Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Roblox Evo...57.exe

windows10-2004-x64

7

Roblox Evo...57.exe

windows10-ltsc 2021-x64

7

Resubmissions

06/02/2025, 18:35

250206-w8pcrasqgx 7

16/01/2025, 14:09

250116-rf53ksvldl 10

08/01/2025, 00:01

250108-abax7svle1 7

06/01/2025, 13:40

250106-qykc6axqav 10

18/12/2024, 13:25

241218-qn96tszrbs 7

12/12/2024, 19:51

241212-yk9d5avrew 10

28/03/2024, 18:16

240328-wwlfbsdf99 7

Analysis

  • max time kernel
    609s
  • max time network
    437s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2025, 00:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Roblox Evon Exploit V4_41257.exe

  • Size

    8.7MB

  • MD5

    98194b1fd3ceea50438976b40ea59d05

  • SHA1

    ed918fbb5765aa91e5c9d2c492ec00667478ac35

  • SHA256

    3e091df4051e6b0859c2142a0869a415e5968c20edb5e9a60fcd077f7b61be19

  • SHA512

    9587acb23ee51e4743c5399b78b64f2a0e87e2413cd56e220df8c08ebe0f352ac0ca83c1826f09718876a6248057e9cbac0f38ee725de83b4ca7de4f805f30bf

  • SSDEEP

    196608:wu6nOE62LOa8ewFCrqNeuUG59Fa9FVDNWXVkHo/ly:MOb2C6wFCrqNZ529PDNs2Ho/k

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 15 IoCs
  • Checks for any installed AV software in registry 1 TTPs 8 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4_41257.exe
    "C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4_41257.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5064
    • C:\Users\Admin\AppData\Local\setup41257.exe
      C:\Users\Admin\AppData\Local\setup41257.exe hhwnd=524362 hreturntoinstaller hextras=id:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry- page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. You can start again from the <a href="http://dlsft.com/">home</a> or go back to <a href="javascript:%20history.go(-1)">previous page</a>. </div> </body> </html>
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3816
      • C:\Users\Admin\AppData\Local\Temp\7zS8EEE2EA7\GenericSetup.exe
        .\GenericSetup.exe hhwnd=524362 hreturntoinstaller hextras=id:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry- page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. You can start again from the <a href="http://dlsft.com/">home</a> or go back to <a href="javascript:%20history.go(-1)">previous page</a>. </div> </body> </html>
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks for any installed AV software in registry
        • System Location Discovery: System Language Discovery
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:516
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3752
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe104946f8,0x7ffe10494708,0x7ffe10494718
      2⤵
        PID:4240
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        2⤵
          PID:1776
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
            PID:2096
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
            2⤵
              PID:3640
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
              2⤵
                PID:940
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
                2⤵
                  PID:2100
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
                  2⤵
                    PID:224
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
                    2⤵
                      PID:3340
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 /prefetch:8
                      2⤵
                        PID:4108
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3520 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3872
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
                        2⤵
                          PID:1520
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
                          2⤵
                            PID:3100
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                            2⤵
                              PID:4036
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
                              2⤵
                                PID:1552
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                                2⤵
                                  PID:4992
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:1
                                  2⤵
                                    PID:4196
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
                                    2⤵
                                      PID:1696
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11822611759803267885,12991014967037722543,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
                                      2⤵
                                        PID:5088
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:1928
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:952

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
                                          Filesize

                                          854B

                                          MD5

                                          e935bc5762068caf3e24a2683b1b8a88

                                          SHA1

                                          82b70eb774c0756837fe8d7acbfeec05ecbf5463

                                          SHA256

                                          a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

                                          SHA512

                                          bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

                                          Download Submit

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                          Filesize

                                          1KB

                                          MD5

                                          be135ed48e35b889881872c6754796e7

                                          SHA1

                                          29fa310c94ec477d921a5993fca7e23813c99b9f

                                          SHA256

                                          fd2761c5b68c478f63b80df0009611a64518335b64b78e744229c00664384304

                                          SHA512

                                          224405b923852de565c2ffdb9f7d26496ebbd3bd91968aa317a734cbe404e1107e1495a6efde8a419278b6284de675b8b08844f24e48f05e082207c85e90ae1f

                                          Download Submit

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
                                          Filesize

                                          170B

                                          MD5

                                          a56c399819e170ce3a0fc8d0e0d19d23

                                          SHA1

                                          8a0d8a0e093069b7c8359b57ff4727a358520a45

                                          SHA256

                                          f05716d135308effc74035af4710f9fe681e47be6e315048db0c9f483a047bfb

                                          SHA512

                                          9334557e1b539618f26f306f2fbc8490cd8c82ce4de9bc43401f8999a95a31e6957cf597b835a2df29c258a49d1e59fd8aaa7bc9f66e4e5e28c1725f7c8ab8c0

                                          Download Submit

                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
                                          Filesize

                                          410B

                                          MD5

                                          975a1b955f3facb2e5d2fae8d5e0f8bf

                                          SHA1

                                          e05b9a4f7e3ef5021714c47f878b0b22b17dbb9b

                                          SHA256

                                          28c03e9c5b4c973cdf7aea3e4ab53a66edf87f4c2f403dd3adcef9fa3c924962

                                          SHA512

                                          aabfc8431b3f0e258410e1f13d26941d8ed61aeb15aabc1d5d970e6e382ca1140b27789bcb7e95d23a9d9505272cd1d0d20120a7f293281824a53028f3628760

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          7de1bbdc1f9cf1a58ae1de4951ce8cb9

                                          SHA1

                                          010da169e15457c25bd80ef02d76a940c1210301

                                          SHA256

                                          6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

                                          SHA512

                                          e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                          Filesize

                                          152B

                                          MD5

                                          85ba073d7015b6ce7da19235a275f6da

                                          SHA1

                                          a23c8c2125e45a0788bac14423ae1f3eab92cf00

                                          SHA256

                                          5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

                                          SHA512

                                          eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                          Filesize

                                          168B

                                          MD5

                                          4648c234bcf03f60f263435c856dd531

                                          SHA1

                                          5523d974f913851033ef96ed787e8e8cce341362

                                          SHA256

                                          f475b0cf5be1a7ceaa51b2a8f122fa7bf05a8e67c2a2fbcab785dc4b55e5fbbb

                                          SHA512

                                          72701769dc450046333a8d3a704b8b0e8e8d20f5805f4941dfb76a62b584366fbb8d9e90efd6a8989c3024e8a6774e3eb829bb4c6975a0d5c7948f31b7141c87

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          fba33f88be9dd82253200dab169f13a7

                                          SHA1

                                          92b883a31e951b0eb42d283e393fe045f0216aa4

                                          SHA256

                                          a8086eb3221f951608cd6b0fe335750ecb101af1576af5c0908bb30482278cef

                                          SHA512

                                          788cf0d3930869d0b84aa76f729d027dc108c92d6ba36b39d19a5512424607bf9d292c7b71683b7ea696758d685eaf0b8377ae2ff50a82717c791047c7cf5898

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          5KB

                                          MD5

                                          9bfd5c27e3393e9e183011b060e4e060

                                          SHA1

                                          709f7bab9e26beadd286f79d61f0593c746fe25f

                                          SHA256

                                          9c11ad8606b0b556a9bb738038ec351ca65c332467fcaa5ed42b52fc527e60c9

                                          SHA512

                                          64a919a8537f4cea9b53b83f4120c3b5794a30870fc3293f35cfe3d22c462ad2e59e7c2d6cfacf7fc7872b2aed5cad55ada96e4d6c0060034b8d9e4f3d2f283c

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          6KB

                                          MD5

                                          dca4df84a60449a69065a620433313d4

                                          SHA1

                                          01f60fcae8321fc9203904bbcb43225eaec0a384

                                          SHA256

                                          3d86e554b1b73bd106d99cc3b2db0a2a9bfd0af3c2411e1c5416df59986b7325

                                          SHA512

                                          44f6d79e80dfaf719d7448180c6d48fa76fe9d1b2b82345cb10e958d3f8f4b41437e8eecd5dcb36ac9ed033af93a4502cb5e7d038c84415dd42f8b7216c038e8

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                          Filesize

                                          7KB

                                          MD5

                                          ed895e20023fbbbeb18dd875ab1f6b88

                                          SHA1

                                          8d162fd1ce85ee6f884a675c5f4dc6a6a77648e7

                                          SHA256

                                          9038aff6027a73faba37bda4842b37f9a48adc053a9f206ab5d8c24996eaeaf0

                                          SHA512

                                          5adcc08ef87a41ea04548ed038841f1be4d130807ed098552ab9676bb4011ffbe12eb2c8e9fe390bc04eecf80a6de47f37feec14424653eb7cbb9d25ff8337ad

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                          Filesize

                                          16B

                                          MD5

                                          6752a1d65b201c13b62ea44016eb221f

                                          SHA1

                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                          SHA256

                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                          SHA512

                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          11KB

                                          MD5

                                          c0a9c28cb5ac6b0244809e00529f77a9

                                          SHA1

                                          8483cb5d0a148bcd4ae2d39d3c548c62a054ae85

                                          SHA256

                                          cf2abf03e97a6fb4809dee2ce19016d9d0ff456ee623cf43c480ac840ff11e65

                                          SHA512

                                          06fc954e2e7abf5b3b9a74bb9a16e0de93b3675717f83da6762879e88e60b07a2ef1c5158e17c1044044bdf2ef9085c26900f78a8a51fb27151df60ea0206fcc

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                          Filesize

                                          10KB

                                          MD5

                                          1158ff4bd33fd61deec48ce583e563c9

                                          SHA1

                                          934ef71a2c892a37ab5ed92c0b271eed4848f47c

                                          SHA256

                                          a740585d08227194e3fc60ad6cd343c1d9324fd2b0ba1928e87471e7be8edcb2

                                          SHA512

                                          414897641257a570ad29335a56981f5a2dc1921ae77fb08ed2fde75e940a57158622882fef3b21aeb0a911ec9c99d6f55f068252ef11c0d5041e1132c82353dd

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\7zS8EEE2EA7\GenericSetup.LastScreen.dll
                                          Filesize

                                          31KB

                                          MD5

                                          3319432d3a694a481f5672fa9eb743d0

                                          SHA1

                                          99bff8f4941eb3cee3e0a7cb86b89eda1df07bf9

                                          SHA256

                                          768b4eb487e2dc8bcb8ec6221734ca69dce7f522d7640cc2a547f95296509693

                                          SHA512

                                          7f2a1c6c8d9d135b9e00e04f715c9b6b8ba12cb317f7b78ee3efbe3e426a99afce022306eb5bf02fe51c13857d3943b2b009b10b9cc96683e6bcbca1f9045c7f

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\7zS8EEE2EA7\GenericSetup.dll
                                          Filesize

                                          6.8MB

                                          MD5

                                          4d65e6eb25db2ce61f4a7a48d9f6082a

                                          SHA1

                                          130abbae19f227b0ef4f278e90398b3b3c7c2eff

                                          SHA256

                                          1e2e26d769d69f6b06cad2f2fec81a125e4f3d14aee969357784fb533d80b89a

                                          SHA512

                                          b0842b4fc07dd332c53f56f1337b32064dad7a15663397655b73061bf3d61b44ecdd47ed626b92e69383cfaa41a9c70d4a18ece79fdbab2daf1d06adb1be4bfb

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\7zS8EEE2EA7\GenericSetup.exe
                                          Filesize

                                          25KB

                                          MD5

                                          85b0a721491803f8f0208a1856241562

                                          SHA1

                                          90beb8d419b83bd76924826725a14c03b3e6533f

                                          SHA256

                                          18be33f7c9f28b0a514f3f40983f452f476470691b1be4f2aba5ba5e06c6a345

                                          SHA512

                                          8ff86e4b4d9cb5e2e88826a822457cb863262e3b73645c0c3309f13fb496997e53005ebe1825c6f92463c6642ec9abc6bbe359b35410b0621649b8d3aaf66c71

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\7zS8EEE2EA7\GenericSetup.exe.config
                                          Filesize

                                          814B

                                          MD5

                                          fd63ee3928edd99afc5bdf17e4f1e7b6

                                          SHA1

                                          1b40433b064215ea6c001332c2ffa093b1177875

                                          SHA256

                                          2a2ddbdc4600e829ad756fd5e84a79c0401fa846ad4f2f2fb235b410e82434a9

                                          SHA512

                                          1925cde90ee84db1e5c15fa774ee5f10fa368948df7643259b03599ad58cfce9d409fd2cd752ff4cbca60b4bbe92b184ff92a0c6e8b78849c4497d38266bd3b4

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\7zS8EEE2EA7\HtmlAgilityPack.dll
                                          Filesize

                                          149KB

                                          MD5

                                          7874850410e21b5f48bfe34174fb318c

                                          SHA1

                                          19522b1b9d932aa89df580c73ef629007ec32b6f

                                          SHA256

                                          c6250da15c349033de9b910c3dc10a156e47d69ec7e2076ce9011af7f3d885d1

                                          SHA512

                                          dad611ca9779b594aad7898261cc7ef0db500850eb81560c04d5d938ae4e2338e786773f63f59aab6564ad13acb4800f1862a2189803cc8cc8ad26a368f25eaa

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\7zS8EEE2EA7\MyDownloader.Core.dll
                                          Filesize

                                          56KB

                                          MD5

                                          f931e960cc4ed0d2f392376525ff44db

                                          SHA1

                                          1895aaa8f5b8314d8a4c5938d1405775d3837109

                                          SHA256

                                          1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

                                          SHA512

                                          7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\7zS8EEE2EA7\MyDownloader.Extension.dll
                                          Filesize

                                          168KB

                                          MD5

                                          28f1996059e79df241388bd9f89cf0b1

                                          SHA1

                                          6ad6f7cde374686a42d9c0fcebadaf00adf21c76

                                          SHA256

                                          c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

                                          SHA512

                                          9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\7zS8EEE2EA7\Newtonsoft.Json.dll
                                          Filesize

                                          476KB

                                          MD5

                                          3c4d2f6fd240dc804e10bbb5f16c6182

                                          SHA1

                                          30d66e6a1ead9541133bad2c715c1971ae943196

                                          SHA256

                                          1f7a328eb4fa73df5d2996202f5dab02530b0339458137774c72731b9f85ca2e

                                          SHA512

                                          0657f0ab1d7fc9730d4bf6b8c8373f512d57a34063bcfa1f93a803b0afe2a93219da5dc679414dd155956bd696cb7547fc09663f8891eb9b03d9c93b3c1fe95d

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\7zS8EEE2EA7\Ninject.dll
                                          Filesize

                                          133KB

                                          MD5

                                          ce80365e2602b7cff0222e0db395428c

                                          SHA1

                                          50c9625eda1d156c9d7a672839e9faaea1dffdbd

                                          SHA256

                                          3475dd6f1612e984573276529d8147029d6bfa55d41bef2577b3aa601d2fbbe5

                                          SHA512

                                          5ea1de091a108143bb74fccdb4f0553f72613e58d8551fff51ce1aab34636c856758719dfa1a0e4cc833acb8e75729793dede65c4562e1aa3f68ec50463d36f3

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\GenericSetup.exe_1736294533\Resources\OfferPage.html
                                          Filesize

                                          1KB

                                          MD5

                                          5f29b47126c45d119442ad3b896f74eb

                                          SHA1

                                          801a4e5b7d01f81c9c398b4d8d9a5f49e5269eef

                                          SHA256

                                          4e85074502c0267e04b324cdbb46df644e040513e94dd13c6625fb2e039c9a3f

                                          SHA512

                                          81ddcda6399365ad83689b14d22488137b88a80988eeed40ff1678fc387cb098227f520514a3d1a2a213efb4a8f435d87f40647bbe35a273c8d277d2c639c18e

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\Temp\GenericSetup.exe_1736294533\sciter32.dll
                                          Filesize

                                          5.6MB

                                          MD5

                                          b431083586e39d018e19880ad1a5ce8f

                                          SHA1

                                          3bbf957ab534d845d485a8698accc0a40b63cedd

                                          SHA256

                                          b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

                                          SHA512

                                          7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

                                          Download Submit

                                        • C:\Users\Admin\AppData\Local\setup41257.exe
                                          Filesize

                                          3.1MB

                                          MD5

                                          369acf60d8b5ed6168c74955ee04654f

                                          SHA1

                                          1753fff63efa6ed5ad30ede6b959261ac67dd13e

                                          SHA256

                                          3ff8ec8f9f27a27f414a90bfed5b7f5a3c118b33cf0f80aeb7026e0a53e26632

                                          SHA512

                                          2582b3b4525321fece978710403e4bd4dd6e9f0869de1fec784e4e79ac98e8c6498a601c9db45d5af4f1b99e3a2cc07b9e3ec18144e18ce82b41eb64ce4eb643

                                          Download Submit

                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-us\default.dic
                                          Filesize

                                          2B

                                          MD5

                                          f3b25701fe362ec84616a93a45ce9998

                                          SHA1

                                          d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                          SHA256

                                          b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                          SHA512

                                          98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                          Download Submit

                                        • memory/516-66-0x00000000059C0000-0x00000000059E8000-memory.dmp

                                          Filesize

                                          160KB

                                          Download

                                        • memory/516-140-0x0000000009590000-0x00000000095BE000-memory.dmp

                                          Filesize

                                          184KB

                                          Download

                                        • memory/516-180-0x0000000071E5E000-0x0000000071E5F000-memory.dmp

                                          Filesize

                                          4KB

                                          Download

                                        • memory/516-115-0x0000000007BA0000-0x0000000007C32000-memory.dmp

                                          Filesize

                                          584KB

                                          Download

                                        • memory/516-93-0x0000000007E70000-0x0000000008414000-memory.dmp

                                          Filesize

                                          5.6MB

                                          Download

                                        • memory/516-92-0x0000000007440000-0x0000000007794000-memory.dmp

                                          Filesize

                                          3.3MB

                                          Download

                                        • memory/516-90-0x0000000007210000-0x000000000728C000-memory.dmp

                                          Filesize

                                          496KB

                                          Download

                                        • memory/516-75-0x0000000006000000-0x0000000006012000-memory.dmp

                                          Filesize

                                          72KB

                                          Download

                                        • memory/516-71-0x0000000005D20000-0x0000000005D86000-memory.dmp

                                          Filesize

                                          408KB

                                          Download

                                        • memory/516-70-0x0000000005A80000-0x0000000005AAC000-memory.dmp

                                          Filesize

                                          176KB

                                          Download

                                        • memory/516-62-0x0000000006070000-0x000000000674A000-memory.dmp

                                          Filesize

                                          6.9MB

                                          Download

                                        • memory/516-58-0x00000000055A0000-0x00000000055AC000-memory.dmp

                                          Filesize

                                          48KB

                                          Download

                                        • memory/516-54-0x0000000000C90000-0x0000000000C9A000-memory.dmp

                                          Filesize

                                          40KB

                                          Download

                                        • memory/516-52-0x0000000071E5E000-0x0000000071E5F000-memory.dmp

                                          Filesize

                                          4KB

                                          Download