Overview

overview

7

Static

static

3

Roblox Evo...57.exe

windows11-21h2-x64

7

Resubmissions

26/03/2025, 14:51

250326-r8fcmaypv6 7

06/02/2025, 18:35

250206-w8pcrasqgx 7

16/01/2025, 14:09

250116-rf53ksvldl 10

08/01/2025, 00:01

250108-abax7svle1 7

06/01/2025, 13:40

250106-qykc6axqav 10

18/12/2024, 13:25

241218-qn96tszrbs 7

12/12/2024, 19:51

241212-yk9d5avrew 10

28/03/2024, 18:16

240328-wwlfbsdf99 7

Analysis

  • max time kernel
    607s
  • max time network
    529s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26/03/2025, 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Roblox Evon Exploit V4_41257.exe

  • Size

    8.7MB

  • MD5

    98194b1fd3ceea50438976b40ea59d05

  • SHA1

    ed918fbb5765aa91e5c9d2c492ec00667478ac35

  • SHA256

    3e091df4051e6b0859c2142a0869a415e5968c20edb5e9a60fcd077f7b61be19

  • SHA512

    9587acb23ee51e4743c5399b78b64f2a0e87e2413cd56e220df8c08ebe0f352ac0ca83c1826f09718876a6248057e9cbac0f38ee725de83b4ca7de4f805f30bf

  • SSDEEP

    196608:wu6nOE62LOa8ewFCrqNeuUG59Fa9FVDNWXVkHo/ly:MOb2C6wFCrqNZ529PDNs2Ho/k

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 15 IoCs
  • Checks for any installed AV software in registry 1 TTPs 8 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 4 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    defense_evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 27 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4_41257.exe
    "C:\Users\Admin\AppData\Local\Temp\Roblox Evon Exploit V4_41257.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5044
    • C:\Users\Admin\AppData\Local\setup41257.exe
      C:\Users\Admin\AppData\Local\setup41257.exe hhwnd=262724 hreturntoinstaller hextras=id:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry- page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. You can start again from the <a href="http://dlsft.com/">home</a> or go back to <a href="javascript:%20history.go(-1)">previous page</a>. </div> </body> </html>
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3400
      • C:\Users\Admin\AppData\Local\Temp\7zS84D47E97\GenericSetup.exe
        .\GenericSetup.exe hhwnd=262724 hreturntoinstaller hextras=id:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry- page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title>404 &mdash; Not Found</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> <meta name="description" content="Sorry, page not found"/> <style type="text/css"> body {font-size:14px; color:#777777; font-family:arial; text-align:center;} h1 {font-size:180px; color:#99A7AF; margin: 70px 0 0 0;} h2 {color: #DE6C5D; font-family: arial; font-size: 20px; font-weight: bold; letter-spacing: -1px; margin: -3px 0 39px;} p {width:320px; text-align:center; margin-left:auto;margin-right:auto; margin-top: 30px } div {width:320px; text-align:center; margin-left:auto;margin-right:auto;} a:link {color: #34536A;} a:visited {color: #34536A;} a:active {color: #34536A;} a:hover {color: #34536A;} </style> </head> <body> <p><a href="http://dlsft.com/">dlsft.com</a></p> <h1>404</h1> <h2>Page Not Found</h2> <div> It seems that the page you were trying to reach does not exist anymore, or maybe it has just moved. You can start again from the <a href="http://dlsft.com/">home</a> or go back to <a href="javascript:%20history.go(-1)">previous page</a>. </div> </body> </html>
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks for any installed AV software in registry
        • System Location Discovery: System Language Discovery
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:4564
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff1cddcf8,0x7ffff1cddd04,0x7ffff1cddd10
      2⤵
        PID:3076
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1840,i,11767315620988466022,6067823081691082463,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1836 /prefetch:2
        2⤵
          PID:2116
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1200,i,11767315620988466022,6067823081691082463,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2224 /prefetch:11
          2⤵
            PID:4696
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2384,i,11767315620988466022,6067823081691082463,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=1828 /prefetch:13
            2⤵
              PID:3324
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,11767315620988466022,6067823081691082463,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:3468
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,11767315620988466022,6067823081691082463,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3288 /prefetch:1
                2⤵
                  PID:3320
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4176,i,11767315620988466022,6067823081691082463,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4212 /prefetch:9
                  2⤵
                    PID:3524
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=1556,i,11767315620988466022,6067823081691082463,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4536 /prefetch:1
                    2⤵
                      PID:1520
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5268,i,11767315620988466022,6067823081691082463,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5284 /prefetch:14
                      2⤵
                        PID:736
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5356,i,11767315620988466022,6067823081691082463,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5372 /prefetch:14
                        2⤵
                          PID:904
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5820,i,11767315620988466022,6067823081691082463,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5684 /prefetch:1
                          2⤵
                            PID:4704
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3312,i,11767315620988466022,6067823081691082463,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3392 /prefetch:14
                            2⤵
                              PID:1668
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3272,i,11767315620988466022,6067823081691082463,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3380 /prefetch:14
                              2⤵
                                PID:2584
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3400,i,11767315620988466022,6067823081691082463,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3444 /prefetch:14
                                2⤵
                                  PID:5032
                              • C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
                                "C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
                                1⤵
                                  PID:3036
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                  1⤵
                                    PID:4968
                                  • C:\Windows\system32\BackgroundTransferHost.exe
                                    "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
                                    1⤵
                                    • Modifies registry class
                                    PID:1256

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                    Filesize

                                    649B

                                    MD5

                                    4848ee0c6a6ca821c2fb26c4ef579df5

                                    SHA1

                                    afd8bf409281e0b4d3ed44ade6f856f54cf7cd66

                                    SHA256

                                    98b00b87ad8b99d5a5d2d9982e83a9cc00b45b716cea8686e352470627066a0d

                                    SHA512

                                    e172837bd65fb564f5246979cfed4eceb43d4454d9312d39b51d011fe6bb8693e1cc6e46a1fb5ba16355e77415c2fdafdd833c2c872bba2b96cdd6688e8252ab

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    288B

                                    MD5

                                    d19ad15eaa7c3be07bd36385fa6cda48

                                    SHA1

                                    251907361efa190e035a048ad30db97fdaf18252

                                    SHA256

                                    10f38148b5872bfa8c3d88abd2bfd0e3f33c6f2dfd78d658de10ae9c57b40e33

                                    SHA512

                                    6c14b899f5c25ce06b5f908cc9a37440193af83ee4b0d0a8c5c46a596f3d7532881adcf4fc173b0629193c0f3fe73613a1a0f915659aead4cc853b0872d15929

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                    Filesize

                                    4KB

                                    MD5

                                    236fee74f84ef94053b958c9ff2359eb

                                    SHA1

                                    6a1f46953ce4aa5140f04fd62b8ec59f57913c52

                                    SHA256

                                    08a89d37188872d86e85ca2aeac52fb428c0f4deb075a710e4f43ec1cbf86b9b

                                    SHA512

                                    bd01601ba6b072c4deca7eec4cb73176a89d3f5cec307ea1506a989b220c130a11c182f580b51a97381f592cc52b95cf794bda1be2a28746717323b407ea987f

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                    Filesize

                                    2B

                                    MD5

                                    d751713988987e9331980363e24189ce

                                    SHA1

                                    97d170e1550eee4afc0af065b78cda302a97674c

                                    SHA256

                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                    SHA512

                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                    Filesize

                                    523B

                                    MD5

                                    b886e5fc7b5f9f5674f57e0c2d301387

                                    SHA1

                                    dbd3237f4c7676c713a5625d8dafd44740d11279

                                    SHA256

                                    adbbee03c73d714b7299629cbb8cc14c93cb0aa83d5758008d2ea7a18c7220a2

                                    SHA512

                                    66fdf8dec7edd0b4326c9e563fc617d8179e6902c6f1498c13b635dd72fec1a261262dac338a865ecd7bf9d5ea2efa79e5ca3078024808ebbb053c75ccd356a3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    10KB

                                    MD5

                                    2950b33dce70697c8b48ad9e5471fa0a

                                    SHA1

                                    8d893bd22397c5ee09f58df58b74c64d0da327f1

                                    SHA256

                                    416ed618f8ecdbd2b01ed976ae9a1d1caa5cd7bcfdc5ded0dbfde438351d4d0a

                                    SHA512

                                    2b7a55b45651104e5fbfe07ba29f201641616592ecfa08853ac55c3fa1508bad1cc76e6f83b3e5cb676936e6f5fe151f945219353b8072f34ecb4199c7242b73

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    10KB

                                    MD5

                                    08b7ddac8bac99bbf7b7e6e36b0e6e2b

                                    SHA1

                                    a7c9a19ce37828cef9b08ced1a1ea12049d958c9

                                    SHA256

                                    7d8909cb53367d4e087f9f1237552802828e844467f1d785a7560789d266ca32

                                    SHA512

                                    f15f12016d93c95abab51eee871fc418f9a0004b09f7a4eca7b76e5efb94df233eb39d229d8ff1b758fd803ad55f48c70540851e82fec185bb68af8129c25b64

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                    Filesize

                                    11KB

                                    MD5

                                    46d7f498d019b6196ff5df183dde6293

                                    SHA1

                                    01d10204eb0ff0add5095c8e08e7f953e85ae209

                                    SHA256

                                    e1df74d4fd18f10bf2b3174257217bb4b6d9b9162f009cce6086b3defa434496

                                    SHA512

                                    9c463d141be9bcc38dfa2af21556fc7aac642f512ff0e74d50a5f05b4d50881bbffcfef11b9e5af17ef15f3af9d969e00e69cb219bf716106f2d7c8fe3e3e6f2

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                    Filesize

                                    15KB

                                    MD5

                                    e0f1e8b6bae9750862065ca4c387e9d5

                                    SHA1

                                    5885a3cae3629ebbeded6464ebeda2cff2d160ae

                                    SHA256

                                    a8562421060a2b600d04d69420bc29ba57259751ba9b4332508bf33259603333

                                    SHA512

                                    ab6ed0dee275088924353e7d2f9e74bc382c49dc5c7651be3d0091d2cf46a95bec5d58f1301d09a7de733a73cdebe2743bdaa5bb1a7e3cf5589c7c64b99d6679

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                    Filesize

                                    72B

                                    MD5

                                    e4b11008e235e28d9c1373049740f821

                                    SHA1

                                    58247f0b0eadcb1af88929617b3376b330dc4954

                                    SHA256

                                    534e07887c58e419b28e7f09330cb746683503aaa396fb0633875194240ca670

                                    SHA512

                                    e08ff386a612db121beec5c0569928d58e2fdefd71c5984a8c14ae7f06472d742daf27b37b9e6ac2b637741e9961e7739f06e51355a6d6209ef91af51d30b059

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ece0.TMP
                                    Filesize

                                    48B

                                    MD5

                                    0f07a5bd9696befd84e43918fe22ae49

                                    SHA1

                                    1b3e17301686eef512a9f7d81b2df7ae13df5d91

                                    SHA256

                                    71e6abc00d846ec157901f1fff30da4fc868c9f67cab858b7c3ccfe5243cde27

                                    SHA512

                                    b620d7c374c93e38b00c029af87be0b3895ba81ca1da93a0d9af3b1e8f0e8bb9ccc1e402d8ad950011ab0dd64b4ffc58276bfeff32fd95b613d4ee8ed3bb59fb

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1
                                    Filesize

                                    264KB

                                    MD5

                                    0b6f24a1c2c9c43dc6e3def7b5a331a3

                                    SHA1

                                    9eb9309dfa29651f1b270e9e80b7ad92a8b26f1f

                                    SHA256

                                    a9956dff8026a4420c28cbc056ba32b880038afc8940e77c1d71617ac3a120c5

                                    SHA512

                                    ca756c85f2ad5183ece58023a267480f171a822a12c01bc30cd6de9cc965d9061a3837e3304e9536a46f9425fba17e66ebec218087fdd8263ad664c1d191fc74

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                    Filesize

                                    155KB

                                    MD5

                                    784ef5ac575ad5053d8c128c2ea88c56

                                    SHA1

                                    ed7ec1168166ddfd9adea3616099f095f3a79b0c

                                    SHA256

                                    5541cae1a6b9d09d2bfc00ee95dab253024f33b12176bd8df44c90d4df3f20a0

                                    SHA512

                                    b5b2ef505115155552b1016680a05b81fb25e8fce71ebfee0c2979b14a6b081d8b5235118a7d5f499f80d5eecc97e1318193fe169efdb790f30639676b7df5df

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                    Filesize

                                    79KB

                                    MD5

                                    d1174eb4ef56d145d0a12de7b61ba9a7

                                    SHA1

                                    428e3e28297f3d1f1c0b34024ebf2d2a9d39ea2c

                                    SHA256

                                    890af73f6904d17a9205ba1a1bd73bba053d644079dac7d8df83952ec322b47b

                                    SHA512

                                    55f6ae5cdaa4492679ba3f8542d9cbdb9de8c3d596ead78b580e43284b0afcce46af5b0a07c2526c56d750441d9a543f469f6b17aef722bc2b9a9a874268b7ed

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                    Filesize

                                    155KB

                                    MD5

                                    9a4d7f2ca5e2c6a72ba1db9e34abed36

                                    SHA1

                                    eab4e12388803d052b1c9c789e275028ccdcf045

                                    SHA256

                                    9896f2d6bfd8e2dd06e2450986f80748efe0770aef38600e4a9ac3f48f6931c3

                                    SHA512

                                    17be5414cba944bde1d6c26aafd70c712ed0c76892b9bdccb1ee91a1f4ea50a00b42fe2d66bdbbd3f71c7689a42da513d1f991c4acf2f9164d4d64873c8d3a3b

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\3d8cc65b-b8de-4093-87ce-0bba65a9af92.down_data
                                    Filesize

                                    555KB

                                    MD5

                                    5683c0028832cae4ef93ca39c8ac5029

                                    SHA1

                                    248755e4e1db552e0b6f8651b04ca6d1b31a86fb

                                    SHA256

                                    855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

                                    SHA512

                                    aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\7zS84D47E97\GenericSetup.LastScreen.dll
                                    Filesize

                                    31KB

                                    MD5

                                    3319432d3a694a481f5672fa9eb743d0

                                    SHA1

                                    99bff8f4941eb3cee3e0a7cb86b89eda1df07bf9

                                    SHA256

                                    768b4eb487e2dc8bcb8ec6221734ca69dce7f522d7640cc2a547f95296509693

                                    SHA512

                                    7f2a1c6c8d9d135b9e00e04f715c9b6b8ba12cb317f7b78ee3efbe3e426a99afce022306eb5bf02fe51c13857d3943b2b009b10b9cc96683e6bcbca1f9045c7f

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\7zS84D47E97\GenericSetup.dll
                                    Filesize

                                    6.8MB

                                    MD5

                                    4d65e6eb25db2ce61f4a7a48d9f6082a

                                    SHA1

                                    130abbae19f227b0ef4f278e90398b3b3c7c2eff

                                    SHA256

                                    1e2e26d769d69f6b06cad2f2fec81a125e4f3d14aee969357784fb533d80b89a

                                    SHA512

                                    b0842b4fc07dd332c53f56f1337b32064dad7a15663397655b73061bf3d61b44ecdd47ed626b92e69383cfaa41a9c70d4a18ece79fdbab2daf1d06adb1be4bfb

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\7zS84D47E97\GenericSetup.exe
                                    Filesize

                                    25KB

                                    MD5

                                    85b0a721491803f8f0208a1856241562

                                    SHA1

                                    90beb8d419b83bd76924826725a14c03b3e6533f

                                    SHA256

                                    18be33f7c9f28b0a514f3f40983f452f476470691b1be4f2aba5ba5e06c6a345

                                    SHA512

                                    8ff86e4b4d9cb5e2e88826a822457cb863262e3b73645c0c3309f13fb496997e53005ebe1825c6f92463c6642ec9abc6bbe359b35410b0621649b8d3aaf66c71

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\7zS84D47E97\GenericSetup.exe.config
                                    Filesize

                                    814B

                                    MD5

                                    fd63ee3928edd99afc5bdf17e4f1e7b6

                                    SHA1

                                    1b40433b064215ea6c001332c2ffa093b1177875

                                    SHA256

                                    2a2ddbdc4600e829ad756fd5e84a79c0401fa846ad4f2f2fb235b410e82434a9

                                    SHA512

                                    1925cde90ee84db1e5c15fa774ee5f10fa368948df7643259b03599ad58cfce9d409fd2cd752ff4cbca60b4bbe92b184ff92a0c6e8b78849c4497d38266bd3b4

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\7zS84D47E97\HtmlAgilityPack.dll
                                    Filesize

                                    149KB

                                    MD5

                                    7874850410e21b5f48bfe34174fb318c

                                    SHA1

                                    19522b1b9d932aa89df580c73ef629007ec32b6f

                                    SHA256

                                    c6250da15c349033de9b910c3dc10a156e47d69ec7e2076ce9011af7f3d885d1

                                    SHA512

                                    dad611ca9779b594aad7898261cc7ef0db500850eb81560c04d5d938ae4e2338e786773f63f59aab6564ad13acb4800f1862a2189803cc8cc8ad26a368f25eaa

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\7zS84D47E97\MyDownloader.Core.dll
                                    Filesize

                                    56KB

                                    MD5

                                    f931e960cc4ed0d2f392376525ff44db

                                    SHA1

                                    1895aaa8f5b8314d8a4c5938d1405775d3837109

                                    SHA256

                                    1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

                                    SHA512

                                    7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\7zS84D47E97\MyDownloader.Extension.dll
                                    Filesize

                                    168KB

                                    MD5

                                    28f1996059e79df241388bd9f89cf0b1

                                    SHA1

                                    6ad6f7cde374686a42d9c0fcebadaf00adf21c76

                                    SHA256

                                    c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

                                    SHA512

                                    9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\7zS84D47E97\Newtonsoft.Json.dll
                                    Filesize

                                    476KB

                                    MD5

                                    3c4d2f6fd240dc804e10bbb5f16c6182

                                    SHA1

                                    30d66e6a1ead9541133bad2c715c1971ae943196

                                    SHA256

                                    1f7a328eb4fa73df5d2996202f5dab02530b0339458137774c72731b9f85ca2e

                                    SHA512

                                    0657f0ab1d7fc9730d4bf6b8c8373f512d57a34063bcfa1f93a803b0afe2a93219da5dc679414dd155956bd696cb7547fc09663f8891eb9b03d9c93b3c1fe95d

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\7zS84D47E97\Ninject.dll
                                    Filesize

                                    133KB

                                    MD5

                                    ce80365e2602b7cff0222e0db395428c

                                    SHA1

                                    50c9625eda1d156c9d7a672839e9faaea1dffdbd

                                    SHA256

                                    3475dd6f1612e984573276529d8147029d6bfa55d41bef2577b3aa601d2fbbe5

                                    SHA512

                                    5ea1de091a108143bb74fccdb4f0553f72613e58d8551fff51ce1aab34636c856758719dfa1a0e4cc833acb8e75729793dede65c4562e1aa3f68ec50463d36f3

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\GenericSetup.exe_1743000726\Resources\OfferPage.html
                                    Filesize

                                    1KB

                                    MD5

                                    5f29b47126c45d119442ad3b896f74eb

                                    SHA1

                                    801a4e5b7d01f81c9c398b4d8d9a5f49e5269eef

                                    SHA256

                                    4e85074502c0267e04b324cdbb46df644e040513e94dd13c6625fb2e039c9a3f

                                    SHA512

                                    81ddcda6399365ad83689b14d22488137b88a80988eeed40ff1678fc387cb098227f520514a3d1a2a213efb4a8f435d87f40647bbe35a273c8d277d2c639c18e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Temp\GenericSetup.exe_1743000726\sciter32.dll
                                    Filesize

                                    5.6MB

                                    MD5

                                    b431083586e39d018e19880ad1a5ce8f

                                    SHA1

                                    3bbf957ab534d845d485a8698accc0a40b63cedd

                                    SHA256

                                    b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

                                    SHA512

                                    7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\setup41257.exe
                                    Filesize

                                    3.1MB

                                    MD5

                                    369acf60d8b5ed6168c74955ee04654f

                                    SHA1

                                    1753fff63efa6ed5ad30ede6b959261ac67dd13e

                                    SHA256

                                    3ff8ec8f9f27a27f414a90bfed5b7f5a3c118b33cf0f80aeb7026e0a53e26632

                                    SHA512

                                    2582b3b4525321fece978710403e4bd4dd6e9f0869de1fec784e4e79ac98e8c6498a601c9db45d5af4f1b99e3a2cc07b9e3ec18144e18ce82b41eb64ce4eb643

                                    Download Submit

                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-us\default.dic
                                    Filesize

                                    2B

                                    MD5

                                    f3b25701fe362ec84616a93a45ce9998

                                    SHA1

                                    d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                    SHA256

                                    b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                    SHA512

                                    98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                    Download Submit

                                  • memory/4564-89-0x0000000006850000-0x00000000068CC000-memory.dmp

                                    Filesize

                                    496KB

                                    Download

                                  • memory/4564-97-0x00000000071E0000-0x0000000007272000-memory.dmp

                                    Filesize

                                    584KB

                                    Download

                                  • memory/4564-197-0x0000000071C6E000-0x0000000071C6F000-memory.dmp

                                    Filesize

                                    4KB

                                    Download

                                  • memory/4564-74-0x0000000005640000-0x0000000005652000-memory.dmp

                                    Filesize

                                    72KB

                                    Download

                                  • memory/4564-92-0x00000000074B0000-0x0000000007A56000-memory.dmp

                                    Filesize

                                    5.6MB

                                    Download

                                  • memory/4564-70-0x0000000005350000-0x00000000053B6000-memory.dmp

                                    Filesize

                                    408KB

                                    Download

                                  • memory/4564-69-0x00000000050C0000-0x00000000050EC000-memory.dmp

                                    Filesize

                                    176KB

                                    Download

                                  • memory/4564-91-0x0000000006A80000-0x0000000006DD7000-memory.dmp

                                    Filesize

                                    3.3MB

                                    Download

                                  • memory/4564-65-0x0000000005000000-0x0000000005028000-memory.dmp

                                    Filesize

                                    160KB

                                    Download

                                  • memory/4564-139-0x0000000005EC0000-0x0000000005EEE000-memory.dmp

                                    Filesize

                                    184KB

                                    Download

                                  • memory/4564-61-0x00000000056B0000-0x0000000005D8A000-memory.dmp

                                    Filesize

                                    6.9MB

                                    Download

                                  • memory/4564-57-0x00000000026A0000-0x00000000026AC000-memory.dmp

                                    Filesize

                                    48KB

                                    Download

                                  • memory/4564-53-0x0000000000350000-0x000000000035A000-memory.dmp

                                    Filesize

                                    40KB

                                    Download

                                  • memory/4564-51-0x0000000071C6E000-0x0000000071C6F000-memory.dmp

                                    Filesize

                                    4KB

                                    Download