f04c35cd9efb4d7d846a912b9d982813a00295fe569e19fe17cb92a0a8cc164bd86b75c0052dba800726dffedefe292f2d0

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            9176b6f29b55b81676350a9723cff857

                                                                            SHA1

                                                                            b82f3af12ae63ee9d72e0bedd7ada27dc3d0f052

                                                                            SHA256

                                                                            025b0fe83540c2127d415a70660d4b66ffd5e61bb3582637fd38765102b40dcc

                                                                            SHA512

                                                                            2e967660fae1920993ff0ee0395f2a8359e323d6d917b6c5b870ff617c5f8cf4ca5f4cd9629f45d8c35a8dc57dc4458f699a5ee1bc67983762f97ff556f3e097

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e46f.TMP
                                                                            Filesize

                                                                            1KB

                                                                            MD5

                                                                            2bf3642450fb941d63d903b2a0affc47

                                                                            SHA1

                                                                            271a179bc3e25afdb0d74391fcc34a5666e96c8e

                                                                            SHA256

                                                                            9a4428cfcb2c3c6c56dd85ff3a5a29084a0350f6c53e135f4c800ad8850d09fe

                                                                            SHA512

                                                                            4b75e97bb609d0ac18a86a0dece6d91ff46c035a9df2748eae12d6c07436d866941cb855da541d646f3c53eaf59c547fd32077aada2ded9a1fcd65bd49ef9b8d

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                            Filesize

                                                                            16B

                                                                            MD5

                                                                            6752a1d65b201c13b62ea44016eb221f

                                                                            SHA1

                                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                            SHA256

                                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                            SHA512

                                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            6b2acb4c2e7f3435fc64bed27e097495

                                                                            SHA1

                                                                            f24137adeecd417b887353661c590a8c6d91a043

                                                                            SHA256

                                                                            1dbb2ac1e15f31a8d01c40c517aba50bd59a1d9e73bc07514d26f5bd1e8e8294

                                                                            SHA512

                                                                            9fdb55a76982859f408b5f61019bb0d0db2cf4f0d549799768878b91bb8b50b38c9eebab43c10462351cb67d4e3c27f2f5bb9a93c56e6f79e8c72cfa26e9e194

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                            Filesize

                                                                            10KB

                                                                            MD5

                                                                            0b46a0a2e05bcf1b673fbba745ee34a2

                                                                            SHA1

                                                                            c8b9abbf1b348f72ce2598fa2c1f3c3c7758d9e8

                                                                            SHA256

                                                                            e7ecfb5eb67c077f41cec11b05190e9a2145f07b9f2e5fd59d636d3c858bbff4

                                                                            SHA512

                                                                            b0e9640ebb64c334a797eb88edeee3fc21b1168bbff7e4821c789175263b11f3bd24f3948040042141c6cb73f6b5386f948fa983b49d750e132700f0202b65e8

                                                                            Download Submit

                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                            Filesize

                                                                            11KB

                                                                            MD5

                                                                            35e7de06f7ce21174d57f1a73bf29a8c

                                                                            SHA1

                                                                            788f694104b8942db6620dff02effc62cf766f41

                                                                            SHA256

                                                                            73cb0ea05cf8685cb818855c0ed63904660f56496dbca6a6fcb9f1b2fc68a944

                                                                            SHA512

                                                                            dc401255b5e7948043df2afb5ec2a20c7cd22e08982cc47b7027eec732e7ec7829da1b344513daccf68de01f034f2bf3966f35adfab5d82e057367ec90ac60de

                                                                            Download Submit

                                                                          • C:\Users\Admin\Downloads\RGF-main.zip
                                                                            Filesize

                                                                            54KB

                                                                            MD5

                                                                            7bcc565dfb0ce789f9a984870a64414c

                                                                            SHA1

                                                                            7918e05800b7d02be5aa3670259709fde7f5c268

                                                                            SHA256

                                                                            33461d788a33b88bed3d489826f9fb766cae421f322b81c5eb861718a1dea7bb

                                                                            SHA512

                                                                            0490c139cd781e827fa35e55d21d887990febb2ab158baac005755ae1825904cf8f2971a10e75e135fa350c40ac841815ddeb2fd5c9da2d7b350e9c509f027b0

                                                                            Download Submit

                                                                          • C:\Users\Admin\Downloads\roblox-bruteforcer-master.zip
                                                                            Filesize

                                                                            8KB

                                                                            MD5

                                                                            bb6af23585a301cc712d80694419a7cc

                                                                            SHA1

                                                                            1ac60f0356a4ccd61777662a0eb7c2f82c41dd7a

                                                                            SHA256

                                                                            60d0c0f0898afd1ee26822ae9e9d62172552cfecebb8c5a54c5d0182cbcc9909

                                                                            SHA512

                                                                            0a63076dedf617279c385f7c066f6ed3875eb004c891b0a166d675e9e35e02f2391716d93e9f0f23e98566a30dc1b7ca75ab8e18fc18c26b5ba233dd2bab64e9

                                                                            Download Submit

                                                                          • memory/1968-820-0x0000000000DF0000-0x0000000000E00000-memory.dmp

                                                                            Filesize

                                                                            64KB

                                                                            Download