Analysis

  • max time kernel
    179s
  • max time network
    172s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/02/2024, 21:10

General

  • Target

    https://github.com/topics/robux-generator-free-download

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • NTFS ADS 4 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 59 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/topics/robux-generator-free-download
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffce04b9758,0x7ffce04b9768,0x7ffce04b9778
      2⤵
        PID:796
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2132 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:8
        2⤵
          PID:340
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:8
          2⤵
            PID:1492
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:2
            2⤵
              PID:2240
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
              2⤵
                PID:2720
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                2⤵
                  PID:4488
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:8
                  2⤵
                    PID:2096
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:8
                    2⤵
                      PID:4928
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4936 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                      2⤵
                        PID:4140
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4764 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                        2⤵
                          PID:3100
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5088 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                          2⤵
                            PID:3536
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2304 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                            2⤵
                              PID:2944
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:8
                              2⤵
                                PID:3060
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5376 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                2⤵
                                  PID:1056
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5720 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                  2⤵
                                    PID:1888
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3832 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                    2⤵
                                      PID:4568
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4732 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                      2⤵
                                        PID:2636
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4864 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                        2⤵
                                          PID:1568
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5064 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                          2⤵
                                            PID:908
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6392 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                            2⤵
                                              PID:3348
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6580 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                              2⤵
                                                PID:4580
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6736 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                2⤵
                                                  PID:1468
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6744 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                  2⤵
                                                    PID:2144
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6864 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                    2⤵
                                                      PID:5156
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7212 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:8
                                                      2⤵
                                                        PID:5260
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7580 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                        2⤵
                                                          PID:5344
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7376 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                          2⤵
                                                            PID:5452
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7756 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                            2⤵
                                                              PID:5484
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7744 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                              2⤵
                                                                PID:5492
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8092 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                2⤵
                                                                  PID:5612
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8248 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:5648
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8460 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                    2⤵
                                                                      PID:5796
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8600 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:5804
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8800 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:5956
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8568 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                          2⤵
                                                                            PID:1152
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7724 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                            2⤵
                                                                              PID:5180
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7204 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                              2⤵
                                                                                PID:5580
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7752 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                                2⤵
                                                                                  PID:5620
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8036 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                                  2⤵
                                                                                    PID:5628
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8100 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                                    2⤵
                                                                                      PID:2932
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7908 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                                      2⤵
                                                                                        PID:6132
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5032 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                                        2⤵
                                                                                          PID:5164
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6824 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                                          2⤵
                                                                                            PID:3788
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8336 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                                            2⤵
                                                                                              PID:5584
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7832 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                                              2⤵
                                                                                                PID:1016
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8060 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:1480
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7968 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:6056
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8604 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:5604
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7876 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:8
                                                                                                      2⤵
                                                                                                      • NTFS ADS
                                                                                                      PID:4800
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8852 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:4864
                                                                                                      • C:\Program Files\7-Zip\7zFM.exe
                                                                                                        "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Robux Generator.rar"
                                                                                                        2⤵
                                                                                                        • Modifies registry class
                                                                                                        • NTFS ADS
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                                                        PID:4744
                                                                                                        • C:\Users\Admin\AppData\Local\Temp\7zO88287F79\Setup.exe
                                                                                                          "C:\Users\Admin\AppData\Local\Temp\7zO88287F79\Setup.exe"
                                                                                                          3⤵
                                                                                                          • Drops startup file
                                                                                                          • Executes dropped EXE
                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                          PID:5208
                                                                                                          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
                                                                                                            "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"
                                                                                                            4⤵
                                                                                                            • Executes dropped EXE
                                                                                                            PID:2620
                                                                                                        • C:\Windows\system32\NOTEPAD.EXE
                                                                                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO88289D39\readme.txt
                                                                                                          3⤵
                                                                                                          • Opens file in notepad (likely ransom note)
                                                                                                          PID:6008
                                                                                                        • C:\Users\Admin\AppData\Local\Temp\7zO882DF8F9\Setup.exe
                                                                                                          "C:\Users\Admin\AppData\Local\Temp\7zO882DF8F9\Setup.exe"
                                                                                                          3⤵
                                                                                                          • Executes dropped EXE
                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                          PID:5748
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8920 --field-trial-handle=1816,i,6615511984267678334,6667948594473674391,131072 /prefetch:2
                                                                                                        2⤵
                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                        PID:5352
                                                                                                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                                                                                      1⤵
                                                                                                        PID:5068

                                                                                                      Network

                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                            Replay Monitor

                                                                                                            Loading Replay Monitor...

                                                                                                            Downloads

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\629e8e5c-6221-4738-9fa2-4476ec791f2e.tmp

                                                                                                              Filesize

                                                                                                              130KB

                                                                                                              MD5

                                                                                                              5e45178a5e7b308648554861f635e182

                                                                                                              SHA1

                                                                                                              172ec66831554dc07ba7eb951258c1739bf44aea

                                                                                                              SHA256

                                                                                                              d5caee9baff6da684e70811e31e672807f817dd137c542dd605ee09d0ec1635d

                                                                                                              SHA512

                                                                                                              904223df071d9a7a4820fab5cd30af9123fc10edbe93ffa28439aefbc40990a01778e1a95c7bc3ce906abcc57e4db38d1c6cd5d4ca7d8104ab3ca48b1904b9de

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                              Filesize

                                                                                                              40B

                                                                                                              MD5

                                                                                                              8703b10fa75f2e890b0eb118777137b8

                                                                                                              SHA1

                                                                                                              dce6f25aa0c8d870577836e937fc7ac7c47f1ed5

                                                                                                              SHA256

                                                                                                              b7a48d1912723b69941a7f497925278b00b8d291167bd7ca3e9b4690258fb0f7

                                                                                                              SHA512

                                                                                                              2f3c56d6d2fb6e28edc78ffb3362a26ce185e099a67c75da23fdb94361f3c713460635ce91172410b856446f5ddeac98bb9985aec17d6e9dc742513f1137d170

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              MD5

                                                                                                              89c8f8be09b02fc2021adf858b04d8bc

                                                                                                              SHA1

                                                                                                              3f0dd41c0c0d3975117373ce4e75531e69e37e18

                                                                                                              SHA256

                                                                                                              77eb936295555b0d9917672823f753119b9b87b8bf9908c967fdb82bd5eafbc5

                                                                                                              SHA512

                                                                                                              8eba16cd6c583856c607bb54e7f45b4ef796c6c3db3c18ffedb359ba16057d3ef218a810cee54a77d2d488005e28b01f9b44e236d5dae94bed4495bb96f043a2

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8bb8892e-71bf-480b-9e24-a3a5679937a5.tmp

                                                                                                              Filesize

                                                                                                              11KB

                                                                                                              MD5

                                                                                                              a2057488367697cc9b7a724b69ab3c82

                                                                                                              SHA1

                                                                                                              4c4a4fc2938fcadd6d7552f6b41e96b2d89dbdf2

                                                                                                              SHA256

                                                                                                              a0e204eec9445cb8142763631234d0d9e07ddcf411de22c7be686161ef008ade

                                                                                                              SHA512

                                                                                                              88e538a65e1e5e54e8c779fbf2d2ace13ccdc2bc673fec16f68c4734eba9ba8132def56030798a64e44dbde197d6e34ab0ef708df70d3bba35437d68968bb159

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                                                                                              Filesize

                                                                                                              72KB

                                                                                                              MD5

                                                                                                              e7a3465e278dfaddb44c5f0e318794b6

                                                                                                              SHA1

                                                                                                              7ca75229a7a9af26521cc06461fb8077e60f3563

                                                                                                              SHA256

                                                                                                              ed56a8ee68035c57bdde5733f09f7795782483b100127fe41e83f6bc3ba98a57

                                                                                                              SHA512

                                                                                                              7efedd174c83600648600f94a4c1115ad18692167776b6ace81c9d1df7669ac20420b9d2b864abdda69be86c4a15aeeb11dfde0064d8d273a53dfbb060537374

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                              Filesize

                                                                                                              16KB

                                                                                                              MD5

                                                                                                              ec99acf3e98d954dbcd5ac3a39f2ffb8

                                                                                                              SHA1

                                                                                                              7cfe59826c2d92a7e5f4fc9b6a5dfdc759d40dc6

                                                                                                              SHA256

                                                                                                              e7086c0d4dfefabff6d000feacd75143f3a88a240bee874f8eb4be974530e055

                                                                                                              SHA512

                                                                                                              65f6e29b22f64ca76f3e5c56201013d21f0049f3c1f33c4dadc32b0a5b80b2653e8a70a331a5f04c440d6a6cb6eef845e521358594c0f89d01d3122ebaf1c4ef

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              1KB

                                                                                                              MD5

                                                                                                              3aedd8a2d68ba28248a8d41e6d448d31

                                                                                                              SHA1

                                                                                                              7534c0a9a9e1eaac0aeefbff08edcee539b0640a

                                                                                                              SHA256

                                                                                                              82c5950cb8028c75ef5b05dc04e2a4b9303c473f7b1d4c4ade76c43becd4de08

                                                                                                              SHA512

                                                                                                              60e5dcc2999c8ac48a6f14493dcbf663b9514bedd3ea9a2d2c628c2e7ac655eda26c97e9d9213b0c9002e13ab5dfa4eb1efe8921e3e4543a663584148cd3edbb

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              1KB

                                                                                                              MD5

                                                                                                              1240999143531e2c33afed6dcaf68fc8

                                                                                                              SHA1

                                                                                                              63be231c474010a2da8ef7cb7e5741dd520bf5c8

                                                                                                              SHA256

                                                                                                              9e72beaf48b22e981a49440c0b7566edc8c819f038e140015a2c32b63dfa6480

                                                                                                              SHA512

                                                                                                              c08545ad2b546eb940a60cc21ef0a580125e61710615f27b61d406e478585eff40bd06f35879f491a6d7dca31c0d077e35ee656e2f692f9636c3780e1f6dc17e

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              1KB

                                                                                                              MD5

                                                                                                              8e7d666a08fb0c5cec7d5f7f1f305d5a

                                                                                                              SHA1

                                                                                                              1d4576496ca1604c13ce3d563b8a1c195cb3ce31

                                                                                                              SHA256

                                                                                                              a6a89238887e1851d44db51d9f2f78bb3993506d0ccb7b63c935c0f4f35e0268

                                                                                                              SHA512

                                                                                                              c6a2367fba3388adcb1b959b7cf8e11ad4068443ffd00bb642d17c2c5d0cc2017f3d1e8859318a7368c9501e4fd8f0175cbffd271e80ca0334b93269e96f7322

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              6KB

                                                                                                              MD5

                                                                                                              a9f26f0837fa59a7c4b4106a2a2e46c2

                                                                                                              SHA1

                                                                                                              cf2af44622d7378ce52d04f86320a74ed014b60f

                                                                                                              SHA256

                                                                                                              df5fdcc3b89fb0edc13a8004d72bf687edf18bd6c3dbed7641fd77df0c545c1a

                                                                                                              SHA512

                                                                                                              e39317fb49c2136333012340c32493ba8d56119d3a762e37ec048bf1c8729b35183f6e8c0e7b7851afe40e2dbfc6e73f8db33e2d52ef0dd4071fd1b6d376dbc2

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              5KB

                                                                                                              MD5

                                                                                                              112743625a78f1078975405fc86ce2d2

                                                                                                              SHA1

                                                                                                              49ca875f18a89bd6b6a56c6077434a02a0707e94

                                                                                                              SHA256

                                                                                                              9855726dc6f76a88039ab16fb87cafbdd302463badd4dacb1803a4f99a6d2827

                                                                                                              SHA512

                                                                                                              f5ae63860dbeb9216ff2cffde3a9995805cba17b9fcade356244fbfa430699acd7907e75b1c1ddf5f4937e921333732b221613e6c3c8ebaffcbd5794bbfc56b7

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              6KB

                                                                                                              MD5

                                                                                                              5fa68507ee55f69cdb51be3cc8772098

                                                                                                              SHA1

                                                                                                              1bdb62c2ec7eecc75e71a342b31c93e7e3cf194f

                                                                                                              SHA256

                                                                                                              59096ca669c64793cb2a432fbbc6548aa54997d7806defce790d33f1458df6e0

                                                                                                              SHA512

                                                                                                              57e585f922ac4c7ba0b342e8b8313c9aee4610971fbce0ef62bc5c43f8b4cb7f8c80d7e606110114674f06b17ca999a896e3d9288ba2a50a57212674a13da5e2

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              6KB

                                                                                                              MD5

                                                                                                              e8fd091851bff63bc1f03b6a65bf56c5

                                                                                                              SHA1

                                                                                                              7d35c00be675c5639ece62facf8cca88fe201a59

                                                                                                              SHA256

                                                                                                              85351797d9e31934602f0c2b3c3b81304eb02f4c84f2c4d861ac502ebe7dab1c

                                                                                                              SHA512

                                                                                                              cc56df53e08c14e3aee857569d5908c7686333824cae4501b80e50042819287a0728fb650ac2dc7e20416a0150e7c9efd2a8143f56234dede684d002cfe344a3

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                              Filesize

                                                                                                              1KB

                                                                                                              MD5

                                                                                                              af6ae0af9ec1ec8f5c78a6a4aef9d24f

                                                                                                              SHA1

                                                                                                              f050ea84299f47f9a229eb8670ea11a8f25e913c

                                                                                                              SHA256

                                                                                                              f4a454dba016f091e5253d763f5cf23a7d765f17557cd001c189377fa73b060c

                                                                                                              SHA512

                                                                                                              1b5c29f06a843b9372e1c2cf0c4f5566f5acf91d9da79962dd1c9f16e9fe6dbd7bb835e7d4fd098c7a7b102aa0d544634e30d9fde2fc4c8110b256f913deac2b

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              6KB

                                                                                                              MD5

                                                                                                              7f5799e8c2885401a37ca8c3b38f5abb

                                                                                                              SHA1

                                                                                                              c3e63951eb9f4339e7eb2c7b2a2956da15f9a062

                                                                                                              SHA256

                                                                                                              ac88b8bace0509789f4f558d7954d774eb89ac143aba39f546fbb7310c4071c1

                                                                                                              SHA512

                                                                                                              4c89b40543caabcbceed2daa382cbc284edc2589e41c350dd69bdb06befe2be3a73ccdba9ac65dcb37e8870ba780458ba9691bbf07f0c1d11a71dd91a76f1088

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              6KB

                                                                                                              MD5

                                                                                                              d35a821aadec8f469a145772a5b39bf3

                                                                                                              SHA1

                                                                                                              8b66920092a973fdaf834c78c8ebbfcdbc12173b

                                                                                                              SHA256

                                                                                                              3c017ef206c758a5c2fe89c67205a9e318b4d459d5adaea0f204472a7597a064

                                                                                                              SHA512

                                                                                                              b90a0a4f4d644d485e3a73007e7ea71c019e8f5c83b98682c18957038fbb1827af54cdc89cd112f08db360c05886e8ac537e2bad44fca672e2196a158d4b3117

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              7KB

                                                                                                              MD5

                                                                                                              52ace5d302d9fb84d823654a49ffe87b

                                                                                                              SHA1

                                                                                                              af6225d78b02a707a6cc559c3767ff1fd0ba8715

                                                                                                              SHA256

                                                                                                              44374102baa94f9ded61a7154502e71628b7f3185313c7bac715a3755f3bacd9

                                                                                                              SHA512

                                                                                                              42a4d8ca1d6e0cc3e5df73c495025643aab0f8b913d6a3d4bf74e184d7f2702bd8466cebbcc33b55b28ed8a9e9b27aea139808d9b7f4932e1bac4a505d9a47e7

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              7KB

                                                                                                              MD5

                                                                                                              1a60d36f23fc0892ce99a8091959af96

                                                                                                              SHA1

                                                                                                              c86e73a09c4723e111840fb987d3ca836cb9e2cf

                                                                                                              SHA256

                                                                                                              56d79179c669d2012708ed7dcf0665e3e414b2513a8f77a2dc963210d1c8cbfd

                                                                                                              SHA512

                                                                                                              e0dd4e406234c9155703914472730b50381f2e011947e3a3562042154cbf5b62c1297c4f269daf9ffa205191d5a43a0c2282ea93e3b59339cc9b49a0eb88afab

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              6KB

                                                                                                              MD5

                                                                                                              aa1df6b6832abd079c33b405ff7cda1a

                                                                                                              SHA1

                                                                                                              fb79ab6f7ffa5b12acf27211b67c04679a93710c

                                                                                                              SHA256

                                                                                                              38ff6699504ee122ca09a49f752f1ff5617842c5afb1f0d9ef2271394aa949d8

                                                                                                              SHA512

                                                                                                              8e0ce32452a6aa22cb2f0cc3aa853f52b1dca164847fbbf8980141bff462688dd721b43446211cc4da24dc3591d912490c1308db3fbb61646bfff56a10fbae55

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              7KB

                                                                                                              MD5

                                                                                                              0f3fa064bac653c86e68ee8a550fee00

                                                                                                              SHA1

                                                                                                              c3be65cce08a73260f9284ae97232a4122dcac3e

                                                                                                              SHA256

                                                                                                              7154968067d2fd7ed0b95da9d668fd10837c8ec7c20576a9d25f72417ab8bcf0

                                                                                                              SHA512

                                                                                                              c7d77a9480bcee274ccd59cf50cfd08fe1715dbddd0293652e0deb6636f556ddafc291dc09a6d387679ad371f5ec3282fb023996f8e7739482d376c1762a9de3

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                              Filesize

                                                                                                              7KB

                                                                                                              MD5

                                                                                                              4b2a3c9c92975541856fa549efd64b66

                                                                                                              SHA1

                                                                                                              c6407b4dec50d6b94aa3b1a64e18155d1025845e

                                                                                                              SHA256

                                                                                                              3edec94f78a7a8363a106b32c2cadeae574ba0ed7802852911110811190b0bdb

                                                                                                              SHA512

                                                                                                              63d9114e12cf60e11bbd9067522e5be036f4c394054100f96b71cdaff91439ef33ac3ff9939f9419d4a14eef308136d542a81902cc3e620618e1a2356cfd70ca

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                              Filesize

                                                                                                              130KB

                                                                                                              MD5

                                                                                                              010f20bd01521e2c2b5c4dbf5d31f95b

                                                                                                              SHA1

                                                                                                              47614bc93a8d511ba98f85cbea9d604d36bcdaee

                                                                                                              SHA256

                                                                                                              9016f12f477c9bc9cd9476d984519417584173c68e0820cfeb7767bf054b6669

                                                                                                              SHA512

                                                                                                              b876c1ebeee07979c5cef248023bea86f2743ee1e287c4ed641babe73f6a7b5dc473d9a6e7b61f726687d0059b64ba35a96bf1086afe206bc663b575fb1e542a

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                              Filesize

                                                                                                              130KB

                                                                                                              MD5

                                                                                                              f228ad14b22e4a6f1509a77fdc1fea68

                                                                                                              SHA1

                                                                                                              6eeee94ee6e12d768489f0aeb01d2d5bd7bac7c0

                                                                                                              SHA256

                                                                                                              3bacf521d042e86be35a0cce80a951c4c87cc2ac5a4fe7977fc5843a59e494a3

                                                                                                              SHA512

                                                                                                              24f6f99f363feaf731adaf895e699f785c5c1cdd78a5cabffaa7a86a7cf67d9381245735ac38cb3d0767062685b5387fd6a18da1fb56ab55ba2c888c5654c622

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                              Filesize

                                                                                                              98KB

                                                                                                              MD5

                                                                                                              c76063b208858ef6c789c4337bf34236

                                                                                                              SHA1

                                                                                                              f1992ba35240a63850615b4c37c66029bf3e16bf

                                                                                                              SHA256

                                                                                                              b8304c6a17a26e759dc6b1bb7323271c39b80e19cdab08d58906d3e2950f1d9d

                                                                                                              SHA512

                                                                                                              fc19b7040ad1c0d8744c0864fa013438369c78269da1e41ec2a7963366f7fde57b3691c826926a6d3b285b5d4a8b3e548b99bbddd88a2d60171748b2b6d4026d

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                              Filesize

                                                                                                              107KB

                                                                                                              MD5

                                                                                                              797a44eca7a8231a3905e7052abced81

                                                                                                              SHA1

                                                                                                              fcc8cf9304fbd869142c09536ad2f8216424a19a

                                                                                                              SHA256

                                                                                                              1ec23b55a98e559782d057662da6478e698f2fe3237bc6ec5220ee6b0c942817

                                                                                                              SHA512

                                                                                                              a522402dcc6fa541c7c7782336499534bd7fe51eb71800f3d769a7a512c45e512f46352077203a642bd71a8a0e4414d04355b216fe1eeb09f4da2db2b3c9fed9

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584978.TMP

                                                                                                              Filesize

                                                                                                              89KB

                                                                                                              MD5

                                                                                                              964b5e1c7b88d22151d9358504efad57

                                                                                                              SHA1

                                                                                                              e9f8e95bf24552f5d655115d2ee7b28581895b3f

                                                                                                              SHA256

                                                                                                              ce313c7c8ad8064cad3a500f60f5ef487968e421513798f6a4f8b421fb5ee0e2

                                                                                                              SHA512

                                                                                                              de600d0c334895d6ee89280e0211fdcc11e73d2e8b418f44c471252aab179d35a3750408ce5cf495e1aef2ab723924ce690533c32d22354f61f52de4c995ae8c

                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                              Filesize

                                                                                                              2B

                                                                                                              MD5

                                                                                                              99914b932bd37a50b983c5e7c90ae93b

                                                                                                              SHA1

                                                                                                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                              SHA256

                                                                                                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                              SHA512

                                                                                                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log

                                                                                                              Filesize

                                                                                                              2KB

                                                                                                              MD5

                                                                                                              e60127b3e8b4ce88960ef1c651a9dd6b

                                                                                                              SHA1

                                                                                                              13e0ea7b290fe2e3279680363ad0c9c7bc57441f

                                                                                                              SHA256

                                                                                                              4d915b692e3122f38834b65684122e99d2f2eb909d5a856806a45466e83ecc54

                                                                                                              SHA512

                                                                                                              b7b05d55f71183c34529a69f3689dbdbe7996dee216bb6be8a9e74010580c95c3f2eba763eeb1e7999a83e22e78019d55588f2c511d986b24903415742a81160

                                                                                                            • C:\Users\Admin\AppData\Local\Temp\7zO88287F79\Setup.exe

                                                                                                              Filesize

                                                                                                              727KB

                                                                                                              MD5

                                                                                                              f0b2a4746586e5ad4d4a1325c6cd0914

                                                                                                              SHA1

                                                                                                              0f88773aa73ceab16e43612af00b30f51fdcae23

                                                                                                              SHA256

                                                                                                              13a5d2dac747be8385c04ab9f60bebc16a5ad457d10d1426b9173e4ee20d41c9

                                                                                                              SHA512

                                                                                                              96effd8298bea5ab715fe0e10fdc6c59bf6cd5c59e9398c1c29f53ab9cb96957b7e0caec49a86d6c7e2623fbc0199a1d661920a9d299c19717d612b4224120ac

                                                                                                            • C:\Users\Admin\AppData\Local\Temp\7zO88287F79\Setup.exe:Zone.Identifier

                                                                                                              Filesize

                                                                                                              315B

                                                                                                              MD5

                                                                                                              84a6c591519a710be7fa640bc1241300

                                                                                                              SHA1

                                                                                                              01e319e2dac7ac1098360f0713e8dd33d6882fd7

                                                                                                              SHA256

                                                                                                              b180f4fb87329a10bbd875f1bc6d7678cfc64f90fe79bcaa33be29fbb497d394

                                                                                                              SHA512

                                                                                                              486210b723740359479c56f87432cdc7f97fcbd00825ed54b66908c5db5a9aee22fadd4fd188beb88401b6580aa847a0410acd2bdf57f14d1fc1d04fa4d9277d

                                                                                                            • C:\Users\Admin\AppData\Local\Temp\7zO88289D39\readme.txt

                                                                                                              Filesize

                                                                                                              244B

                                                                                                              MD5

                                                                                                              25b9fe2ddcaa9929214b4fcb0e19a69d

                                                                                                              SHA1

                                                                                                              1ca44bdd0b7975915f1b70cfe1dcbcbb76ce6b6c

                                                                                                              SHA256

                                                                                                              c255b68834c04ebd3357dd9832deab12d4f11782e2be4b2a4ec6d40eb2223cba

                                                                                                              SHA512

                                                                                                              eb14e621e95493e0e97e920fb727592df8526bf9ed5bf650c55dd757816f23572999561e8aadcaecc6faf5fdcdb09ddbf055d17931160daf37d55d2d86bd9c61

                                                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

                                                                                                              Filesize

                                                                                                              4KB

                                                                                                              MD5

                                                                                                              a5ce3aba68bdb438e98b1d0c70a3d95c

                                                                                                              SHA1

                                                                                                              013f5aa9057bf0b3c0c24824de9d075434501354

                                                                                                              SHA256

                                                                                                              9b860be98a046ea97a7f67b006e0b1bc9ab7731dd2a0f3a9fd3d710f6c43278a

                                                                                                              SHA512

                                                                                                              7446f1256873b51a59b9d2d3498cef5a41dbce55864c2a5fb8cb7d25f7d6e6d8ea249d551a45b75d99b1ad0d6fb4b5e4544e5ca77bcd627717d6598b5f566a79

                                                                                                            • C:\Users\Admin\Downloads\Robux Generator.rar

                                                                                                              Filesize

                                                                                                              14.0MB

                                                                                                              MD5

                                                                                                              4614968a90860920e19f09a1367ae759

                                                                                                              SHA1

                                                                                                              e04d6b38723c35d8fd535d961300f7faa4d13e43

                                                                                                              SHA256

                                                                                                              6a57fd49af9f048c7a54cfd1397bd5922b030817c04af46bda7b282aed6caeb5

                                                                                                              SHA512

                                                                                                              8a1a432447dec740e14ee8c2430355ddcceec3ab6e0bfe769fece9b413010d3f741f53893eb2085b42379ecec9f8865ec6df9afb233d04fdbd446456fe0d4acf

                                                                                                            • C:\Users\Admin\Downloads\Robux Generator.rar:Zone.Identifier

                                                                                                              Filesize

                                                                                                              26B

                                                                                                              MD5

                                                                                                              fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                              SHA1

                                                                                                              d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                              SHA256

                                                                                                              eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                              SHA512

                                                                                                              aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                            • memory/2620-842-0x00007FFCCECF0000-0x00007FFCCF7B2000-memory.dmp

                                                                                                              Filesize

                                                                                                              10.8MB

                                                                                                            • memory/2620-834-0x00007FFCCECF0000-0x00007FFCCF7B2000-memory.dmp

                                                                                                              Filesize

                                                                                                              10.8MB

                                                                                                            • memory/2620-832-0x0000000000550000-0x0000000000558000-memory.dmp

                                                                                                              Filesize

                                                                                                              32KB

                                                                                                            • memory/5208-803-0x0000000005740000-0x0000000005750000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/5208-806-0x0000000005860000-0x000000000596A000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.0MB

                                                                                                            • memory/5208-810-0x0000000006B40000-0x00000000070E6000-memory.dmp

                                                                                                              Filesize

                                                                                                              5.6MB

                                                                                                            • memory/5208-811-0x0000000006630000-0x00000000066C2000-memory.dmp

                                                                                                              Filesize

                                                                                                              584KB

                                                                                                            • memory/5208-812-0x0000000006750000-0x00000000067C6000-memory.dmp

                                                                                                              Filesize

                                                                                                              472KB

                                                                                                            • memory/5208-813-0x00000000067F0000-0x000000000680E000-memory.dmp

                                                                                                              Filesize

                                                                                                              120KB

                                                                                                            • memory/5208-814-0x00000000075C0000-0x0000000007610000-memory.dmp

                                                                                                              Filesize

                                                                                                              320KB

                                                                                                            • memory/5208-816-0x00000000079E0000-0x0000000007BA2000-memory.dmp

                                                                                                              Filesize

                                                                                                              1.8MB

                                                                                                            • memory/5208-817-0x00000000088F0000-0x0000000008E1C000-memory.dmp

                                                                                                              Filesize

                                                                                                              5.2MB

                                                                                                            • memory/5208-808-0x0000000005750000-0x000000000579C000-memory.dmp

                                                                                                              Filesize

                                                                                                              304KB

                                                                                                            • memory/5208-807-0x00000000056A0000-0x00000000056DC000-memory.dmp

                                                                                                              Filesize

                                                                                                              240KB

                                                                                                            • memory/5208-809-0x00000000059E0000-0x0000000005A46000-memory.dmp

                                                                                                              Filesize

                                                                                                              408KB

                                                                                                            • memory/5208-833-0x0000000073D40000-0x00000000744F1000-memory.dmp

                                                                                                              Filesize

                                                                                                              7.7MB

                                                                                                            • memory/5208-805-0x0000000005640000-0x0000000005652000-memory.dmp

                                                                                                              Filesize

                                                                                                              72KB

                                                                                                            • memory/5208-804-0x0000000005D70000-0x0000000006388000-memory.dmp

                                                                                                              Filesize

                                                                                                              6.1MB

                                                                                                            • memory/5208-802-0x0000000073D40000-0x00000000744F1000-memory.dmp

                                                                                                              Filesize

                                                                                                              7.7MB

                                                                                                            • memory/5208-798-0x00000000010C0000-0x0000000001152000-memory.dmp

                                                                                                              Filesize

                                                                                                              584KB

                                                                                                            • memory/5748-861-0x0000000002EB0000-0x0000000002F42000-memory.dmp

                                                                                                              Filesize

                                                                                                              584KB

                                                                                                            • memory/5748-866-0x0000000073D40000-0x00000000744F1000-memory.dmp

                                                                                                              Filesize

                                                                                                              7.7MB

                                                                                                            • memory/5748-867-0x0000000005AE0000-0x0000000005AF0000-memory.dmp

                                                                                                              Filesize

                                                                                                              64KB

                                                                                                            • memory/5748-869-0x0000000073D40000-0x00000000744F1000-memory.dmp

                                                                                                              Filesize

                                                                                                              7.7MB